February 2, 2022 |

Privacy News Roundup – February 2, 2022

United States

State privacy legislation

On January 6, New York saw several consumer privacy bills introduced in the House and Senate.

Meanwhile, the proposed Senate Bill 5062, the Washington Privacy Act (WPA) didn't find common ground among business and privacy groups and failed to pass for the third year in a row in 2021. Many of the issues the WPA has faced are due to the debate over including a private right of action.

New legislation for simplified terms-and-services agreements

On January 12, US Senators introduced the Terms-of-service Labeling, Design and Readability (TLDR) Act that will require commercial sites and mobile apps to provide consumers with a simple and easy-to-read summary of their terms and services agreement. By doing so, consumers are able to gain more control over their privacy rights and can start to understand what they are “agreeing” to.

Tech giants Facebook and Amazon face class action lawsuits for misuse of biometric data

In Alabama, a class-action lawsuit was filed against Facebook for violating US antitrust laws and profiting from minors’ biometric data. Even though images are destroyed by Facebook themselves, the data has already been disseminated to other third parties. The plaintiffs are seeking $32 billion for a national class of 285 million minors and $240 million for a smaller class in Alabama.

While in Illinois - one of the strictest states in the US addressing biometric privacy - a class action lawsuit was filed against Amazon by a former employee that claimed Amazon collected facial and other data without proper consent under the Illinois Biometric Information Privacy Act (BIPA). The employee alleged that Amazon sites were scanning faces and checking temperatures of employees for COVID protocols without obtaining informed consent. He also claimed the company did not have a publicized data retention plan.


European Parliament is reprimanded for violating privacy laws on its COVID-19 testing website

The European Data Protection Supervisor (EDPS) sanctioned the European Parliament for a series of data protection violations on its COVID-19 testing website.

The EDPS found the website's cookie banners had inaccurate information, unclear options to reject third-party tracking, and a deceptive design, which might manipulate consent. They also found that no measures were being taken to raise the level of protection of EU residents’ personal data that was being transferred to the US through Google Analytics and Stripe. This violation clearly goes against the requirements made by the Schrems II decision.

The EDPS issued a reprimand against Parliament and gave them one month to update their data protection notice and address the remaining issues of transparency.

China reviews security of companies wishing to open on overseas stock markets

The Cyberspace Administration of China (CAC) has issued a new rule that will go into effect on February 15, 2022, requiring that Chinese platform companies with data on more than 1 million users must undergo a security review before listing their shares on overseas stock markets.

Additionally, a new rule will take effect on March 1, 2022, that will increase oversight of news providers that use algorithm recommendation technology to disseminate information to users.

Japan introduces amendments that work towards information transparency between businesses and consumers

On April 1, 2022, amendments to the Act on Protection of Personal Information (APPI) will take effect and businesses in Japan should revise their privacy notices in accordance with the APPI. The revisions focus on businesses’ transparency with consumers about how their personal information is handled.

France’s CNIL will analyze augmented video devices from an ethical, technical, and legal standpoint

The National Commission on Informatics and Liberty (CNIL) has published a draft position on the use of “intelligent” and “augmented” video devices in public spaces. With the increased use of such devices in public spaces to improve safety and collect marketable data, the CNIL will analyze the devices’ use from an ethical, technical, and legal point of view.


Use of, access to, and information exchanged on this web page or any of the e-mail links contained within it cannot and does not create an attorney-client relationship between Han Santos, PLLC, and the user or browser. Please do not post any personal or confidential information. You should contact your attorney to obtain advice with respect to any particular issue or problem. Contact us for additional information. One of our lawyers will be happy to discuss the possibility of representation with you. The opinions expressed at or through this site are the opinions of the individual author and may not reflect the opinions of the firm or any individual attorney.