Privacy News Roundup – December 1, 2021

United States

Opting out of the algorithm

A bipartisan group of House members have introduced the Filter Bubble Transparency Act. The act requires online platforms to allow users to opt out of having personal data-driven algorithms select the content they see.

Momentum is driven by the mutual acknowledgement from both parties that algorithms driven by user-specific data make services addictive, violate privacy, and promote extremism.

Biometrics lawsuit

A class-action lawsuit has been filed against OnlyFans, alleging the platform has violated Illinois’ Biometric Information Privacy Act (BIPA). The complaint seeks $1,000 to $5,000 per violation.

The lawsuit claims the company collected facial biometrics from content creators to verify their age and identities without explanation of how the images would be handled and destroyed.

BIPA law has been used to launch thousands of class action lawsuits, typically accusing businesses of failing to collect written consent and providing adequate notification before scanning biometric identifiers. The lawsuits have mostly targeted social media and big tech, but have also focused on employers collecting fingerprints to verify employee identities when clocking in and out of work shifts.

Cybersecurity patches

The Biden administration issued one of the most comprehensive cybersecurity orders to date. It mandates nearly all federal agencies to patch approximately 290 security flaws.

The security issues were identified between 2017 and 2021 and are noted as carrying “significant risk to the federal enterprise.”

Software suspended in Chicago

The Chicago Public School District has suspended access to popular classroom software.

This is due to amendments to the Illinois Student Online Personal Protection Act, which took effect on July 1, 2021. The act created more stringent requirements for district contracts with third-party educational service providers.

International

Increased demand and consequence for Data Protection Officers in China

China’s Personal Information Protection Law (PIPL) has increased the need for companies to appoint a data protection officer.

However, while demand for DPO’s is high, incentive to take on the role is low because they may be held personally liable for any violations of China’s law.

G-7 and the flow of data

The G-7 Trade Ministers agreed on digital trade principles, including the free flow of data across borders. They also agreed to work together to determine commonalities in their regulatory approaches for the promotion of interoperability.

New privacy codes in Australia

The Privacy Legislation Amendment (Enhancing Online Privacy and Other Measures), Bill 2021, will strengthen the Privacy Act of 1988 by creating a new Online Privacy Code and providing higher penalties for violations, equating to:

  • A maximum of $2.1 million for serious or repeated breaches of privacy
  • Three times the value of any benefit obtained through the misuse of information
  • 10% of the entity’s annual Australian revenue

INDIVIDUAL ARTICLE DISCLAIMER:

Use of, access to, and information exchanged on this web page or any of the e-mail links contained within it cannot and does not create an attorney-client relationship between Han Santos, PLLC and the user or browser. Please do not post any personal or confidential information. You should contact your attorney to obtain advice with respect to any particular issue or problem. Contact us for additional information. One of our lawyers will be happy to discuss the possibility of representation with you. The opinions expressed at or through this site are the opinions of the individual author and may not reflect the opinions of the firm or any individual attorney.