Weekly Privacy News Update – Episode 18

Meta set to pay $90 million for a 2012 tracking lawsuit

Meta has agreed to pay $90 million over a lawsuit from 2012, which alleges that Facebook tracked users after they logged off the social media platform. The preliminary settlement will require approval from a federal judge. If approved, it would be one of the most significant privacy class-action settlements to date. The privacy violation arose when Facebook used plug-ins to store cookies tracking users’ visits to third-party websites that had “like” buttons. Allegedly the tracking ensued from April 2010 to September 2011. Facebook had users’ permission to track them if they were logged in but claimed tracking would stop. The case was dismissed in 2017 but was revived in April 2020 by a federal appeals court, allowing users to try to prove that their privacy was violated and Facebook profited unlawfully.

Source: IAPP, Reuters, Business Insider

Google to remove cross-app tracking

Google plans to completely remove cross-application tracking on Android devices by 2024. According to Vice President of Product Management, Android Security & Privacy Anthony Chavez, Google is rolling out a Privacy Sandbox for Android with the goal of “introducing new, more private advertising solutions.” The present tracking methods will be supported for two years during development, and Google will give “substantial notice” before any changes. Chavez added solutions will “limit sharing of user data with third parties and operate without cross-app identifiers, including advertising ID.” Google recently announced it wouldn’t continue with its plan to replace third-party cookies with Federated Learning of Cohorts (FLoC).

Source: IAPP, Wall Street Journal

US senators introduce data broker bill

US Sens. Jon Ossoff, D-Ga., and Bill Cassidy, R-La., proposed the Data Elimination and Limiting Extensive Tracking and Exchange Act on February 10, 2022. The act aims to give Americans control over how data brokers collect and use their personal information. The legislation would require the US Federal Trade Commission (FTC) to create and manage a “one-time data deletion request” tool that would erase data from unregistered brokers. It would also create a “do not track list” to block future collection of personal data.

Source: IAPP, Sen. Jon Ossoff

International Data Transfer Agreement tools proposed in the U.K.

A proposal has been laid before the UK Parliament to change the current “standard contractual clauses” (SCCs) used to control data movement between the UK/EU and other countries considered to have “inadequate” equivalent data protection laws. The international data transfer agreement (IDTA) and the international data transfer addendum to the European Commission’s SCCs will be active in late March if Parliament approves. These new data transfer tools will be compulsory for any new agreements starting in September 2022, but will not be required to replace existing SCCs until 2024.

Source: CPO Magazine, ICO

Masha Komnenic CIPP/E, CIPM, CIPT, FIP
More about the author

Written by Masha Komnenic CIPP/E, CIPM, CIPT, FIP

Masha is an Information Security and Data Privacy Specialist and a Certified Data Protection Officer. She has been a Data Protection Officer for the past six years, helping small and medium-sized enterprises achieve legal compliance. She has also been a privacy compliance mentor to many international business accelerators. She specializes in implementing, monitoring, and auditing business compliance with privacy regulations (HIPAA, PIPEDA, ePrivacy Directive, GDPR, CCPA, POPIA, LGPD). Masha studied Law at Belgrade University, and she passed the Bar examination in 2016. More about the author

Related Articles

Explore more resources