Weekly Privacy News Update – Episode 37


Google’s data collection practice reprimanded by EU and US consumer groups

Google’s data collection practices are now subject to formal complaints that EU consumer groups will file. The complaints allegedly stemmed from the lack of transparency given to users on how their data is used for targeted advertising. Also, part of the complaints is that the opt-out option for data collection requires more steps than opting in, which only needs one click. According to the consumer groups, Google violates the Privacy-by-Design requirements in the General Data Protection Regulation (GDPR). Meanwhile, in their letter to the US Federal Trade Commission (FTC), certain tech and consumer groups in the US are preparing to file similar complaints.

Source: Tech Crunch, IAPP, Wall Street Journal

FCC Commissioner wants to pull out TikTok from Apple and Google app stores

US Federal Communications Commissioner Brendan Carr is asking tech giants Apple and Alphabet to remove TikTok from their iPhone and Android app stores. He describes TikTok as a sophisticated surveillance tool that harvests extensive amounts of personal and sensitive data. According to Carr, the apps collect data such as browsing history, location data, biometric identifiers, and contented store on a device. Leaked recordings of internal meetings in TikTok supposedly revealed that the Chinese firm had accessed nonpublic data of users in the US. TikTok’s pattern of surreptitious data practices has led him to call for its removal in the app stores.

Source: IAPP, Fortune

California Age-Appropriate Design Code Act advances

The California State Assembly’s Senate Judiciary Committee has passed the proposed California Age-Appropriate Design Code Act. The bill will make its way to the Committee on Appropriations. It contains provisions for children’s data protection and limits to online exposure for minors under the age of 18 that would be enforceable by the California Privacy Protection Agency. August 31 is the last day for bills to be passed in either legislative chamber; the governor must sign or veto them by September 30.

Source: IAPP, California Legislative Information

China publishes new guidance for cross-border data processing

The National Information Security Standardization Technical Committee of China has published its guidance on performing cross-border data processing in a standardized manner and compliant with the Personal Information Protection Law (PIPL). The “Practice Guidelines for Cybersecurity Standards — Cross-border Processing of Personal Information” includes vital security principles and requirements for cross-border transfers and the  “protection of the rights and interests of personal information subjects.”

Source: IAPP, National Information Security Standardization Technical Committee

Masha Komnenic CIPP/E, CIPM, CIPT, FIP
More about the author

Written by Masha Komnenic CIPP/E, CIPM, CIPT, FIP

Masha is an Information Security and Data Privacy Specialist and a Certified Data Protection Officer. She has been a Data Protection Officer for the past six years, helping small and medium-sized enterprises achieve legal compliance. She has also been a privacy compliance mentor to many international business accelerators. She specializes in implementing, monitoring, and auditing business compliance with privacy regulations (HIPAA, PIPEDA, ePrivacy Directive, GDPR, CCPA, POPIA, LGPD). Masha studied Law at Belgrade University, and she passed the Bar examination in 2016. More about the author

Related Articles

Explore more resources