Weekly Privacy News Update – Episode 41


Privacy advocates raise concern about stripping FCC oversight on the proposed ADPPA

Provisions regarding telecommunications data oversight under the proposed American Data Privacy and Protection Act (ADPPA) raised the concern of privacy advocates. The proposed federal privacy law will strip the authority of the US Federal Communications Commission (FCC) to impose privacy rules, allowing telecom companies that will likely benefit from the enforcement under the Federal Trade Commission (FTC). The proposed ADPPA will delegate the FTC to handle privacy enforcement for telecom companies. Critics disagree, pointing out that the FTC is not on the level with the FCC’s capability regarding enforcement and proficiency.

Source: Cyberscoop, IAPP

Meta repeats possible suspension of Facebook in EU with EU-US transfer agreement unresolved

In their reiterated warning, Meta announced that they might pull the plug on Facebook and Instagram services in the EU if a new data transfer agreement between the EU and the US does not materialize. The tech giant is concerned that the lack of a new data transfer framework and the inadequacy to commit to standard contractual clauses (SCC) will have an adverse effect on its operations. Meta’s use of the SCCs to assist EU-US data transfer may be stopped by the draft decision from Ireland’s Data Protection Commission that other 26 EU data protection authorities are deliberating.

Source: Bloomberg, IAPP

Free coffee and pastry from Tim Hortons for customers affected by privacy breach

Tim Hortons offers customers free coffee and pastry to settle class-action lawsuits in three provinces of Canada. The Canadian fast food chain was accused of violating privacy laws for using its mobile app to collect vast amounts of sensitive location data. The investigation made by federal and provincial authorities revealed that users who downloaded the app were tracked between April 2019 and September 2020, despite not using it. Tim Hortons offered coffee and pasty worth $9 CAD plus tax to settle the class-action lawsuits.

Source: The Verge, Wall Street Journal, IAPP

Four major clauses for India’s next data protection law draft

After the previous draft Data Protection Bill was withdrawn, the Indian Parliament expressed that the government is working on a framework for the four topics that will be either dropped or refined. The topics for the new draft proposal will include:

    • Data localization requirements.
    • Regulatory authorization for every cross-border data transfer.
    • Penalties on global turnover for any violation.
    • Regulation of hardware and devices.

Public consultations are anticipated for each topic by the Parliament before adding the final provisions. Before the withdrawal of the previous draft, each topic was dissected.

Source: Financial Express, IAPP, IAPP


Masha Komnenic CIPP/E, CIPM, CIPT, FIP
More about the author

Written by Masha Komnenic CIPP/E, CIPM, CIPT, FIP

Masha is an Information Security and Data Privacy Specialist and a Certified Data Protection Officer. She has been a Data Protection Officer for the past six years, helping small and medium-sized enterprises achieve legal compliance. She has also been a privacy compliance mentor to many international business accelerators. She specializes in implementing, monitoring, and auditing business compliance with privacy regulations (HIPAA, PIPEDA, ePrivacy Directive, GDPR, CCPA, POPIA, LGPD). Masha studied Law at Belgrade University, and she passed the Bar examination in 2016. More about the author

Related Articles

Explore more resources