Weekly Privacy News Update – Episode 44


Meta settles lawsuit for $37.5 million

Meta, the parent company of Facebook, settled a data collection lawsuit for $37.5 million after being accused of violating California law and its privacy policy. The case stems from Facebook collecting users’ location data even when the feature was turned off on mobile devices. Although the users did not consent to their location data with Facebook, the company implied they sent targeted advertising based on IP addresses. The settlement will cover users in the US who used Facebook after Jan. 30, 2015.

Source: Reuters, IAPP

Norway’s DPA opposes the decision of the Irish DPC over Meta’s EU-US data transfers

Norway’s data protection authority (DPA), Datatilsynet, opposes the draft decision of the Irish Data Protection Commission (DPC) on Meta’s EU-US data transfers. Datatilsynet prefers to include a fine on the DPC’s decision, stating that there’s “little or no incentive” for Meta or their companies to comply with EU data transfer laws if there are no financial repercussions for violations. Objections from other member states, including Norway, have delayed the DPC’s final decision; a dispute resolution procedure is expected under Article 65 of the EU General Data Protection Regulation.

SourcePolitico, IAPP

Google faces privacy complaint from EU advocacy group

Consumer advocacy group NOYB hits Google with a complaint filed to Frances data protection authority, the Commission nationale de l’informatique et des libertés (CNIL), for breach of a European court ruling. Allegedly Google directly sent Gmail users in the EU unsolicited advertising emails. The 2021 decision by the Court of Justice of the European Union (CJUE) would require Google consent from users before sending them direct marketing emails. The decision from CNIL will only apply to users in France, but the verdict would need Google to reevaluate its practices in the EU.

Source: Reuters, IAPP

New compromise text for the proposed Data Act in the EU

The Czech Presidency of the Council of the European Union presented a new compromise text for the Data Act that concerns the disputed Chapter V. The latest text is intended to define which conditions public entities can demand access to privately held data. The proposed change will favor many EU institutions freed from requirements under the law and will add provisions to bodies from the public section to use a private company’s data in unique cases.



Masha Komnenic CIPP/E, CIPM, CIPT, FIP
More about the author

Written by Masha Komnenic CIPP/E, CIPM, CIPT, FIP

Masha is an Information Security and Data Privacy Specialist and a Certified Data Protection Officer. She has been a Data Protection Officer for the past six years, helping small and medium-sized enterprises achieve legal compliance. She has also been a privacy compliance mentor to many international business accelerators. She specializes in implementing, monitoring, and auditing business compliance with privacy regulations (HIPAA, PIPEDA, ePrivacy Directive, GDPR, CCPA, POPIA, LGPD). Masha studied Law at Belgrade University, and she passed the Bar examination in 2016. More about the author

Related Articles

Explore more resources