Meta settles lawsuit for $37.5 million
Meta, the parent company of Facebook, settled a data collection lawsuit for $37.5 million after being accused of violating California law and its privacy policy. The case stems from Facebook collecting users’ location data even when the feature was turned off on mobile devices. Although the users did not consent to their location data with Facebook, the company implied they sent targeted advertising based on IP addresses. The settlement will cover users in the US who used Facebook after Jan. 30, 2015.
Norway’s DPA opposes the decision of the Irish DPC over Meta’s EU-US data transfers
Norway’s data protection authority (DPA), Datatilsynet, opposes the draft decision of the Irish Data Protection Commission (DPC) on Meta’s EU-US data transfers. Datatilsynet prefers to include a fine on the DPC’s decision, stating that there’s “little or no incentive” for Meta or their companies to comply with EU data transfer laws if there are no financial repercussions for violations. Objections from other member states, including Norway, have delayed the DPC’s final decision; a dispute resolution procedure is expected under Article 65 of the EU General Data Protection Regulation.
Google faces privacy complaint from EU advocacy group
Consumer advocacy group NOYB hits Google with a complaint filed to Frances data protection authority, the Commission nationale de l’informatique et des libertés (CNIL), for breach of a European court ruling. Allegedly Google directly sent Gmail users in the EU unsolicited advertising emails. The 2021 decision by the Court of Justice of the European Union (CJUE) would require Google consent from users before sending them direct marketing emails. The decision from CNIL will only apply to users in France, but the verdict would need Google to reevaluate its practices in the EU.
New compromise text for the proposed Data Act in the EU
The Czech Presidency of the Council of the European Union presented a new compromise text for the Data Act that concerns the disputed Chapter V. The latest text is intended to define which conditions public entities can demand access to privately held data. The proposed change will favor many EU institutions freed from requirements under the law and will add provisions to bodies from the public section to use a private company’s data in unique cases.
