Weekly Privacy News Update – Episode 48


Meta faces complaints for circumventing Apple’s privacy preferences

Meta now faces class-action lawsuits from three Facebook and iOS users for supposedly bypassing Apple’s iOS privacy settings. The complaints were based on the research of Felix Krause, a former Google engineer, who accused Meta of wanting to gain back lost advertising revenue. They inserted a tracking code on external websites visited by users while they use the in-app browser for Facebook or Instagram. When Apple updated its privacy rules in 2021 to allow users to opt-out of all tracking by third-party apps quickly, the tech giant allegedly lost $10 billion in revenue. The complainants cited Meta for downplaying the privacy risk, neglecting the privacy preference of iOS users, and tracking their activity on third-party websites.

Source: Ars Technica, IAPP

Use of Google Analytics on a standstill after decision of Danish DPA

Danish data protection authority, Datatilsynet, decided to stop using Google Analytics for data transfers to the US without supplementary measures. Denmark is the latest European country to enact the halt, following Austria, France, and Italy. Dataltilsynet has notified Danish businesses to check if their possible continued use of Google Analytics is within the EU General Data Protection Regulation framework.

Source: Datatilsynet, Digital Journal, IAPP

Business requirements under Quebec’s Bill 64 take effect

Specific business requirements under Bill 64 have taken effect as published by the Le Commission d’accès à l’information du Quebec, Quebec’s data protection authority (DPA). Bill 64 amended the Privacy Act, which sought to give citizens more control over their personal data and held companies accountable for managing data. The new corporate obligations for Bill 64 include privacy officer appointments, compulsory breach notification, and user consent exception. Further requirements will take effect in 2023 and 2024

Source: Le Commission d’accès à l’information du Quebec, IAPP

Indonesia’s data protection law passed by lawmakers

Last Sept. 20, lawmakers in Indonesia passed the much-anticipated data protection bill into law. The new law is timely after the country faced a series of data leaks and for the investigation of alleged data breaches from Indonesia’s government firms and institutions. The data protection law will enable the president to create an oversight body that will issue fines to data handlers for privacy violations. The largest fine that could be issued consists of 2% of a corporation’s annual revenue and the possibility of its assets being confiscated or auctioned off. An adjustment period of two years is part of the law, but it does not stipulate how violations will be addressed in that stage.

Source: Reuters, IAPP

Masha Komnenic CIPP/E, CIPM, CIPT, FIP
More about the author

Written by Masha Komnenic CIPP/E, CIPM, CIPT, FIP

Masha is an Information Security and Data Privacy Specialist and a Certified Data Protection Officer. She has been a Data Protection Officer for the past six years, helping small and medium-sized enterprises achieve legal compliance. She has also been a privacy compliance mentor to many international business accelerators. She specializes in implementing, monitoring, and auditing business compliance with privacy regulations (HIPAA, PIPEDA, ePrivacy Directive, GDPR, CCPA, POPIA, LGPD). Masha studied Law at Belgrade University, and she passed the Bar examination in 2016. More about the author

Related Articles

Explore more resources