Weekly Privacy News Update – Episode 56

Tax filing websites share user data with Facebook via Meta Pixel

Some tax filing services such as H&R Block, TaxAct, and TaxSlayer have shared financial data from users to Facebook. Using the Meta Pixel code, some data shared includes the users’ income, filing status, refund amounts, names, and email addresses. This information that was shared with Facebook can be utilized for its ad algorithms and is collected even when a user using the tax filing service has an account on the social media platform.

Source: The Verge, IAPP

Facebook faces lawsuit in UK for collecting personal data for ad targeting

Facebook is facing a lawsuit filed in London’s Highcourt for allegedly practicing surveillance advertising, regardless of Meta ensuring user privacy. In her lawsuit, Tanya O’Carroll indicts Facebook for violating general data protection regulations by processing and profiling her personal data and used for targeted advertising. The lawsuit against Meta’s business model could implicate it with a series of regulatory and legal risk in Europe that ranges from trans-Atlantic data flow to antitrust actions in Germany and the UK.

Source: MediaPost, IAPP

New processor code of conduct published by German DPA to assist companies in applying GDPR

A new code of conduct for processors was released by the Baden-Württemberg State Commissioner for Data Protection and Freedom of Information (LfDI). It features regulated rules to assist companies in applying the EU General Data Protection Regulation (GDPR). Processors adhering to the code will need to submit to regular monitoring thru a body accredited by the LfDI.

Source: LfDI, IAPP

UK and South Korea finalize landmark adequacy decision

The UK Department for Digital, Culture, Media and Sport (DCMS) published the finalization of its adequacy decision with South Korea. Since having left the European Union, this is the first adequacy decision attained by the UK. For the DCMS, the landmark decision will benefit small and medium-sized businesses that avoided data transfers to South Korea because of the previous challenges. The adequacy decision and accompanying legislation were presented to the UK Parliament and will take effect on Dec.  19.

Source: DCMS, IAPP

More about the author

Written by Masha Komnenic CIPP/E, CIPM, CIPT, FIP

Masha is an Information Security and Data Privacy Specialist and a Certified Data Protection Officer. She has been a Data Protection Officer for the past six years, helping small and medium-sized enterprises achieve legal compliance. She has also been a privacy compliance mentor to many international business accelerators. She specializes in implementing, monitoring, and auditing business compliance with privacy regulations (HIPAA, PIPEDA, ePrivacy Directive, GDPR, CCPA, POPIA, LGPD). Masha studied Law at Belgrade University, and she passed the Bar examination in 2016. More about the author