Weekly Privacy News Update – Episode 57

Irish DPC issued a EUR 265 million fine to Meta for GDPR violations

Meta receives a hefty fine worth EUR 265 from Ireland’s Data Protection Commission (DPC). The penalty is due to alleged EU General Data Protection Regulation (GDPR) violations and is now the third-largest GDPR fine ever given. Meta allegedly violated Articles 25(1) and 25(2) of the GDPR after an investigation revealed the exposure of a data set of personal information from Facebook. The DPC’s decision will compel Meta to bring its processing into compliance by taking a range of specified remedial actions within a particular timeframe.

Source: Data Protection Commission, IAPP

Snapchat to carry out a new feature in compliance with the CPRA

Snapchat will add a feature toggle switch under its Privacy Controls section in compliance with the California Privacy Rights Act, which will be enforced on Jan. 1, 2023. Users can then choose the new option at the bottom of the list that reads “California Privacy Choices.” This new feature will be implemented for Snapchat users in California to limit the app’s use of sensitive personal data. Also included is a new preference to limit the usage of sensitive personal information. This setting will require Snapchat to curb the use of personal data from the users, such as precise geolocation.

Source: TechCrunch, IAPP

Privacy Legislation Amendment Bill approved in Australia, data breach fines to increase

The final passage of the Privacy Legislation Amendment Bill 2022 has been approved by the Parliament of Australia. The legislation amends the Privacy Act of 1988. It increases the data breach fines to AUD 50 million, or the penalties could depend on data monetization and 30% of adjusted quarterly turnover under a new three-factor penalty scheme.

Source: Parliament of Australia, IAPP

Microsoft 365 products not compliant with GDPR after German evaluation

Microsoft may face legal troubles in the EU after an evaluation by a working group of German data protection authorities (DPA). It revealed that the company’s cloud-based 365 productivity products could not be used in compliance with the EU General Data Protection Regulation (GDPR). According to the group, Microsoft has not amended the compliance issues for the past two years of investigation.

Source: TechCrunch, IAPP

More about the author

Written by Masha Komnenic CIPP/E, CIPM, CIPT, FIP

Masha is an Information Security and Data Privacy Specialist and a Certified Data Protection Officer. She has been a Data Protection Officer for the past six years, helping small and medium-sized enterprises achieve legal compliance. She has also been a privacy compliance mentor to many international business accelerators. She specializes in implementing, monitoring, and auditing business compliance with privacy regulations (HIPAA, PIPEDA, ePrivacy Directive, GDPR, CCPA, POPIA, LGPD). Masha studied Law at Belgrade University, and she passed the Bar examination in 2016. More about the author