Data Protection News Update 15 January 2024

United Kingdom

ICO fines HelloFresh £140,000 for spam texts and emails

  • The food delivery company HelloFresh has been fined by the Information Commissioner’s Office (ICO) for a campaign of 79 million spam emails and 1 million spam texts over a 7-month period.
  • The marketing messages were sent based on an opt-in statement which did not make any reference to the sending of marketing via text.
  • While there was reference to marketing via email. It was included in an age confirmation statement which was likely to unfairly incentivise customers to agree.
  • An investigation by the ICO began in March 2022 following complaints made directly to the regulator. It was also discovered that the company continued to contact some individuals even after they had requested them to stop.

United States

FTC to discuss changes to children’s online privacy law

  • The U.S. Federal Trade Commission will discuss possible changes to the Children’s Online Privacy Protection Act Rule during its meeting on 18th January 2024.
  • This proposal introduces changes to the COPPA (Children’s Online Privacy Protection) Rule, which includes a separate opt-in for targeted advertising, increasing accountability for operators using the support for internal operations exception, imposing limits on “nudging” children without parental consent, and strengthening the data security and data retention requirements.  


Austrian activist Schrems broadens Meta privacy complaint

  • Privacy activist Max Schrems’ advocacy group NOYB expanded its complaint about Meta Platforms paid no-ads subscription service as it urged Austrian authorities to investigate the difficulty users face in seeking to avoid being tracked.
  • In November, NOYB told the Austrian Data Protection Authority that Meta’s no ads-subscription service launched in Europe was equivalent to having to pay to ensure privacy.
  • Meta has said the service that applies to Facebook and Instagram aims to comply with EU rules that users must be given a choice whether their data can be collected and used for targeted ads.
  • The complaint will likely be forward to the Irish data protection watchdog which oversees Meta.


Apology after names in severe-disability care scheme leaked

  • Hong Kong’s Social Welfare Department accidentally leaked the English names of 1,300 individuals applying for the special care subsidy scheme for persons with severe disabilities.
  • The Office of the Privacy Commissioner for Personal Data said it had received a data breach notification on Thursday and has commenced a compliance check in accordance with relevant procedures.
  • The department said the leak occurred due to an employee error, and those affected were notified.


More Posts

Send Us A Message