Data Protection News Update 20 February 2023

United States

The Economist Michigan information privacy $9.5M class action settlement

  • The Economist, a newspaper with both digital and physical news subscriptions available, has agreed to pay $9.5 million to resolve claims it shared Michigan subscriber information with third parties without consent.
  • The Economist has not admitted any wrongdoing.
  • According to the lawsuit The Economist shared the information subscribers with third parties, without getting consent of their Michigan customers.
  • Class members can receive an equal share of the net settlement fund, which will be around $261.

Ex-Twitter privacy chief takes job at social media app BeReal

  • Damien Kieran resigned are Twitter’s chief privacy officer in November, after the Elon Muck takeover.
  • He has now joined the photo-sharing app BeReal as its top lawyer.
  • Twitter did not respond to a request for comment but its current legal staffing is unknown.


Facebook inches closer to European blackout

  • Facebook and Instagram might have to stop sending European users’ data to the US in the next two months.
  • The EDPB will issue a binding decision on a case scrutinising Meta’s data transfers to the US.
  • The case stems from a privacy complaint filed by Max Schrems in 2013.
  • The Irish DPC in July 2022 first proposed banning Meta from standard contractual clauses to send user’s data to the US. This came after the Privacy Shield had been annulled.
  • Article 65, a dispute resolution mechanism was triggered in late January. The EDPB stated that the official procedure has started and has a two moth deadline.

MEPs urge European Commission to reject EU-US adequacy

  • The European Parliament Committee on Civil Liberties, Justice and Home Affairs made it very clear in their draft opinion that the Commission should not extend an adequacy decision to the US based on the EU-US Data Privacy Framework.
  • In their opinion the committee members concluded that the Framework “fails to create actual equivalence in the level of protection” offered under the EU GDPR.
  • They urged the Commission to only adopt a decision if meaningful reforms were introduced especially concerning national security and intelligence purposes on the part of the US.
  • Parliament and the European Data Protection Board will present their respective nonbinding opinions for the European Commission to consider to their adequacy decisions.
  • The Parliament is particularly concerned with the differing definitions of the principles of necessity and proportionality. Specifically, the lack of precision and application of the Executive Order and that the Order can be amended at any time by the US president.
  • The Data Protection Review Court has issues with its perceived lack of independence and general transparency. The Court does not allow for appeal to federal courts or the opportunity to claim damages.


Nigeria Data Protection Bureau says 110 companies under investigation for data breaches

  • The Nigeria Data Protection Bureau (NDPB) has said that it is currently investigating more than 110 companies in Nigeria over allegations of data breach.
  • These companies include banks, telecom services, gaming companies and online lending companies. These sectors are particularly vulnerable due to the use of mobile apps in their services.
  • The consequences of their actions may constitute civil or criminal liability and the Nigerian Police Force is also working with the Bureau for these matters.

Australian privacy reform moves forward with new government report

  • Australian Attorney-General’s Department released its review of the Privacy Act 1988.
  • The report includes 116 recommendations based on 30 “key themes and proposals” from stakeholders during the course of the last two years.
  • The potential reform covers many issues, rom proposing the abolishment of the small business exemption, implementing new limits on targeted advertising, and include individual privacy rights.
  • Now that this report is public, there is a public comment period with a feedback survey open until March 31.

United Kingdom

UK Policing Riddled with Chinese CCTV Cameras

  • The Biometrics and Surveillance Camera Commissioner (OBSCC) found that 24 regional police forces and the British Transport Police, the Civil Nuclear Constabulary, the Ministry of Defence and the National Crime Agency use CCTV cameras made by Chinese Companies or that use Chinese Components.
  • These vendors include Dahua, Hikvision and Huawei, Taiwanese camera-maker Nuuo and US firm Honeywell.
  • Hikvision is thought to be the biggest supplier and also supplies two police forces with body worn cameras.
  • Concerns over the Beijing sensitive camera feeds have led to a government decision in November to cease deployment of Chinese-made cameras on government property.

UK government outlines reforms to thirty-year-old cybercrime law

  • The UK government has proposed changes to The Computer Misuse Act of 1990 to tackle cybersecurity threats and online crimes.
  • One of the proposed changes will allow law enforcement agencies to take control of domains and IP addresses that are being used by criminals to carry out online criminal activities.
  • It also allows public authorities to take down these domains and prevent the creation of domains that are suspected and predicted to be for criminal purposes.
  • The second proposed change aims to toughen the offences and penalties for taking or coping data rather than merely unauthorised access to or modification of data.
  • The third proposal will give law enforcement agencies a new power to require individuals who are in control of data to preserve that data, in an unaltered state, so that it could be available for a law enforcement investigation.
  • This will not allow for law enforcement agencies to seize data, but it will give them the opportunity to decide if the data is relevant to that investigation.


More Posts

Send Us A Message