Facebook is planning a social media network for young kids. Will it succeed? Probably.
Mark Zuckerberg once said that the Children’s Online Privacy Protection Act (COPPA) was a “fight” Facebook would “take on at some point.”
This week, we learned Facebook is planning an Instagram for under-13s. If this is the fight, Facebook will probably win.
Why? Why would Facebook do this?
Instagram is currently unavailable for under-13s because they have special legal protections, meaning that it’s harder for businesses to collect their data and to target them with ads.
In the U.S., the main children’s privacy law is COPPA…
Max Schrems and Co. (NOYB) have brought a complaint against Google to the Austrian DPA. This case is a seriously big deal.
If Schrems wins, Google’s transfers of personal data will be deemed unlawful and the company could face a large fine (up to €6 billion).
More importantly, the complaint will tell us a lot about cross-border data transfers — and whether a company like Google can actually lawfully operate at all in the post-Schrems II EU.
What is Google allegedly doing wrong?
The complaint alleges that Google is transferring personal data to the U.S. …
On 28 April, the U.K. Supreme Court hears Lloyd v Google — a vitally important case for the future of data rights. There’s a lot riding on this case.
Consumer rights advocate Richard Lloyd is suing Google over the “Safari Workaround”.
Lloyd alleges that Google set cookies without consent (surely not!) on over 4 million UK iPhones in 2011/12, despite Apple’s browser protections that attempted to prevent this.
The case has big implications for data protection in the U.K.
Why is it such a big deal?
There are several reasons why Lloyd v Google is so significant.
First, the case…
Big tech’s most privacy-focused company is facing three data protection complaints and one antitrust investigation
Privacy is a major part of Apple’s brand. So you might be surprised to learn that the company is dealing with multiple investigations by EU data protection authorities over allegations that it is breaching privacy law.
Most recently, Apple was referred to France’s CNIL over allegations that ad personalisation is turned “on” by default in iOS 14. The group behind the complaint, France Digitale, claims that this violates the ePrivacy Directive and the GDPR.
Back in December, I wrote about a similar complaint filed with…
The Irish DPA has been criticised by the German federal data regulator. Fair enough?
Here’s the background:
A letter from thefederal data protection regulator (BfDI) Ulrich Kelber has been reported by the Irish Times criticising the Irish Data Protection Commission (DPC).
This letter reiterated what many observers have been saying about the Irish DPC for some time. As home to most big tech companies, Ireland has earned a reputation as a GDPR-compliance haven.
Is the Irish DPC’s reputation fair?
Think of it this way. As lead supervisory authority to Facebook and Google, the DPC’s job is to ensure these companies…
Facebook is “bypassing GDPR consent”, according to a case brought to the Austrian Superior Court by GDPR final boss Max “Schrems II” Schrems.
What does “bypassing the GDPR” mean?
Here’s the background of this case:
Illinois lawmakers are trying to undermine the Biometric Information Processing Act (BIPA). This is one of the few U.S. privacy laws providing Americans with real privacy protection.
What is America’s best privacy law?
Maybe it’s not objectively the best, but my favourite U.S. privacy law is Illinois’ Biometric Information Processing Act (BIPA), which passed way back in 2008. BIPA is one of the most powerful — albeit limited — privacy laws in the U.S.
BIPA requires businesses to provide notice and obtain consent before collecting biometric information from consumers, including facial recognition data, fingerprints, and voiceprints.
French court ruling says vaccine-booking platform’s contract with Amazon is lawful. But this case isn’t as clear-cut as it seems.
I’m drawing my analysis here from the IAPP’s summary of the case.
Here’s the background
The French Conseil d’Etat looked at a data processing agreement between Doctolib, whose platform is used for booking vaccinations, and AWS Sarl, a Luxembourg-based subsidiary of Amazon Web Services.
Doctolib used AWS to process health data. The claimants asked the court to suspend transfers of personal data between Doctolib and AWS.
The case was significant, in part, because so many EU data controllers…
The U.K.’s culture secretary has repeated his ambiguous claims about the future data protection regime.
Sky News published the glibly-titled Government to reform data protection laws to spur economic growth on Thursday, in which Oliver Dowden, the U.K.’s culture secretary, states that he is “seeking to set out where we are going to go with data” post-Brexit.
The “unashamedly pro-tech” minister has made similar comments in the past, including in a Financial Times op-ed earlier this month, but has been relatively coy about providing solid details.
In one sense, the U.K. can do whatever it likes with its data protection…
Telecoms giant will start selling information about how customers use the web and what apps are on their phones unless they opt out.
This piece argued that the U.S. should be enacting a privacy law with an “opt-in” model of consent. It suggests that Virginia and California have missed this opportunity with recent legislation.
This same week, T-Mobile announced that it will start selling U.S. customers’ data on an opt-out basis, starting on 26 April.