CNIL fines SAF Logistics for GDPR infringements related to employee data handling

In a recent development, France's regulatory body for data protection, the Commission nationale de l'informatique et des libertés (CNIL), has imposed a substantial fine of 200,000 euros on the multinational air freight company SAF Logistics. This penalty is related to alleged infringements of the European Union's General Data Protection Regulation (GDPR) concerning the handling of employee data. The CNIL's action follows a complaint that the company was over-collecting personal information concerning the private lives of its employees. Read more

Class action lawsuits against Las Vegas Casinos for data breaches

In Las Vegas, MGM Resorts International and Caesars Entertainment are facing five class action lawsuits over alleged negligence in protecting customer data during September's cyberattacks. These lawsuits contend that both companies failed to safeguard personally identifiable information (PII) during widely publicized data breaches, with victims fearing their data may already be on the dark web. Four of the suits have individual customers as plaintiffs and aim for class action status. Read more

Facebook to face lawsuit for its ad algorithm discrimination

A California Appeals Court has cleared the way for a lawsuit against Facebook, alleging discrimination in its ad algorithm. This stems from a 2020 class action accusing Facebook of violating civil rights by not showing insurance ads to women and older users. Samantha Liapes, a 48-year-old woman, claimed Facebook's ad system excluded her based on age and gender. The September 21st ruling overturned a Section 230 defense. Facebook's ad algorithm has previously faced scrutiny for housing discrimination, resulting in a settlement in 2022 and the introduction of a new ad system this year. Read more

Kenya’s ODPC issues hefty fines related to the Data Protection Act violations

In a recent announcement from Kenya's Data Privacy Commissioner's Office, three fines totaling KES9,375,000 have been imposed for suspected breaches of the Data Protection Act. Each penalty pertains to allegations of unauthorized use of individuals' personal data. The most substantial of these fines, amounting to KES4,550,000, was levied against Roma School for the unauthorized posting of minor's images without obtaining parental consent. Read more

Clearview AI company settles biometric class-action lawsuit

Facial recognition company Clearview AI has agreed to settle a class-action privacy lawsuit, the terms of which have not yet been disclosed. Pending approval from U.S. District Court Judge Sharon Johnson Coleman, the settlement will address allegations of Clearview AI's violations of biometric privacy laws in Illinois, California, New York, and Virginia. The company faced legal action for collecting billions of photos from social media platforms and selling this faceprint database to law enforcement and private companies. Clearview AI's previous First Amendment defense was rejected in court. Read more