Instagram to Pay $65.8 Million for BIPA Lawsuit

Instagram reached a settlement for a class action lawsuit filed nearly three years ago alleging that the app's facial recognition feature was in violation of Illinois' Biometric Information Privacy Act. The company stated that the feature was used to find content that the users' faces appeared so that tags could be suggested. However, it was alleged that users' biometric data was collected without consent, a violation of Illinois' biometric act. This feature was pulled back in late 2021. Read more

Medical data analysis project fined by Italian DPA

Italian DPA, Garante imposed a fine of €15,000 on medical data analysis project THIN for their failure to use anonymization methods. THIN aims to use anonymized patient data to make advances in patient care and clinical outcomes. However, Garante found that their techniques of anonymization of data were not effective. They processed pseudonymized personal data, violating the GDPR principle of lawfulness and transparency. Read more

French DPA strengthens parental controls on Internet access

The French DPA, CNIL issued two decrees which outline functionalities that standardize and regulate parental control on minors' devices. Applications with age restrictions (social media apps prohibited for children under the age of 13) cannot be downloaded on children's devices. Access to content on certain terminals will also have to be blocked. These functionalities can be implemented locally on the user's devices. Read more

Meta faces advertisement restriction in Norway

Starting today, August 4th, 2023, the standard targeted advertising process of Meta has been banned in Norway. The 90-day ban issued is meant to give Meta time to change its processes so that they are in compliance. For Meta to be in compliance, their systems have to be restricted to use only the data that users themselves make publicly available, for example, the 'About' sections of their profiles. $100,000 will be fined for each day that Meta remains non-compliant. Should Meta be non-compliant for the entire ban duration, the total fine would amount to $9 million. Read more

NHS allegedly shared health data over WhatsApp

UK's data protection regulation, the ICO reprimanded the National Health Service brand in Lanarkshire for allegedly sharing the personal data of patients, including names, addresses, images, videos, clinical information etc., over WhatsApp. It was found that the staff could access a WhatsApp group between April 2020 to April 2022, where such data was shared, allegedly on over 500 occasions. Read more