top of page
  • Team

The Data Drop News for Friday, March 25, 2022

Facebook's parent company, Meta, has been fined €17 million (~$18.6 million) by the Irish Data Protection Commission (DPC) over a string of historical data breaches. California Begins Slow Launch of Nation’s First Online Privacy Protection Agency. TikTok Can Circumvent Apple and Google Privacy Protections and Access Full User Data, 2 Studies Say. UK plans to abolish DPOs – and much more!


Pro tip: listen to The Data Drop at the gym, car, or while walking the dog by subscribing to our podcast. Data pros can also join the Node Zero community to access, query and bookmark our global dataset of stories from our Privacy Newsfeed tool.

Facebook's parent company, Meta, has been fined €17 million (~$18.6 million) by the Irish Data Protection Commission (DPC) over a string of historical data breaches

Facebook’s parent company, Meta, has been fined €17 million (~$18.6 million) by the Irish Data Protection Commission (DPC) over a string of historical data breaches.


The security lapses in question, which appear to have affected up to 30 million Facebook users, date back several years — and had been disclosed by Facebook to the Irish regulator in 2018. The DPC, which is Meta/Facebook’s lead privacy regulator in the European Union, opened this security-related inquiry in late 2018 after it received no less than 12 data breach notifications from the tech giant in the six-month period between June 7, 2018 and December 4, 2018.


Ireland Watchdog Sued for Years of 'Inaction' Over Complaints Regarding Google's Largest Data Breach Ever

The Data Protection Commission of Ireland, working as the government's watchdog, is now being sued for alleged years of inaction over complaints regarding "largest data breach ever."


Per the lawsuit, the watchdog was evasive in responding to security complaints filed against Google when the European Union's General Data Protection Regulation, or GDPR, was passed. The litigation came from the Irish Council for Civil Liberties, or ICCL, with John Ryan, its senior fellow, acting as the plaintiff in the case.


California Begins Slow Launch of Nation’s First Online Privacy Protection Agency

California has begun building the California Privacy Protection Agency, the first government body in the United States with the sole job of regulating how Google, Facebook, Amazon and other companies collect and use data from millions of people, reports the New York Times.


The agency will be a more than 30-person group with a $10 million annual budget to help enforce the state’s privacy law, which is among the most stringent in the country. It will be headed by Ashkan Soltani, a privacy expert who once served as the Federal Trade Commission’s top technologist.


Google Analytics To Stop Logging IP Addresses And Sunset Old Versions In Privacy Standards Overhaul

Major changes are coming to Google Analytics as the company navigates higher consumer privacy standards and increasingly complex international privacy laws.


For one, Universal Analytics, the web-based legacy analytics product, is on the way out, and will be shuttered entirely by July 2023, the company announced. All analytics customers will transition to Google Analytics 4 (GA4), which accommodates both web and app data collection and comes with built-in privacy features, not to mention a bevy of integrations across the Google portfolio, with metrics and features tied to YouTube, Search and the Google Cloud Platform.


TikTok Can Circumvent Apple and Google Privacy Protections and Access Full User Data, 2 Studies Say

TikTok can circumvent security protections on Apple and Google app stores and uses device tracking that gives TikTok’s Beijing-based parent company ByteDance full access to user data, according to the summaries of two major studies obtained by TheWrap that appear to confirm longstanding concerns raised by privacy experts about the popular video-sharing app.


The studies, conducted by “white hat” cybersecurity experts that hack for the public good, were completed in November 2020 and January 2021. TheWrap verified the studies and confirmed their conclusions with five independent experts. When asked by TheWrap, reps for TikTok — whose parent company ByteDance has had ties to the Chinese government — declined to confirm or deny the validity of the research.


UK plans to abolish DPOs – and much more

The UK government is well on its way to reform the UK data protection landscape. Its 150-page consultation that closed in November 2021 proposes ideas that would reduce burdens on business, but at the same time dilute the accountability principle.


The government’s aim, to reduce barriers to innovation, has been welcomed by many businesses but other stakeholders also recognise how the proposed regime would reduce the protection afforded to individuals. Some of the proposals are cosmetic, but others, if adopted, would change the UK data