Andreea Lisievici, Author at The PrivacyCraft Blog

R.R. Donnelley & Sons Co., a global business communications provider, agreed to a $2.125 million settlement with the US Securities and Exchange Commission for inadequate management of third-party cybersecurity controls. In late 2021, a ransomware attack exposed significant flaws in Donnelley's oversight of its security service provider, leading to data breaches and operational disruptions. The SEC highlighted the company's failure to properly supervise its managed security services provider, which compromised the integrity and confidentiality of sensitive client data.

R.R. Donnelley Settles SEC Charges Over Third-Party Cybersecurity Failures

SEC, settlement | June 30, 2024

R.R. Donnelley & Sons Co., a global business communications provider, agreed to a $2.125 million settlement with the US Securities and Exchange Commission for inadequate management of third-party cybersecurity controls. In late 2021, a ransomware attack exposed significant flaws in Donnelley’s oversight of its security service provider, leading to data breaches and operational disruptions. The SEC highlighted the company’s failure to properly supervise its managed security services provider, which compromised the integrity and confidentiality of sensitive client data.

R.R. Donnelley Settles SEC Charges Over Third-Party Cybersecurity Failures Read More »

The California Attorney General announced a $500,000 settlement with Tilting Point Media LLC. The company violated the California Consumer Privacy Act (CCPA) and the Children's Online Privacy Protection Act (COPPA) by collecting and sharing data from children without parental consent in the popular game "SpongeBob: Krusty Cook-Off." The settlement includes injunctive terms mandating compliance with privacy laws, ensuring parental consent, and proper configuration of third-party software in games.

California Settles with Tilting Point Media over kids game “SpongeBob: Krusty Cook-Off” Data Violations

California, settlement, United States | June 30, 2024

The California Attorney General announced a $500,000 settlement with Tilting Point Media LLC. The company violated the California Consumer Privacy Act (CCPA) and the Children’s Online Privacy Protection Act (COPPA) by collecting and sharing data from children without parental consent in the popular game “SpongeBob: Krusty Cook-Off.” The settlement includes injunctive terms mandating compliance with privacy laws, ensuring parental consent, and proper configuration of third-party software in games.

California Settles with Tilting Point Media over kids game “SpongeBob: Krusty Cook-Off” Data Violations Read More »

Avanza Bank fined 1.34M EUR in Sweden for misconfiguration of Meta pixel

Enforcement, EU law, GDPR, IMY, Meta, Sweden | June 25, 2024

Meta has paused the launch of its AI tools in Europe after a request from Ireland’s Data Protection Commission (DPC). This decision comes after the digital rights group Noyb filed complaints in 11 European countries, criticizing Meta’s vague AI plans and the opt-out requirement for users. Meta planned to use public posts from Facebook and Instagram to train AI models. The DPC’s decision, welcomed by other European authorities, followed intensive discussions with Meta. Meta expressed disappointment, noting it had incorporated regulatory feedback since March.

Avanza Bank fined 1.34M EUR in Sweden for misconfiguration of Meta pixel Read More »

The Privacy Explorer | Week 23 & 24

The Privacy Explorer | June 20, 2024

Welcome to the privacy news recap for week 23 and 24 of 2024! In this edition:
– CNIL Issues Recommendations on GDPR Compliance for AI Systems;
– Danish DPA Adds New Security-Focused Software Testing Measure to Catalogue;
– FRA publishes GDPR in practice – Experiences of data protection authorities,
… and more!

The Privacy Explorer | Week 23 & 24 Read More »

Meta Halts AI Rollout in Europe Following Irish DPC Request

AI, DPC, EU law, GDPR, Meta | June 19, 2024

Meta Halts AI Rollout in Europe Following Irish DPC Request Read More »