data breach

FCC and TracFone Settle $16 Million Fine Over Data Breaches

The Federal Communications Commission (FCC) has announced a settlement with TracFone Wireless Inc., resolving investigations into three significant data breaches. The breaches, occurring between January 2021 and January 2023, exposed customers’ personal information due to vulnerabilities in application programming interfaces (APIs). The settlement includes a $16 million penalty and mandates comprehensive security measures, such as improved API security, SIM change and port-out protections, and regular security assessments.

FCC and TracFone Settle $16 Million Fine Over Data Breaches Read More »

FTC Bans Avast from Selling Web Data and Fines $16.5 Million

FTC Bans Avast from Selling Web Data and Fines $16.5 Million

The Federal Trade Commission (FTC) has finalized an order against Avast Limited, banning the company from selling or licensing web browsing data for advertising. This decision follows allegations that Avast, through its subsidiary Jumpshot, sold consumer browsing data without proper notice or consent, despite claims of protecting privacy. Avast is required to pay $16.5 million, which will go towards consumer redress. The FTC also mandates Avast to delete collected data, notify affected consumers, and implement a comprehensive privacy program.

FTC Bans Avast from Selling Web Data and Fines $16.5 Million Read More »

The Court of Justice of the European Union ruled in merged cases C-182/22 and C-189/22 Scalable Capital, addressing compensation for non-material damage under GDPR Article 82(1) due to theft of personal data. The court clarified that compensation to individuals is purely compensatory, not punitive, and the severity of GDPR infringements by controllers is irrelevant for compensation purposes. The court emphasized that data breaches causing non-material damage are significant and may warrant minimal compensation even if not serious, provided they fully address the harm suffered.

CJEU Ruling on Compensation for Data Breach [C-182/22 and C-189/22 Scalable Capital]

The Court of Justice of the European Union ruled in merged cases C-182/22 and C-189/22 Scalable Capital, addressing compensation for non-material damage under GDPR Article 82(1) due to theft of personal data. The court clarified that compensation to individuals is purely compensatory, not punitive, and the severity of GDPR infringements by controllers is irrelevant for compensation purposes. The court emphasized that data breaches causing non-material damage are significant and may warrant minimal compensation even if not serious, provided they fully address the harm suffered.

CJEU Ruling on Compensation for Data Breach [C-182/22 and C-189/22 Scalable Capital] Read More »

Scroll to Top