enforcement

Italian Competition Authority Initiates Investigation into Google for Unfair Practices

Competition, EU law, Google, Italy |

The Italian Competition Authority has initiated an investigation against Google and its parent company Alphabet for potential misleading and aggressive commercial practices regarding user consent. The Authority alleges that Google’s consent requests for linking services lack adequate, complete, and clear information, potentially influencing users’ decisions on data usage. These practices might condition consumers’ freedom of choice, leading them to consent to data combination and cross-use across multiple services without full understanding.

Italian Competition Authority Initiates Investigation into Google for Unfair Practices Read More »

Nigeria’s FCCPC Fines Meta and WhatsApp USD 220M for Privacy Violations

Enforcement, Meta, Nigeria |

On 18 July 2024, the Federal Competition and Consumer Protection Commission (FCCPC) of Nigeria has imposed a $220 million fine on Meta Platforms Inc. and WhatsApp LLC for breaching data privacy laws. The breaches include enforcing an updated privacy policy that violated Nigerian consumer rights, coercing users into accepting terms without proper consent, and sharing user data with third parties. Additionally, Meta was found to have discriminated against Nigerian users compared to European users by offering fewer protections. The fine must be paid within 60 days, along with a $35,000 reimbursement for the investigation costs.

Nigeria’s FCCPC Fines Meta and WhatsApp USD 220M for Privacy Violations Read More »

EU Commission Sends Preliminary Findings to X for DSA Violations

DSA, Enforcement, EU law, X |

The EU Commission has notified X of its preliminary findings regarding breaches of the Digital Services Act (DSA), focusing on dark patterns, advertising transparency, and data access for researchers. X’s practices around “verified accounts” mislead users, its ad repository lacks transparency, and it restricts researcher access to public data. These findings result from an in-depth investigation involving internal documents and expert interviews. If confirmed, X could face fines up to 6% of its global annual turnover and enhanced supervision to ensure compliance.

EU Commission Sends Preliminary Findings to X for DSA Violations Read More »

FTC Bans Avast from Selling Web Data and Fines $16.5 Million

FTC Bans Avast from Selling Web Data and Fines $16.5 Million

data breach, Enforcement, FTC, United States |

The Federal Trade Commission (FTC) has finalized an order against Avast Limited, banning the company from selling or licensing web browsing data for advertising. This decision follows allegations that Avast, through its subsidiary Jumpshot, sold consumer browsing data without proper notice or consent, despite claims of protecting privacy. Avast is required to pay $16.5 million, which will go towards consumer redress. The FTC also mandates Avast to delete collected data, notify affected consumers, and implement a comprehensive privacy program.

FTC Bans Avast from Selling Web Data and Fines $16.5 Million Read More »

On 18 June 2024, the Norwegian Data Protection Board ruled that the Norwegian Data Protection Authority (DPA) cannot impose daily fines on Meta for not complying with a ban on behavioral marketing on Facebook and Instagram. This decision challenges the DPA's authority under Norwegian law, which allows daily fines. The Board determined that such fines could only apply to Norwegian companies, not international ones. The ban on behavioral advertising remains, but the ruling raises concerns about enforcement disparities between domestic and international businesses.

The Norwegian Data Protection Authority cannot impose daily fines in cross-border cases

Enforcement, EU law, Facebook, GDPR, Meta, Norway |

The European Data Protection Board published its final Guidelines on Article 37 of the Law Enforcement Directive (LED). These guidelines establish standards for appropriate safeguards in data transfers by competent authorities, focusing on legally binding instruments with third countries. Key points include selecting transfer mechanisms, evaluating transfer risks to data subjects, and maintaining enhanced accountability. The guidelines emphasize legal certainty and the necessity of ensuring equivalent data protection levels when personal data is transferred outside the EU.

The Norwegian Data Protection Authority cannot impose daily fines in cross-border cases Read More »

Scroll to Top