Data privacy is changing, sometimes for the better, often for the worse. Join GetApp analyst Zach Capers as he gathers the most pertinent data privacy news from around the web.

FBI surveillance deemed illegal, California limits facial recognition, and more data privacy news.

FISA court reveals illegal FBI surveillance

The Foreign Intelligence Surveillance Court has found that thousands of FBI searches from 2017 and 2018 were conducted illegally and violated Americans’ privacy rights. An NSA database intended for monitoring foreign nationals was used improperly to search for information on Americans by FBI personnel and contractors. The court ruling was made in October 2018, but was just recently released to the public. [Read more]

Twitter admits to using account security information for advertising

Twitter recently disclosed that phone numbers and email accounts provided by users to secure their account were used for advertising purposes. Users provided the information as a secondary means of security for two-factor authentication. While Twitter claims the use of account security information for advertising was a mistake, the same practice has been employed by other social media giants such as Facebook. [Read more]

U.S., UK, and Australia want to stop Facebook’s encryption plans

U.S. Attorney General Bill Barr, along with officials from Australia and the UK, have sent an open letter requesting that Facebook stop its plans for end-to-end encryption across its messaging platforms. Authorities claim that end-to-end encryption prevents them from accessing information that might be needed in the course of an investigation. Privacy advocates counter that end-to-end encryption is necessary to secure online communications from bad actors and government overreach. [Read more]

California blocks facial recognition use with police body cameras

Governor Gavin Newsom recently signed AB125, a bill to ban the use of biometric identification on police body cameras. The bill was passed after Amazon’s Rekognition software misidentified 26 legislators as criminals. The technology is widely used in China and other countries but has not yet been employed in California. Similar legislation has been enacted in Oregon and New Hampshire. [Read more]

Week of Sept. 30, 2019


EU court weakens ‘right to be forgotten,’ FTC may soon weaken Children’s Online Privacy Protection Act, and more data privacy news.

Google wins dispute over EU’s Right to be Forgotten

A European Union court has ruled that Google’s responsibility for requests to remove links to outdated or embarrassing information includes only EU sites and does not extend to sites outside of Europe. That means if a user in France requests that data be removed from Google.fr, it may continue to exist on non-EU versions such as Google.com. Seemingly unaware of VPNs and basic search techniques, the court suggested that search engines should “seriously discourage” the use of non-EU pages to find information. [Read more]

Gatwick Airport embracing facial recognition for boarding

Gatwick will become the United Kingdom’s first airport to adopt facial recognition for boarding. Passengers will scan their passports, and then facial recognition will scan their face to confirm a match. Passengers can opt-out and have their passports checked by a human, but privacy advocates point out that the option is not sufficiently advertised. The technology has been the source of controversy in the United Kingdom. It has been used heavily by London police and was recently removed from the King’s Cross area after public outcry. [Read more]

FTC looking to relax children’s privacy protections

A Federal Trade Commission official recently commented that the Children’s Online Privacy Protection Act (COPPA) might be changed to allow for behaviorally targeted advertising. The official mentioned that the rules harm content creators and has suggested that it’s unfair to assume that all viewers of children’s content are actually children. The remarks come in the wake of Google’s $170 million fine for COPPA violations. [Read more]

Google reorganizing ad business and adding new head of privacy

Prabhakar Raghavan, Google’s advertising chief, has announced a major reorganization of the company’s ad business and is hiring a new head of privacy. The move suggests an increased emphasis on privacy for a business facing numerous anti-trust lawsuits and regulatory fines. The reorganization will also split the buy-side and sell-side of Google’s advertising division. [Read more]

Nevada privacy law takes effect first of October

A new law allowing Nevada residents to opt-out of online businesses selling their personal data goes into effect Oct. 1. The law, SB 220, applies to the sale of data, rather than the exchange of data, and defines personal information much more narrowly than the upcoming CCPA. Upon receiving a consumer request, companies must remove personal data within 60 days or face steep fines. [Read more]

Week of Sept. 23, 2019


Vast private surveillance network is probably tracking your vehicle, every single person in Ecuador needs credit monitoring, and more data privacy news.

Vast private surveillance network tracks millions of vehicles

The Digital Recognition Network (DRN) is a private surveillance system generated by countless vehicle repossession agents who indiscriminately scan and upload license plates and vehicle locations across the U.S. The system is used by the auto insurance industry and private investigators but there is concern that the network is too invasive and could violate privacy by documenting movement and routines over time. [Read more]

Facebook Portal recording audio and sharing it with contractors despite privacy promises

The 2018 press release for Facebook’s home video product, Portal, explicitly stated “Facebook doesn’t listen to, view, or keep the contents of your Portal video calls. Your Portal conversations stay between you and the people you’re calling.” Now it’s been revealed that the company has been recording Portal audio and sharing a portion of it with contractors. [Read more]

Data of all Ecuadorian citizens exposed in extensive breach

An International coalition of law enforcement agencies broke up business email compromise (BEC) scammers in nine different countries. Known internally as Operation reWired, the crackdown netted 281 suspects and recovered more than $118 million in bogus wire transfers. BEC schemes are highly targeted phishing plots that use social engineering to dupe high-level employees into revealing sensitive data or wiring large sums of money. [Read more]

Massive data breach exposes medical images and data of millions

More than 5 million Americans have had their X-ray, MRI, CT, and other medical images exposed in a massive health records breach. An investigation by Pro Publica has uncovered 187 servers around the country that are unprotected by basic security measures such as passwords. Most of the vulnerable data found involved independent radiologists and medical imaging centers rather than large hospitals or medical centers. [Read more]

Week of Sept. 17, 2019


The White House suggests monitoring devices of people with mental illness, Facebook faces another class action suit, and more data privacy news.

Google focus of massive antitrust probe focused on advertising practices

50 state attorneys general announced an antitrust investigation into Google’s advertising practices. Led by Texas Attorney General Ken Paxton, the probe will focus on Google’s “overarching control of online advertising markets” and “anticompetitive behavior.” The move comes after the E.U. fined Google more than $9 billion for antitrust violations since 2017. [Read more]

Federal judge gives go ahead for class action against Facebook

Facebook allowed third parties, including Cambridge Analytica, to access users’ information for profit. As a result, a federal judge has ordered the social media giant to face a nationwide class action lawsuit for privacy violations. Last month, another Facebook class action suit made privacy news when a federal appeals court ruled that the company must answer for its collection of biometric data. [Read more]

International crackdown on business email compromise (BEC)

An International coalition of law enforcement agencies broke up business email compromise (BEC) scammers in nine different countries. Known internally as Operation reWired, the crackdown netted 281 suspects and recovered more than $118 million in bogus wire transfers. BEC schemes are highly targeted phishing plots that use social engineering to dupe high-level employees into revealing sensitive data or wiring large sums of money. [Read more]

The White House wants to monitor devices of those with mental illness

The White House has proposed monitoring the phones and smartwatches of people who have a mental illness as a response to the unending rash of mass shootings. Experts have pointed out that the link between mental illness and violence is tenuous at best and that there’s no evidence that violent tendencies can be predicted via personal devices. [Read more]

Week of Sept. 9th, 2019


Big tech wants to water down the CCPA, U.S. authorities want to use fictitious social media accounts, and more data privacy news.

Firefox 69 launches with third-party cookies blocked by default

Mozilla has released the latest incarnation of their Firefox web browser with Enhanced Tracking Protection enabled by default. That means third-party cookies will be automatically disabled and that Firefox users will need to opt-in to being tracked across the internet. [Read more]

Ring formally announces cozy relationship with law enforcement

A few weeks ago, we covered news of Amazon’s agreements with police departments to swap 911 dispatch data for access to its Ring doorbell cameras. Now, Ring has officially announced the Neighbors Portal program which involves partnerships with more than 405 police departments around the country. Privacy advocates are concerned that Amazon is creating a profitable surveillance network for police. [Read more]

U.S. to monitor immigrants using phony social media accounts

The U.S. Department of Homeland Security recently reversed a ban on the use of fictional social media accounts. This means U.S. Citizenship and Immigration Services officers can begin using phony accounts to monitor foreigners seeking citizenship, visas, and green cards. Fictional accounts violate the terms of service for both Facebook and Twitter. Both companies have recently banned Chinese officials for creating phony accounts intended to influence the Hong Kong protests. [Read more]

Amazon wants customers to lend a hand for biometric food purchases

Amazon is reportedly testing hand scanners for purchases—because of course they are. The plan is to roll out biometric purchasing at Whole Foods stores in the coming months. The technology is the latest in the company’s expanding biometric portfolio which also includes its controversial facial recognition software, Rekognition. In light of the recent Suprema data breach that exposed more than 1 million fingerprint and facial recognition data sets, customers might consider taking five seconds to pull out a credit card in lieu of hand payments. [Read more]

Google fined $170 million for violation of children’s privacy act

Two weeks ago, we covered Google’s decision to end advertising targeted at children’s content on YouTube. It now appears the move was too little, too late. The FTC announced a $170 million fine against Google for violating the Children’s Online Privacy Protection Act (COPPA). [Read more]

Study to gauge Facebook’s impact on democracy falling apart

Participants in a study designed to measure Facebook’s impact on democracy are threatening to quit the program. Facebook launched the program several months ago with a promise to provide access to a wide array of data to be reviewed by independent scholars. However, funders of the study claim Facebook is restricting data access to only a portion of what was expected. [Read more]

Big tech working to weaken the California Consumer Privacy Act

Is the California Consumer Privacy Act trying to destroy the internet or is it trying to save it? For several months, a barrage of ads on social media sites have tried to convince the public of the former. It turns out that the group behind the ads, the Internet Association, is a lobbying organization for Facebook, Microsoft, Twitter, and Google. [Read more]

For the news archive, click here.

Share This

Share this post with your friends!