CPRA is finally here! Get up to speed on the latest developments in the Meta privacy saga and the “Think Privacy First” campaign for this year’s Data Privacy Day, among other important stories you may have missed.


California Privacy Rights Act takes effect

The California Privacy Rights Act (CPRA) has gone into effect starting January 1, 2023. It aims to make changes and additions to the existing California Consumer Privacy Act (CCPA). However, it won’t be fully enforced until July 1, 2023, and any violations that occurred before this date won’t receive penalties. Read more


Virginia's CDPA takes effect on same day as CPRA

Virginia’s Consumer Data Protection Act (CDPA) also went into effect on the same day as CPRA. The CDPA applies to for-profit individuals and entities that conduct business in the Commonwealth or target Virginia residents with their products or services. Read more


International Data Privacy Day observed with theme 'Think Privacy First’

International Data Privacy Day (January 28) was marked with the theme “Think Privacy First,” highlighting the significance of data privacy in the era of rapid digital growth. The objective was to raise awareness about personal responsibility for privacy and to create a culture of privacy across society. By prioritizing privacy, individuals and businesses can foster trust and promote the adoption of best practices. Read more


Whatsapp fined (again) for GDPR violation

WhatsApp has been fined €5.5 million by the EU for violating the General Data Protection Regulation (GDPR) by not providing adequate transparency in its data processing disclosures to users. The fine is separate from a previous €225 million fine imposed by the Irish Data Protection Commission in 2021 for data protection breaches. The amount of the current fine takes into account the impact of the previous penalty, which included terms that address the current violation. Read more


Irish DPC issues final verdict on Meta

The Irish Data Protection Commission (DPC) has reached a final verdict on two investigations into Meta’s data collection activities on Facebook and Instagram. The company was found to have used invalid methods for obtaining user consent for personalized advertising and was fined a total of 390 million euros. This outcome could result in substantial changes to Meta’s personalized advertising approach in the EU. The investigations were initiated due to a complaint filed by the privacy rights organization NOYB on May 25, 2018, the day the EU General Data Protection Regulation (GDPR) became effective. The DPC has given Meta a three-month timeframe to align its data processing practices with the GDPR. Read more


MI5 found guilty of privacy violations in secret surveillance case

The Investigatory Powers Tribunal recently ruled on a case brought by human rights organizations Liberty and Privacy International, which centered around the issue of MI5 not following proper privacy safeguards while collecting and handling individuals’ private data through secret surveillance. The Tribunal found that MI5 made very serious mistakes in complying with privacy rules and that previous Home Secretaries failed to take action. MI5 also admitted to storing public data improperly and not informing the Home Office or oversight bodies. The ruling highlights the importance of organizations and government agencies respecting citizens’ privacy rights and following proper procedures when collecting and storing their data. This decision was welcomed by Liberty and Privacy International, who argued that MI5’s actions were a violation of key legal safeguards. Read more


KFC, Taco Bell, and Pizza Hut parent company reports ransomware attack

On January 18, 2023, Yum! Brands, Inc., the parent company of KFC, Taco Bell and Pizza Hut, reported a ransomware attack that impacted some of their information technology systems. The company quickly responded by taking certain systems offline, enhancing monitoring technology and launching an investigation with the help of industry experts and federal law enforcement. Less than 300 UK restaurants were temporarily closed, but all stores resumed operations soon after. The company worked to restore the affected systems and the impact was expected to be minimal on their business, operations, and financial results. At the time, there was no evidence of customer databases being stolen. The company was confident in the measures taken to resolve the issue and limit any adverse effects. Read more


Small businesses see 17% increase in privacy spending, according to study

According to a recent study by technology company Cisco, privacy spending in 2022 actually increased, despite a challenging economic environment. The study, which was based on responses from over 4,700 security professionals from 26 countries, found that the largest growth occurred at smaller organizations with 50-249 employees, where spending increased by 17% to $2 million from $1.7 million. Read more


TikTok fined €5 millions by France for improper use of cookies

TikTok was fined 5 million euros by France for its handling of cookies. The French data protection watchdog CNIL conducted an investigation and found that users of the tiktok.com website were not informed enough about the use of cookies and it was easier for them to accept online trackers than to refuse them. TikTok has since taken steps to address these issues. It’s important to note that the fine only concerned the website, not its mobile application. Read more


Apple celebrates Data Privacy Day with educational resources

To celebrate Data Privacy Day (January 28), Apple released educational resources to help its customers understand how to manage their data. This includes four videos titled “A Day in the Life of an Average Person’s Data” that highlight the privacy features of the iPhone, such as Mail Privacy Protection, Intelligent Tracking Prevention, App Tracking Transparency, and Wallet and Apple Pay. Apple also launched a new 30-minute training session called “Taking Charge of Your Privacy on iPhone” that provides customers with an overview of privacy features on iOS devices, including Mail Privacy Protection, Safety Checks, Location Services, and passkeys. These resources aim to help customers use their Apple products with confidence, knowing their privacy is protected. Read more