The USA passed an executive order to tackle big tech firms hoarding user’s personal data. On the other end of the globe, China is tightening its privacy laws, which is bad news for the likes of Facebook, Google, and Twitter. Looks like July was hard for big techs. 

We also witnessed one of the biggest data leak stories of recent times — the Pegasus Project. Read about this and more in our Privacy Roundup. We will be back with the top stories next month!


US crackdown on Big Tech

Joe Biden signed an executive order targeting anti-competitive practices in Big Tech, labour markets and other sectors. The order takes specific aim at Big Tech firms and notes that large tech firms collect too much personal data and compete unfairly with small businesses. 

It recommends greater scrutiny of mergers in the tech sector and new rules of data collection to be set out by the Federal Trade Commission (FTC). The order which includes 72 actions and recommendations is intended to “promoting competition in the American economy”. 

Read more about it in this White House fact sheet.


Amazon may face the biggest GDPR fines

Luxembourg data protection watchdog (the CNPD) proposed a fine of more than $425 million against Amazon Inc. that could yield the biggest-yet penalty under the GDPR. The draft decision submitted by the regulator is linked to Amazon’s collection and use of personal data. The business giant falls under the CNPD as Amazon’s European headquarters in Luxembourg. 

Amazon is already facing problems in the EU, as the European Commission has filed an antitrust complaint against it in November of last year. It’s also under investigation for GDPR lapses by German Data Protection Authority. 

Read more about it here.


Spyware Pegasus raises global concern

Military-grade spyware Pegasus was used to hack the smartphones of high-profile individuals around the world, as per a joint investigation by Amnesty International, Forbidden Stories and 17 media outlets. The list of phones hacked including three presidents, 10 prime ministers, and a king, 189 journalists, and 85 human rights activists.

Pegasus spyware, developed by the Israeli firm NSO, can collect information from a phone, record video using a phone’s camera, collect messages, passwords, contacts, photos, location data and take screenshots – all without the owner’s knowledge.

Read more about this developing story and how the world reacted to the shocking revelations here.


Google updates its Privacy Sandbox timeline

Google updated the planned schedule for its introduction of the Privacy Sandbox browser and the phasing out of third-party cookies to 2023. Google had initially planned to kill third-party cookies by 2022, which had created much furore among advertisers, publishers and ad tech vendors.

The upcoming Sandbox includes Floc (Federated Learning of Cohorts) and Fledge (First Locally-Executed Decision over Groups Experiment), which will be “ready for adoption” in Q3 2022, as per Google. The sandbox also has critics in other browser engines and competition authorities who are monitoring the situation to ensure that Google isn’t abusing its dominant position.

Find out the updated timeline here


TikTok gets €750,000 fine for English privacy notice

Dutch data protection authority, Autoriteit Persoonsgegevens (AP) fined €750,000 for violating the privacy of young children in the Netherlands. AP noted that TikTok only had an English-language privacy notice and “failed to provide an adequate explanation of how the app collects, processes and uses personal data” ​​for children in the Dutch language.

TikTok has around 3.5 million users in the Netherlands, many of them children. The AP has shared the findings of its investigation with Ireland’s Data Protection Commission (DPC), the lead data protection authority for TikTok whose European headquarters is in Dublin. 

Read about the fine in detail here


The UK may scrap GDPR rules

The UK’s version of the GDPR, Data Protection Act (DPA) 2018, may see many changes following the recommendations made by a special task force commissioned by the prime minister

The findings called for removing the provision regarding automated decision making, claiming that it hampers “much-needed progress” in the development of the artificial intelligence (AI) industry. The report noted that the level of compliance obligations favour tech giants and that consent mechanisms are ineffective, citing the example of cookie banners.

It recommends ditching the UK GDPR’s Article 22 and Article 5 as the provisions “makes it burdensome, costly and impractical” for businesses to use AI systems to automate routine processes.

Read the task force report here


Apple and DuckDuckGo launches email privacy features

Apple announced key privacy-focused updates that will be included in the new iOS 15 and macOS Monterey. This includes a ‘Mail Privacy Protection’ tab within the Mail app where users can restrict their personal data with email senders and restrict access to their IP addresses and location data. 

Apple will also release the ‘Hide My Email’ feature in iCloud, Safari and the Apple Mail app. It will enable the use of single-use, randomly generated email addresses that will be visible to the sender instead of the real personal email. Read the Apple press release here.

DuckDuckGo is also launching a new Email Protection feature in beta that will protect email privacy by giving users a unique email address that forwards messages to their real inbox. This feature will remove hidden trackers from incoming messages and forwards them to the user’s inbox. The service is currently invite-only.

Read about the DuckDuckGo release here. 


ICO published its annual tracking research

ICO published their annual research report that is commissioned to measure changes in public perceptions on data protection, privacy and to understand why these changes occur. In the survey of over 2,000 individuals, 77% of people say protecting their personal information is important to them. 42% of individuals agreed that current laws and regulations sufficiently protect personal information. 

The research also finds 29% of the surveyed have low trust and confidence in companies using their personal information. The most cited reasons for this are that companies sell personal information to third parties, data hacking, and misuse.

You can read the full report here


China plans to toughens its privacy laws

China recently passed the long-awaited Data Security Law (DSL) — a comprehensive regulatory system to address the protection and processing of different types of data with an increased focus on national security.

The privacy watchdog Cyberspace Administration of China (CAC) has proposed draft rules calling for all data-rich tech companies with over one million users to undergo security reviews before listing overseas. Tech giants like Facebook, Google, and Twitter operating from Hong Kong may have to cease their APAC operations in the territory. 

Read about the Asia Internet Coalition’s response to China’s new privacy laws here.


WhatsApp faces fresh scrutiny over privacy update

The European Consumer Organisation (BEUC) and eight of its members filed a complaint against WhatsApp for “unfairly pressuring users to accept its new policies”. The complaint notes that WhatsApp’s updated privacy policy notification is ‘persistent’ and ‘intrusive’, and displayed at a frequency that puts undue pressure on users, limiting their freedom of choice. The complaint also pointed out the lack of clarity in and that its failure to use concise, simple language to explain the new terms and change of privacy policy. 

The privacy policy update came into effect on May 15 after being delayed for three months due to public backlash and a ban in Germany that stopped Facebook from processing WhatsApp user data.

More about the complaint here.