In this privacy roundup, we cover key updates: Australia’s social media ban for minors, Meta’s revised EU ad-free plans, Spain’s cookie consent fine, the UK’s new draft data bill, and more.
SEAT fined €12,000 by Spain for cookie violation
The Spanish Data Protection Authority (AEPD) has imposed a €12,000 fine on car manufacturer, SEAT SA for placing non-technical cookies without user consent on their website, in violation of the Law on Information Society Services and Electronic Commerce (LSSI). The investigation found that certain cookies were automatically placed at the start of a user’s session without prior consent and remained active even after users had withdrawn their consent. Read more
Australia bans social media for children under 16
Australia has become the first country to ban social media platforms for children under 16, passing landmark legislation to protect young people’s mental health. The bill, approved by the Senate on November 28, aims to reduce the risks of excessive online access. The ban, effective in at least 12 months, could result in fines of up to AUD 50 million for non-compliant tech companies. Read more
Meta announces updates to EU ad-free subscription models in EU
Meta is adjusting its ad-free subscription model in Europe, after regulatory scrutiny. The company plans to reduce the price of its ad-free subscription by 40% to better align with regulators. The updated plan includes a low-cost, ad-free option and a free version with less personalized ads, based on user consent. In November 2023, Meta launched a €9.99/month ad-free subscription for EU users to comply with new EU rules on targeted ads. Read more
CPPA Board adopts new data broker regulations
The California Privacy Protection Agency has adopted new regulations for Data broker registration, updating the California Consumer Privacy Act. The regulations introduce new business requirements, including cybersecurity audits and risk assessments, and strengthen user rights to access data and opt out of automated decision-making technologies. Read more
Google updates Customer Match rules on privacy
Google has tightened privacy rules for its Customer Match feature, requiring advertisers to document user consent before using email addresses. Targeting minors and users who opt out is now prohibited. The updated Customer Match policy will take effect on January 13, 2025. Non-compliance may result in account suspension and penalties on campaign performance. Read more
Meta faces $840 million EU fine over antitrust violations
The European Commission has fined Meta more than $840 million following a three-year investigation into alleged antitrust violations. Regulators found Meta abused its market dominance by linking its Facebook Marketplace service to its social networking platform, Facebook. The company also reportedly leveraged data from other advertisers on Facebook and Instagram to gain an unfair advantage for Facebook Marketplace. Read more
EDPB releases first EU-US privacy framework report
The European Data Protection Board (EDPB) has issued its first report on the EU-US Data Privacy Framework, acknowledging significant steps by US authorities and the European Commission to implement the framework. The report also emphasizes the need for better guidance and stricter monitoring to enhance safeguards and ensure seamless data transfers while upholding privacy standards. Read more
UK drafts new data bill to boost innovation
In October, the UK introduced the Data (Use and Access) Bill, revising earlier proposals from its predecessor, the Data Protection and Digital Information (DPDI) Bill. The new bill shifts focus from reducing compliance burdens to leveraging data for economic growth and improving public services. The government aims to enable smarter data use while safeguarding privacy. Read more
Meta fined $15 million in South Korea over Facebook’s violations
South Korea’s privacy watchdog has imposed a 21 billion won fine (approximately $15 million USD) on Meta following an investigation into its practices on Facebook. Authorities found the company unlawfully gathered sensitive user data, including political affiliations, religious beliefs, and sexual orientation. The case highlights the ongoing challenges of managing data responsibly, despite the clear pathways available to ensure compliance. Read more
EC flags Bluesky for non-compliance with regulations
The European Commission has called out Bluesky, a fast-growing social media platform with 22 million users, for violating EU regulations. Officials noted that the platform lacks required legal notices on its website. Bluesky has seen explosive growth recently, gaining up to 1 million users in a single day last week. Read more