Ireland’s Data Protection Commission (DPC) announced a TikTok fine of about $368 million today based on how the popular social platform processes data of younger users. DPC announced in 2021 that it was investigating TikTok’s compliance with the European Union’s General Data Protection Regulation (GDPR) privacy and security laws. The investigation identified specific problems with TikTok’s default account settings, the Family Pairing settings, and its age verification process (although the age verification model did not violate GDPR, the probe found that TikTok did not sufficiently protect the privacy of children under 13 who were able to create an account). Continue reading Ireland Fines TikTok $368 Million for Mishandling of User Data

In its first major ruling against social media giant Facebook, Irish authorities fined the company’s WhatsApp messaging service almost $270 million (225 million euros) under the General Data Protection Regulation (GDPR). Those authorities stated that WhatsApp was not transparent about how data collected by those using the app is shared with other Facebook properties, including Instagram. WhatsApp said it would appeal the decision. Since established three years ago, the GDPR has not resulted in any major fines or penalties for Facebook until now. Continue reading Ireland Slaps Facebook’s WhatsApp Service with GDPR Fine

Ireland’s High Court dismissed Facebook’s procedural efforts to block a draft decision of the country’s Data Protection Commission to suspend its data flow between the European Union and the United States. The European Union decision was intended to protect the privacy of European users, whose data was being sent to U.S. computer servers, and Facebook contended that the Data Protection Commission, which issued its preliminary decision in August, gave it too little time to respond. The court originally stayed the decision in September. Continue reading Facebook Is Rebuffed in Bid to Block Irish High Court Ruling

Ireland’s Data Protection Commission fined Twitter €450,000 (about $546,000) for failing to notify the regulator or document a data breach within 72 hours. The breach, revealed in January 2019, exposed some Android users’ private tweets for over four years. Twitter chief privacy officer Damien Kieran said the company takes responsibility … and remains “fully committed to protecting the privacy and data of [its] customers.” This is the first time a U.S. tech company has been served with a GDPR fine in a cross-border case. Continue reading Ireland Fines Twitter for Privacy Breach in a First for U.S. Tech

Facebook has upped the ante in its showdown with European regulators, stating that an unfavorable decision by Ireland’s Data Protection Commission (DPC) would leave the company no choice but to leave the region. Facebook Ireland’s head of data protection/associate general counsel Yvonne Cunnane is referring to the DPC’s preliminary order to stop the transfer of its European users’ data to servers in the U.S., citing fears of government surveillance. In response, Facebook filed a lawsuit challenging DPC’s ban. Continue reading Facebook Pushes Back Against Regulators on Data Transfer