Included in this edition of Data & Privacy News: Mock Data Breach and GDPR Investigation Event; Facebook fined £4 billion by Federal Trade Commission for privacy breaches; German data protection commissioner launches investigation into Google's voice recordings; and more...


Mock Data Breach and GDPR Investigation Event

Would your business be prepared for a data breach? 

Come along to our Mock Data Breach event at our Leeds office on Thursday 12th September or our London office on Thursday 24 October to hear from experts about the impact it could have on your business, and how to prepare yourself post GDPR.

Facebook fined £4 billion by Federal Trade Commission for privacy breaches

Facebook have been fined £4 billion by the US Federal Trade Commission (FTC) for violating consumers' privacy, the largest ever fine imposed on a company for this reason. 

As part of the settlement, the FTC has ordered Facebook to restructure the way it handles users privacy, including modifying their corporate structure to ensure executives are more accountable.

The settlement also provides new guidelines for how the company will be held accountable for future privacy violations and includes several provisions that limit the power of Mark Zuckerberg's decision-making. 

German data protection commissioner launches investigation into Google's voice recordings 

The German data protection commissioner has ordered Google to stop manual reviews of audio snippets generated via its voice Al for three months whilst it investigates revelations that contracted workers have been listening to voice recordings made through smart speakers.

Last month, Google admitted that it uses experts to review and transcribe some queries to improve its understanding of certain languages after Belgian journalists released information that staff were listening in on people who use its voice-activated Google Assistant product.  

Instagram bans marketing company tracking users' locations

Instagram has removed Hyp3r, a marketing company, from their platform after discovering it was capturing and saving location data attached to users' stories allowing it to track their real world movements. 

Information in user's stories on Instagram is intended to disappear within 24 hours.

According to Business Insider, Facebook (who own Instagram) sent a cease-and-desist letter to Hyp3r after the violation was uncovered by Business Insider. 

Facebook have confirmed that Hyp3r's activities were in violation of the policies it has put in place following worldwide criticism of its handling of Cambridge Analytica's illegal collection and use of personal data from Facebook's platforms.

Recent updates from the ICO 

Recent updates from the ICO include:

  • A consultation on a new framework code of practice for the use of data in political campaigning. As well as providing guidance, the framework code will become a statutory code of practice if the relevant legislation is introduced. The consultation closes on the 4 October 2019.
  • Good progress has been reported by Information Commissioner, Elizabeth Denham, on a code or practicec that will translate GDPR requirements into design standards for online services. A final version is due to be delivered to the Secretary of State before the statutory deadline of 23 November 2019. 
  • The ICO has joined other international data protection authorities in calling for more openness surrounding the proposed Libra digital currency and infrastructure.
  • The first firms to participate in the ICO's Sandbox programme have been chosen. A detailed plan for each sandbox participant will now be agreed before testing starts on the products and services which are expected to complete by September 2020. 

Key contacts

Ross McKenzie

Ross McKenzie

Partner, Commercial Services
Aberdeen, UK

View profile
Helena Brown

Helena Brown

Partner, Head of Data
Edinburgh, UK

View profile