INCLUDED IN THIS EDITION OF DATA & PRIVACY NEWS: Google reveal planned changes to Ad Tech policy, ICO issues political campaigning guidance and more...


Google reveal planned changes to Ad Tech Policy

Google have announced an overhaul of their Ad Tech policy, revealing plans to remove third-party cookies from Chrome browsers, meaning that adverts will no longer be able to be targeted on users' browsing history.

The changes, which will have come into effect by next year, will make tracking across multiple websites unfeasible, with Google also confirming that it will not replace third-party cookies with similar cross-site tracking technology. The tech giant are instead proposing plans to group together web users with similar interests, while keeping their unique identities private.

The updated policy, which will not apply to mobile apps, will still enable Google to track users through data collected from services including Search, Maps and YouTube.

ICO fines companies for spam texting during the Coronavirus pandemic

The Information Commissioner’s Office (ICO) have fined two companies a combined £330,000 for the bulk sending of nuisance text messages during the Covid-19 pandemic.

West Sussex-based Leads Works Ltd were given a £250,000 fine and issued with an enforcement notice ordering it to stop sending unlawful direct marketing messages after the company sent more than 2.6 million nuisance text messages to customers without their valid consent between 16 May 2020 and 26 June 2020. The messages resulted in over 10,000 complaints to the ICO.

Valca Vehicle Ltd, a Manchester based company specialising in lead generation for financial products, were also fined £80,000 by the ICO after they were found to have sent more than 95,000 text messages from June to July 2020 without the recipients’ permission. The messages, which were aimed at individuals whose finances have been adversely affected by the pandemic, were described by the ICO Head of Investigations as "trying to take advantage of people who may be financially vulnerable due to the health crisis".

ICO issues political campaigning guidance

The ICO have published guidance on the use of personal data in political campaigning. The guidance highlights the importance of processing personal data in compliance with data protection law during political campaigning and provides clarity and practical advice on compliance with the UK General Data Protection Regulation, the Data Protection Act 2018 and the Privacy and Electronic Communications Regulations 2003. 

The new guidance reflects the rapid acceleration in the use of digital political advertising over the past five years, and the current limitations on traditional door-to-door canvassing due to the Coronavirus pandemic.

Virginia passes new Data Protection Law

Virginia governor Ralph Northam has signed the Virginia Consumer Data Protection Act (CDPA) into law for those conducting business in the Commonwealth of Virginia. The CDPA, which comes into effect on 1 January 2023, mirrors some, but not all, of the provisions of the EU's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

The CDPA categorises personal data as "any information that is linked or reasonably linkable to an identified or identifiable natural person" and applies the regulation to any entity that controls/processes either the personal data of 100,000+ residents per year or 25,000+ if over 50% of their gross revenue is derived from the sale of personal data.

Under the new laws, residents will have the right to view and obtain the personal data held by a covered entity in order to correct errors or delete it, as well as opt out of processing of personal data for targeted advertising purposes.

Facebook issued with fine over facial recognition lawsuit

Facebook has been ordered to pay $650m to users in Illinois who joined a class-action lawsuit filed against the company in April 2015. The lawsuit, which encompasses almost 1.6 million Illinois users, accused Facebook of using their biometric data without first obtaining their consent.

The settlement alleged that the social media company has violated Illinois' Biometric Information Privacy Act by using facial-recognition technology to scan photos uploaded by users and by digitally storing data regarding individuals' faces without users' permission. The complete settlement class included approximately 6.9 million Facebook users whose face templates were created and stored by the social media company after 7 June 2011.

Information Commissioner calls for post-pandemic decommissioning of Test and Trace systems

The Information Commissioner, Elizabeth Denham, has called for the Government's Test and Trace system to be decommissioned once the Coronavirus pandemic is over.

Speaking as part of a wider address to an Oxford Internet Institute webinar, Ms Denham stated that while people reasonably expected data to be used during the coronavirus crisis, the "plug will need to be pulled" on anything “sticky” when normality returns. The Information Commissioner went on to state that any new way of using data that contributes to “societal good”, will have to be managed in a way the public understands.

Ms Denham also addressed the issue of potential vaccine passports, noting that privacy must be considered “right at the beginning” if the Government opts to take up this option.

Key Contacts

Ross McKenzie

Ross McKenzie

Partner, Commercial Services
Aberdeen, UK

View profile
Helena Brown

Helena Brown

Partner, Head of Data
Edinburgh, UK

View profile
Dr. Nathalie Moreno

Dr. Nathalie Moreno

Partner, Commercial Services and Data Protection
London

View profile