DatawalletDatawallet

Data Digest № 031

Data Digest ¦ October 20th, 2020, 10:00 pm

Welcome to Datawallet’s Data Digest, where we review and occasionally analyze the latest news and the most critical developments in the data industry. Here’s a look at the latest developments:

The U.S. Justice Department will file an antitrust case against Google 

On October 20th, the U.S. Justice Department plans to file an antitrust lawsuit against Google. This will be the largest antitrust action that Google has ever faced and the largest antitrust action taken against a tech company in over 20 years. Prior to this lawsuit, the biggest antitrust case that involved a tech giant was the 1998 case against Microsoft

Last year, the Justice Department and Federal Trade Commission opened antitrust investigations into the practices of Google, Facebook, Amazon and Apple. The House Committee hearings conducted in July 2020 pointed out the similarities between the antitrust practices of the big four tech companies. In the upcoming lawsuit, the Justice Department will allege that Google has maintained supremacy in the online search market through stifling competition and will focus specifically on Google’s search-focused advertising. The company has been accused of depriving other search engines of user data and preferences needed to successfully advertise to users.

The European Union has been more aggressive in holding Google accountable to antitrust practices, having sued the company three times in the past few years over such claims. In 2017, Google was fined by the E.U. for $2.7 billion. The E.U. found that Google blocked rivals from appearing at the top of search results and had given its own shopping services priority over competitors. At the time, Competition Commissioner Margrethe Vestager said that “Google has given its own comparison shopping service an illegal advantage by abusing its dominance in general Internet search. It has promoted its own service, and demoted rival services. It has harmed competition and consumers. That’s illegal under EU antitrust rules.” 

Eleven states have joined in on the U.S. government’s complaint. The lawsuit will likely face multiple years of litigation and could potentially result in a massive restructuring of how Google and other tech companies conduct business. 

The U.S. Justice Department will file an antitrust case against Google 

British Airways is fined by the UK for 2018 datahack 

British Airways has been fined £20 million (about $25 million) for a data breach that affected 400,000 customers in 2018. The company was found to have processed customer data without proper security measures in place. The incident occured when a hacker gained access to the airline’s network using a user’s compromised credentials who had remote access to the network. The hacker was able to then break out from the remote system and gain access into the wider British Airways network. The information compromised in the hack included customer’s names, addresses and credit card numbers. It took an entire two months for the British Airways to detect the data hack. 

The Information Commissioner Office’s (ICO) original notice of intent stated that British Airways would face a £183 million fine. Although the £20 million fine is a significant decrease from that original notice, it is still the largest fine to date that the ICO has imposed under the GDPR

British Airways is fined by the UK for 2018 datahack 

The European Union has probed Instagram’s handling of childrens’ data

In an action led by Ireland’s Data Protection Commission, Facebook’s European data regulator has opened up another two probes into how Instagram processes kids’ data. In a detailed investigation published last year by data scientist David Stier, Instagram was accused of leaking the contact information of minors. The information became accessible to the public when children elected to turn their profiles into business accounts in the app settings. Facebook spoke out in defense of these claims and noted that user’s contact information is always displayed when they choose to convert their profile into a business account.

Although Instagram now allows for users to opt out of having their contact information displayed when they convert to business accounts, the issue has still sparked a conversation on how the company protects the information of minors. Article 8 of the GDPR provides that children under 13 cannot consent to the process of their data. If Facebook is found to have violated the GDPR, it could face up to 4% of its global turnover in fines. 

The European Union has probed Instagram’s handling of childrens’ data 

Global Privacy Control browser signal allows users to easily communicate privacy preferences 

Global Privacy Control (GPC) is an effort to enforce user privacy rights online, allowing users to opt-out of the sale of their data in one single step. GPC is designed to work within the framework of the CCPA and allows users to send out “Do Not Sell” signals to websites that they visit. Users who have GPC enabled can communicate their privacy preferences and request that their information is not sold or shared with third parties. Compatible browsers and extensions will be able to send signals to participating websites and communicate user privacy preferences. 

GPC has garnered the support of some large organizations including the New York Times, the Washington Post and Automattic. Attorney General Xavier Becerra of California spoke out in support of GPC in a series of tweets on October 7th. The GPC signal is currently available for use. Go to the official website and download one of the participating browsers or extensions to communicate your privacy preferences to participating websites. 

Global Privacy Control browser signal allows users to easily communicate privacy preferences 

Final ruling on Twitter’s handling of 2019 data breach won’t be resolved before the end of the year

Helen Dixon, the Head of Ireland’s Data Protection Commission, said that European privacy regulators are unlikely to issue a final ruling on Twitter’s 2019 data breach before the end of the year. The breach involved private tweets being made public. Under the GDPR, Twitter faces fines of up to 2% of its global revenue last year (or about roughly $69 million) for failing to disclose its data breach within 72 hours. Article 33 of the GDPR holds companies to a timely notification of a data breach incident. The ruling of this case will become a landmark decision for global tech companies. 

Final ruling on Twitter’s handling of 2019 data breach won’t be resolved before the end of the year 

Get the Data Digest in your inbox