On September 1, 2021, the FTC banned the operator of a stalkerware app company and its CEO from offering, promoting, selling or advertising any surveillance app, service or business, alleging that the app allowed purchasers to illegally surveil other individuals by monitoring their device activity without their knowledge.
Continue Reading FTC Bans Stalkerware App Company from the Surveillance Business and Orders Company to Delete Any Illegally Collected Information

On September 2, 2021, Ireland’s Data Protection Commission announced a fine of €225 million ($266 million) against WhatsApp Ireland Ltd for failure to meet the transparency requirements of Articles 12-14 of the EU General Data Protection Regulation.
Continue Reading Irish Commissioner Fines WhatsApp €225 Million For GDPR Violations

On August 30, 2021, the U.S. Securities and Exchange Commission announced it had settled three administrative cases involving a total of eight registered broker-dealers and investment advisers for failures in their cybersecurity policies and procedures.
Continue Reading SEC Charges Investment Advisers and Broker-Dealers with Deficient Cybersecurity Procedures

The U.S. Securities and Exchange Commission recently announced that Pearson plc agreed to pay a $1 million civil penalty in a settlement related to charges that Pearson misled investors about a 2018 data breach resulting in the theft of millions of student records, including birth dates and email addresses.
Continue Reading SEC Sanctions Public Company for Misleading Disclosures About Data Breach

On August 25, 2021, New Mexico Attorney General Hector Balderas sued Rovio Entertainment, the developer of the popular Angry Birds mobile app games, alleging that the Company violated the federal Children’s Online Privacy Protection Act by knowingly collecting data from players under age 13 and sharing it with advertisers.
Continue Reading New Mexico Attorney General Files COPPA Suit Against Game Developer

On August 9, 2021, the UK First-Tier Tribunal (General Regulatory Chamber) (“FTT”) reduced a fine imposed by the UK Information Commissioner’s Office (“ICO”) against Doorstep Dispensaree Ltd (“DDL”) from £275,000 to £92,000, a reduction of approximately two thirds. DDL, which supplies medicines to customers and care homes, was fined in December 2019 for failure to comply with the EU General Data Protection Regulation (“GDPR”). The ICO also issued an Enforcement Notice, requiring DDL to take certain actions to bring its processing into compliance.

Continue Reading UK First-Tier Tribunal Cuts ICO’s Doorstep Dispensaree Fine by Two Thirds

On August 2, 2021, the Italian Data Protection Authority announced that it had levied a €2,500,000 fine on Deliveroo Italy s.r.l. for the unlawful processing of personal data of approximately 8,000 Deliveroo riders and various infringements of the GDPR.
Continue Reading Italian Garante Fines Deliveroo 2.5M Euros for Unlawful Processing of Personal Data

On July 16, 2021, the Luxembourg data protection authority (Commission nationale pour la protection des donées, “CNPD”) imposed a record-breaking €746 million fine on Amazon Europe Core S.à.r.l. for alleged violations of the EU General Data Protection Regulation (“GDPR”). The CNPD also ordered Amazon to revise certain of its practices.
Continue Reading Luxembourg DPA Fines Amazon 746 Million Euros for GDPR Violations