On September 20, 2022, the U.S. Securities and Exchange Commission announced that Morgan Stanley Smith Barney agreed to pay a $35 million fine for the firm’s alleged failure to adequately protect the personal information of approximately 15 million customers.
Continue Reading SEC Fines Morgan Stanley $35 Million for Alleged Failure to Protect Customer Data

On September 5, 2022, the Irish Data Protection Commissioner imposed a €405,000,000 fine on Instagram for violations of the EU General Data Protection Regulation’s rules on the processing of children’s personal data.
Continue Reading Irish Data Protection Commissioner Fines Instagram for Children’s Privacy Violations

On May 25, 2022, Twitter reached a proposed $150 million settlement with the Department of Justice and the Federal Trade Commission to resolve allegations that the company deceptively used nonpublic user contact information obtained for account security purposes to serve targeted ads to users.
Continue Reading Twitter to Pay $150 Million to Settle Allegations of Data Misuse

The Federal Trade Commission has reached a settlement with WW International, Inc. and Kurbo, Inc. over allegations the companies improperly registered children for the “Kurbo by WW” online weight loss management program. In pleadings filed on February 16, 2022, in federal court in the Northern District of California, the FTC claims WW and Kurbo offered

On February 2, 2022, the Litigation Chamber of the Belgian Data Protection Authority imposed a 250,000 Euro fine against the Interactive Advertising Bureau Europe for several alleged infringements of the GDPR, following an investigation into IAB Europe’s Transparency and Consent Framework.
Continue Reading Belgian DPA Finds IAB Europe Transparency and Consent Framework in Violation of the GDPR

The Austrian data protection authority recently published a decision finding that the use of Google Analytics cookies violates both Chapter V of the GDPR, which establishes the rules on international data transfers, and the Schrems II judgment of the Court of Justice of the European Union.
Continue Reading Austrian DPA Finds Data Transfers Resulting from Analytics Cookie Use to Be in Violation of GDPR Data Transfer Requirements