Latvia's Data State Inspectorate issued guidance on how the EU General Data Protection Regulation applies when personal data is processed from group communications on social media. Private groups do not fall under the GDPR if membership and data access is limited, but groups with unlimited access need to meet stricter standards, the agency said.Full story
France's data protection authority, the Commission nationale de l'informatique et des libertés, issued a 50 million euro fine to telecommunications firm Orange for alleged violations of the French Post and Electronic Communications Code and French Data Protection Act. The CNIL found Orange would send users of its email service advertisements to their inbox that populated alongside regular emails without their consent.Full story
Join the IAPP 12 Dec. for a LinkedIn Live exploring high-level cybersecurity policies in the EU and U.S.
Meta announced plans to restrict advertisers' access to certain categories of user data on its platforms, Marketing Brew reports. The plans, as spelled out in an update to Meta's advertising policy, will limit advertisers' access to data by topic, which will include health and wellness, financial services, and politics.
The Hill reports U.S. Sens. Richard Blumenthal, D-Conn., and Marsha Blackburn, R-Tenn., introduced an amended version of the Kids Online Safety and Privacy Act aimed at getting U.S. House consideration before the end of the year. Lawmakers amended Kids Online Safety Act provisions in the bill with input from the social platform X while the Children and Teens' Online Privacy Protection Act remains in the omnibus.
The European Data Protection Supervisor is reviewing whether the European Commission fulfilled its obligations to stop data transfer flows related to its use of Microsoft 365. The Commission was ordered to stop the transfers after the EDPS ruled its use of the product resulted in unauthorized disclosures of personal data; its decision is being contested in court.Full story
The Financial Times reports European Commission Executive Vice-President for Tech Sovereignty, Security and Democracy Henna Virkkunen will not target any specific tech company accused of violating EU regulations. "This is not personal," Virkkunen said.
Argentina's Agency of Access to Public Information released two guides on how to protect children in digital environments. One is aimed at giving adults tools and advice to work with adolescents on issues such as data protection and privacy. The other guide addresses the same topics with children directly.Full story
The New York attorney general's office reached an agreement with HealthAlliance to resolve a complaint related to a cyberattack the provider sustained in 2023. HealthAlliance allegedly did not patch a vulnerability in its cybersecurity system after being made aware of an issue, allowing the attack to steal patient records. The agreement includes a USD550,000 penalty.Full story
The California Privacy Protection Agency Board will honor outgoing executive director Ashkan Soltani at its 19 Dec. public meeting. The agenda also includes discussing upcoming legislative priorities and updates on the agency's intergovernmental work.Full story