Clearview AI’s GDPR fines rise to $110M total after latest penalty by Dutch DPA
Clearview AI was fined 30.5 million euro (U.S. $33.8 million) by the Dutch Data Protection Authority and ordered to stop collecting images of Dutch citizens in the latest enforcement action against the U.S. company.
Dutch DPA fines Uber $324M over transferring driver data to U.S.
The Dutch Data Protection Authority fined Uber 290 million euros (U.S. $323.7 million) for illegally transferring data on European drivers to American servers and failing to appropriately safeguard the transfers.
How are you keeping up? The adoption of AI in compliance
Artificial intelligence is rapidly transforming the business landscape, and this is especially true for anyone working in compliance. But while AI offers immense potential to streamline processes, enhance decision-making, and mitigate risks, it also introduces a new set of challenges that compliance professionals must navigate.
FTC tries to close COPPA loophole with amicus brief against IXL Learning
The Federal Trade Commission is fighting against an online educational platform’s interpretation of the Children’s Online Privacy Protection Act, arguing that COPPA can’t force parents into arbitration.
Spanish DPA dings retailer Uniqlo $294K over GDPR violations
Spain’s data protection authority fined retailer Uniqlo Europe 270,000 euros (U.S. $294,000) over admitted violations of the European Union’s General Data Protection Regulation.
ICO proposes $7.8M fine against NHS contractor in warning to IT providers
The U.K. Information Commissioner’s Office proposed a 6.1 million pound (U.S. $7.8 million) fine against Advanced Computer Software Group, an IT contractor for the National Health Service that allegedly failed to secure the data of 83,000 people after a cyberattack.
DOJ lawsuit alleges TikTok ignored order to enhance COPPA compliance
TikTok is in hot water with the Department of Justice and Federal Trade Commission over widespread failures to comply with a 2019 consent order to enhance compliance with children’s privacy laws.
LexisNexis survey: Compliance costs soared for U.K. banks in 2023
Nearly all but a tiny minority of financial institutions saw their costs of financial crime compliance rise in 2023, a survey by LexisNexis and Oxford Economics found.
Many dating apps a matchmaker for cybercriminals, study finds
Location-based dating apps are not doing enough to protect user privacy, with exact location and other personal data being exploited by stalkers and bad actors, a recent analysis found.
DORA set to enhance cyber resilience requirements for EU financial firms
The European Union’s Digital Operational Resilience Act, which is set to take effect next year, will require financial services firms to implement stronger measures to protect not only themselves from disruption caused by cyberattacks but also the sector as a whole.
SFO staffing shortages improve under new leadership
Staffing shortages that have plagued the U.K. Serious Fraud Office are trending in the right direction since its new director took charge, with the anti-bribery agency forging ahead with initiatives to ensure its future sustainability.
Meta reaches $1.4B settlement over Texas biometric data privacy lawsuit
Meta agreed to pay $1.4 billion to the state of Texas to settle allegations regarding the unauthorized capture and use of personal biometric data of state residents.
What’s on tap for CPPA from its deputy director of enforcement
Michael Macko, deputy director of enforcement at the California Privacy Protection Agency, described priorities for the agency now and in the near future during a recent board meeting.
CPE Webcast: Proactive AI compliance: 4 essential steps to minimize exposure
As artificial intelligence (AI) continues to advance rapidly and organizations expand their usage to optimize efficiency and productivity, implementing internal AI policies to ensure regulatory compliance and minimize exposure remains a hot topic.
FTC wants answers from Mastercard, JPMorgan, others on use of AI to collect data
Eight large companies, including Mastercard and JPMorgan Chase, have been ordered by the Federal Trade Commission to provide detailed reports about their possibly secret use of artificial intelligence to track customers and use the information to set prices.
Lithuanian DPA orders Vinted to pay $2.6M over GDPR violations
The data protection authority of Lithuania levied a fine of 2.4 million euros (U.S. $2.6 million) against Vinted UAB, an online clothing trading and exchange platform, for alleged violations of the European Union’s General Data Protection Regulation.
European Commission informs X it may be in breach of Digital Services Act
The European Commission informed X, formerly Twitter, that it may be the first company found to be in violation of the European Union’s Digital Services Act in areas “linked to dark patterns, advertising transparency, and data access for researchers.”
FCC orders Sorenson unit to pay $34.6M over illegal data retention
Sorenson Communications agreed to pay $34.6 million and implement a comprehensive compliance program to settle allegations levied by the Federal Communications Commission that its subsidiary illegally retained call content of users who relied on captions to make and receive calls.
FTC proposes $5M penalty for NGL Labs, founders over COPPA violations
The Federal Trade Commission ordered anonymous messaging app creator NGL Labs and its two founders to pay $5 million for unfairly marketed to children and falsely claiming artificial intelligence filtered out bullying messages and threats.
How fintechs can overcome major compliance hurdles in embedded finance
Margaret Holmes Tibbets, chief compliance officer at financial technology company Pipe, explains how firms are facing an existential compliance crisis, and to survive they’ll need to overcome not one but two hurdles.
SpongeBob game developer ordered to pay $500K over CCPA, COPPA violations
Popular children’s mobile game developer Tilting Point Media agreed to pay $500,000 to settle allegations the company illegally collected children’s personal data, a violation under the California Consumer Privacy Act and a federal children’s privacy law.
Clearview AI agrees to pay stake in company to settle Illinois privacy lawsuit
Facial recognition company Clearview AI reached a preliminary settlement in a class action lawsuit alleging it violated the Illinois Biometric Privacy Act, with the company agreeing to compensate victims with stake in the company.
Citi report: GenAI revolution will bring increased need for compliance
A new report on the use of artificial intelligence in financial services predicts that the technology will drive profits, disruptions, and change over the next decade.
OCC emphasizes compliance’s role in FI’s operational resiliency
Compliance departments at financial institutions must become more involved in ensuring their firm’s operational resiliency to address emerging risks, the Treasury Department’s Office of the Comptroller of the Currency said in its semi-annual risk perspective.
SEC orders R.R. Donnelley to pay $2.1M over cyber-related control violations
A business communications and marketing services company agreed to pay more than $2 million to settle charges levied by the Securities and Exchange Commission over cybersecurity-related control violations.
DOJ orders consultants to pay $11.3M total for cyber rule violations
Guidehouse and Nan McKay and Associates will pay a total of $11.3 million to the Department of Justice (DOJ) to settle allegations that cybersecurity failures led to the theft of client personal information during the height of the COVID-19 pandemic.
Top-of-mind takeaways from TPRM Summit
Top-of-mind issues addressed at Compliance Week’s Third-Party Risk Management & Oversight Summit, held June 3-4 in Atlanta, included safe deployment of artificial intelligence, assessing vendor viability and sustainability, understanding the role of procurement in risk ranking, the intersection (or lack thereof) between data privacy and cybersecurity, and many others.
Vermont governor vetoes privacy bill, legislature plans override vote
Vermont Republican Gov. Phil Scott vetoed a data privacy bill approved by the state’s Democrat-led legislature, which plans an override vote this week.
Cerebral set to pay $7M over alleged patient data sharing
The Department of Justice and Federal Trade Commission proposed telehealth company Cerebral pay a total of $7 million for its alleged sharing of patient data and deceptive business practices in violation of the FTC Act.
Texas touts team ‘among the largest in the country’ to enforce privacy laws
The state of Texas forecasted “aggressive enforcement” of its upcoming data privacy law with the announcement of a dedicated team to oversee its implementation.
Big Tech data for finance: Will FCA plans set trend?
Plans in the United Kingdom to share Big Tech data with financial services firms could prompt other industry regulators to follow suit or result in “unintended consequences” that see Meta, Google, and others growing market share.
Gina Nese stays ahead of the curve as CCO of the Year
Gina Nese, head of compliance and privacy at Align Technology, jumps at the chance to share new ideas and ways to innovate, including regarding emerging technologies like AI. Her work earned her recognition as CCO of the Year at the 2024 Excellence in Compliance Awards.
California privacy reg seeking more input on new rules
Businesses will receive additional time to weigh in on proposed regulations by the California Privacy Protection Agency regarding risk assessments, cybersecurity audits, automated decision-making, and data broker registration before they’re potentially finalized later this year.
Survey: Compliance digital transformation hampered by data access, AI concerns
Few compliance teams describe their access to company data as “robust,” according to a new survey conducted by Compliance Week and NAVEX, while apprehension toward the adoption of artificial intelligence remains a hurdle for the profession to clear.
Experts: APRA chances unlikely, more state privacy laws certain
The “American Privacy Rights Act” has steep hills to climb if it’s ever going to become law, but that’s no reason for businesses to delay their privacy tune-ups.
Insight Global to pay $2.7M over lax security on contact tracing data
Atlanta-based staffing agency Insight Global agreed to pay $2.7 million to settle alleged False Claims Act violations for failing to provide adequate cybersecurity on Covid-19 contract tracing data.
What’s the problem for GDPR repeat offenders?
The General Data Protection Regulation has been in force for nearly six years. Some industries—and some companies—have been more prone to fall foul of the rules than others.
Survey Report: The digital transformation of compliance
A new survey conducted by Compliance Week and NAVEX on compliance team access to data and the use of artificial intelligence (AI) to analyze it found many compliance professionals lack full and transparent access to their firm’s data.
Q&A: Zoom privacy chief on communications compliance product
Zoom Chief Privacy Officer Lynn Haaland discusses with Compliance Week the market forces that led the company to offer Zoom Compliance Manager, which helps firms handle off-channel communications issues on the platform.
FCC finalizes $196M in fines against telecoms for sharing location data
The Federal Communications Commission fined telecommunications giants T-Mobile, Sprint, AT&T, and Verizon a total of approximately $196 million for allegedly selling customers’ location data to third parties without consent.
TikTok scrutiny mounts across globe amid EU, U.S. crackdowns
TikTok is suspending new features amid an inquiry by the European Commission into its compliance with the Digital Services Act, all while responding to a U.S. ban just signed into law.
Czech DPA fines Avast $15M over GDPR violations
The Czech Republic’s data protection authority issued a fine of 351 million Czech koruna (U.S. $15 million) against antivirus software vendor Avast for alleged violations of the General Data Protection Regulation.
EDPB decision sparks ‘consent or pay’ debate for Big Tech firms
Big Tech firms might need to rethink their plans to charge users for not selling their personal data for behavioral advertising following a decision by Europe’s primary data regulator.
U.S. senator calls for Temu ban over forced labor, privacy concerns
Sen. Tom Cotton (R-Ark.) is calling on the Biden administration to investigate and ban Chinese e-commerce company Temu over forced labor and data privacy violation concerns.
Focused on consumer privacy? Don’t forget employees’ rights
The implications of a privacy rights case involving a U.K.-based Uber Eats driver underscore a popular belief that companies prioritize protecting the personal information of their customers over the data rights of their employees.
Key lawmakers put forward bipartisan American Privacy Rights Act
A bipartisan consumer privacy bill released by Sen. Maria Cantwell (D-Wash.) and Rep. Cathy McMorris Rodgers (R-Wash.) would provide the broad, comprehensive protections businesses and Americans have called for, according to the lawmakers.
CPPA warns of collecting too much data in first enforcement advisory
The California Privacy Protection Agency warned businesses to stop asking for excessive information from consumers who have requested to opt out of having their data collected or who are otherwise exercising their privacy rights under the California Consumer Privacy Act.
On-Demand: Mastering mobility risks for accelerated growth
Discover how cutting-edge mobile technologies are transforming the business landscape. A strong mobility strategy, paired with a top-tier compliance platform, is essential for scaling in today’s fast-paced environment.
New leadership no easy fix for Irish DPC’s GDPR woes
The Irish Data Protection Commission has a new leadership structure, but it is uncertain whether the changes can get the key privacy regulator caught up on enforcement of the General Data Protection Regulation.
ICO primed for enforcement increase behind new fining guidance?
The Information Commissioner’s Office updated its data protection fining guidance to provide companies with greater transparency and clarity about how and why it would issue penalties for a breach of the U.K. General Data Protection Regulation or Data Protection Act 2018.