Daily Digest (4/23)

Ore. Man Accuses Landlord of Illegally Searching IRS Website for Stimulus Payment; Mo. Senator Wants CEOs to Be Personally Liable in Apple-Google App Venture; Calif. Woman Alleges Privacy Breach in Houseparty Lawsuit; EDPB Adopts Guidance on Health-Data Processing, Geolocation Issues Amid Pandemic. Click below to read more.

Ore. Man Accuses Landlord of Illegally Searching IRS Website for Stimulus Payment

A man in Forest Grove, Ore., said his property manager used an IRS website to track his and other tenants’ stimulus payments.

Austin Goodrich said the property manager used the “Get My Payment” website — which requires a Social Security number, birthdate and address — to see if he received his check, Business Insider reports.

The messages between Goodrich and the man he described as his property manager went viral after being shared by Joshua Browder, CEO of DoNotPay, which offers legal assistance through an app.

Goodrich said the landlord sent him a text on April 15, the day he received his payout, saying he was aware of the government payment.

IRS officials told Business Insider that unauthorized use of the tool “is prohibited and subject to criminal and civil penalties.”

Source: Business Insider, An Oregon man said his property manager illegally searched an IRS system to see if his tenants received stimulus checks (external link)

Mo. Senator Wants CEOs to Be Personally Liable in Apple-Google App Venture

Sen. Josh Hawley, R-Mo., wrote to Apple Inc. and Google over their planned COVID-19 tracing app, asking company executives if they’ll assume liability “if you stop protecting privacy.”

“Americans are right to be skeptical of this project,” Hawley said in his Tuesday letter to CEOs Tim Cook of Apple and Sundar Pichai of Google.

“Even if this project were to prove helpful for the current crisis, how can Americans be sure that you will not change the interface after the pandemic subsides?

“A project this unprecedented requires an unprecedented assurance on your part,” the first-term senator later said. “The last thing Americans want is to adopt, amid a global emergency, a tracking program that then becomes a permanent feature in our lives. 

“The public statements you make now can be enforced under federal and state consumer-protection laws,” Hawley warned. “Do not hide behind a corporate shield like so many privacy offenders have before.

“Stake your personal finances on the security of this project.”

Source: Hawley Senate Office (external link)

Calif. Woman Alleges Privacy Breach in Houseparty Lawsuit

A San Diego County woman has filed a class-action lawsuit alleging the Houseparty video-chat app violates the California Consumer Privacy Act.

In the action, filed Friday, Heather Sweeney claimed Houseparty shared her personal information with Facebook and other third parties without her consent, The Times of San Diego reports.

Sweeney’s suit also contended that Houseparty did not provide proper notification of such data-sharing in its privacy policy.

The lawsuit was brought against Houseparty’s creator, Life on Air Inc., as well as Epic Games, which bought the company in June 2019, according to the report.

According to the firm’s privacy policy: “We only use the personal information we collect to help provide, support and improve Houseparty as described in this policy, and we do not ‘sell’ this information to third parties, as that term is defined by applicable laws.”

In addition, California residents can ask the company what information it has collected and shared and can request deletion of that data without discrimination against the user, the policy states.

Source: Times of San Diego, SD County Woman Sues Video Chat App for Alleged Privacy Breach 

EDPB Adopts Guidance on Health-Data Processing, Geolocation Issues Amid Pandemic

The European Data Protection Board (EDPG) has released guidelines on health-data processing for research and for using geolocation and other tracking efforts to combat COVID-19.

The guidance for health-data processing addresses the legal basis for processing, cross-border data transfers, safeguards for data-subject rights and more.

With the geolocation and tracking directives, EDPB outlines the acceptable purposes for using location data or contact tracing while urging considerations for the effectiveness, necessity and proportionality principles.

“Currently, great research efforts are being made in the fight against COVID-19,” EDPB Chair Andrea Jelinek said in a Tuesday announcement. “Researchers hope to produce results as quickly as possible.

“The GDPR does not stand in the way of scientific research but enables the lawful processing of health data to support the purpose of finding a vaccine or treatment for COVID-19,” she said.

Source: European Data Protection Board – Twenty-third Plenary session: EDPB adopts further COVID-19 guidance | European Data (external link)

— By DPN Staff