Daily Digest (12/16)

Tech Giants Face 10% Fines Under Draft EU Rules; FTC Orders Social Media Companies to Share Data-Collection Practices; Irish Watchdog Fines Twitter $546,000; Calif. Hospital Notifies 67,000 Patients of Data Breach.  

Tech Giants Face 10% Fines Under Draft EU Rules 

Big Tech firms — including Amazon, Apple, Facebook and Google — could face fines of up to 10% of their annual revenues and could be forced to break up under draft European Union rules announced Tuesday. 

The rules, known as the Digital Markets Act, target so-called online gatekeepers defined as companies with more than $7.9 billion in the last three years, Reuters reports. 

The proposed law called for fines up to 10% of annual global revenues for companies that don’t comply with the new rules, as well as a break-up order as a last resort. Companies also would be required to report merger bids to regulators.

“It seems Europe is intent on punishing successful companies that have made deep investments in Europe’s economic growth and recovery,” Myron Brilliant, executive vice president of the U.S. Chamber of Commerce in Washington told Reuters.  

EU Internal Market Commissioner Thierry Breton dismissed suggestions that the rules could be discriminatory.

“Everybody is welcome in Europe,” he told a news conference. “Our responsibility is to give direction and rules to protect what is important to us.”

Sources (all links external):  

FTC Orders Social Media Companies to Share Data-Collection Practices  

The Federal Trade Commission on Monday ordered Facebook, Twitter, Amazon, Bytedance and five other social media companies to provide information on how they collect and use consumer personal data and how their practices affect children and teenagers. 

The agency plans to use the information — due in 45 days — for a comprehensive study, The Associated Press reports.  

The other five companies include Reddit, Snap, Discord, WhatsApp and YouTube. 

In the study, the FTC would evaluate: how social media and streaming services collect, use and track consumers’ personal and demographic information; how they decide which ads and other content are shown to consumers — along with whether they apply algorithms or data analytics to personal information, how they measure and promote user engagement and how their practices affect young people.

“Never before has there been an industry capable of surveilling and monetizing so much of our personal lives,” three of the five FTC commissioners said in a statement. The AP report did not identify the commissioners.

They said the study would “lift the hood on the social media and video-streaming firms to carefully study their engines,” AP reports.  

In response, Twitter said in a statement, “We’re working, as we always do, to ensure the FTC has the information it needs to understand how Twitter operates its services.” 

Irish Watchdog Fines Twitter $546,000  

Ireland’s Data Protection Commission said Tuesday that it was fining Twitter about $546,000, for failing to document or properly notify regulators within 72 hours of learning of a data breach in January 2019. 

“We take responsibility for this mistake and remain fully committed to protecting the privacy and data of our customers,” said Twitter Chief Privacy Officer Damien Kieran.  

It has taken nearly two years for Ireland’s data commission to arrive at a decision in the Twitter case, The Wall Street Journal reports.  

“We are coming to a turning point where the General Data Protection Regulation (GDPR) really needs to start delivering,” David Martin, senior legal officer at BEUC, an organization for European consumer-rights groups, told the newspaper. 

“The credibility of the whole system is at stake if enforcement doesn’t improve.” 

Calif. Hospital Notifies 67,000 Patients of Data Breach 

The Sonoma Valley Hospital in California has notified about 67,000 patients who were affected by an Oct. 11 ransomware attack that shut down its computer systems for several days.  

The hack was part of a nationwide attack on hospitals that month, The Sonoma Index-Tribune reports. The hospital paid no ransom and did not disclose what the attackers demanded. 

But such information as patient names, addresses, birth dates, insurance group numbers and secondary-payer information was believed to be accessed. 

The hospital sent letters to patients providing details on the breach, disclosing recommendations on medical identity theft protection and explained resources available to them to protect personal information.

“We deeply regret the incident and the concern it has caused to our patients,” CEO Kelly Mather told the Index-Tribune.

“The confidentiality of patient personal information is extremely important to us — and we have involved experts to activate a series of enhanced security measures to improve information security and prevent further ransomware or cybersecurity attacks.”

— By DPN Staff