Daily Digest (12/18)

38 States Sue Google for Antitrust; Google Wins EU Antitrust Approval for $2.1B Fitbit Deal; EDPB Adopts Statement on GDPR Amid Brexit; US Cybersecurity Officials Warn of ‘Grave Threat’ After Cyberattack. 

38 States Sue Google on Antitrust Allegations

Thirty-eight 38 states Thursday filed an antitrust lawsuit against Google, alleging that it maintained monopoly power over the internet-search market through anticompetitive contracts and conduct. 

The suit, filed in U.S. District Court in Washington, was the third government antitrust action against Google, following a Wednesday complaint from other states that focused on Google’s digital advertising empire and an Oct. 20 Justice Department action also targeting its search business, The Wall Street Journal reports.  

“As the gateway to the internet, Google has systematically degraded the ability of other companies to access consumers,” the complaint read.

The complaint also focused on Google’s efforts to use exclusionary agreements to dominate newer technologies, Reuters reports.  

Thursday’s action added charges not covered in detail in the other two lawsuits, but all the lawsuits could proceed separately or join into a single case. 

Google could not immediately be reached for comment, the Journal reports. It has said that it operates in competitive markets and that its products benefit consumers. 

Sources (all links external): 

Google Wins EU Antitrust Approval For $2.1B Fitbit Deal 

Google secured EU antitrust approval on Thursday for its $2.1 billion bid for Fitbit, after an agreement that limited how it could use customer health data. 

The European Commission said it had agreed to concessions with Google, valid for 10 years with the possibility of another 10-year extension, Reuters reports.

The EU’s competition commissioner, Margrethe Vestager, said she cleared the deal because Google’s commitments would “ensure that the market for wearables and the nascent digital-health space will remain open and competitive,” The Associated Press reports.

Google promised to store Fitbit user data separately from regular Google information and would not use Fitbit and other wearable devices for Google Ads. Users also could decide whether to store their health data in their Google or Fitbit account. 

The company would maintain access to users’ health and fitness data to software applications through Fitbit Web API software, without charging for access or being subject to user consent. 

“We believe this deal will spur innovation in wearable devices and enable us to build products that help people lead healthier lives,” Google said, according to Reuters.  

EDPB Adopts Statement on GDPR Amid Brexit 

The European Data Protection Board has adopted a statement on the end of the Brexit transition period, noting that on Jan. 1, the U.K. would no longer apply the GDPR to the processing of personal data. 

The U.K.would instead adopt a separate legal framework regarding data protection and privacy, the board said Tuesday.  

When the Brexit deadline passes on Dec. 31, the EDPB noted that data transfers from the European Economic Area to the U.K. “will constitute a transfer of personal data to a third country” under the EU General Data Protection Regulation, the International Association of Privacy Professionals reports. 

If the European Commission and the U.K. failed to reach an agreement on adequacy, “such transfer will require appropriate safeguards as well as enforceable data subject rights and effective legal remedies for data subjects, in accordance with Article 46 GDPR,” read the statement. 

US Cybersecurity Officials Warn of ‘Grave Threat’ After Cyberattack 

Federal authorities expressed alarm Thursday about an intrusion into U.S. and other computer systems around the globe that officials suspect was carried out by Russian hackers.  

The Cybersecurity and Infrastructure Security Agency said that the intrusion had compromised federal agencies, as well as “critical infrastructure” in a sophisticated attack that was hard to detect and would be difficult to undo, The Associated Press reports.  

CISA did not say which agencies or infrastructure had been breached or the information taken in an attack that it previously said had appeared to have begun in March.  

The cybersecurity agency previously said the perpetrators had used network management software from Texas-based SolarWinds to infiltrate computer networks, but its new alert said the attackers might have used other methods as well. 

Another U.S. official, speaking Thursday on condition of anonymity, said the hack was severe and extremely damaging, AP reports.  

“This is looking like it’s the worst hacking case in the history of America,” the official said. “They got into everything.” 

— By DPN Staff