By Robert Bateman

An Austrian court has ruled that Facebook can process its users’ personal information without consent, owing to clauses in its terms of service.

Plaintiff Max Schrems, cofounder of Austrian nonprofit None of Your Business: European Center for Digital Rights (NOYB), argued that Facebook’s use of tracking cookies was unlawful without user consent and alleged that Facebook had not met the standard of consent required under GDPR.

Under the EU’s General Data Protection Regulation (GDPR), data controllers like Facebook only may process personal information on one of six “legal bases,” including “consent” and “contract.”

Facebook countered that it had relied on a contract with its users and that it needed tracking cookies to meet its obligations under that contract, including providing a personalized social media platform and raising revenue to finance its business model. 

By Christopher Adams

Two cybersecurity firms reportedly have proven that software in Chinese-made drones compromise the privacy and security of drone operators.

A study last year by Synacktiv, a French information-technology security company, reached the initial conclusion on the Beijing drones, made by DJI — and its results later were validated by Grimm, a cybersecurity-infrastructure consultant based in Washington.

The Synacktiv analysis found that the software used to control the DJI drones possessed secret features, captured data from user devices and contained a forced-update feature that would allow the Beijing company to gain full control of a user’s smartphone.

The federal government basically has stopped using DJI drones out of national-security concerns — and a total ban on Chinese-manufactured drones and their software by the Trump White House seemed a possibility during the final weeks of the administration.

Meeting Planners See Information Bounty in Virtual Events From COVID

By Joanne Cleaver 

As a professional event planner and association manager, Annette Suriani is especially aware of privacy controls and exposure during online events. 

As executive director of the Association of Meeting Professionals (AMP) in Fairfax, Va., the group she manages is wrestling with these issues daily, on behalf of their clients and employers.

Like the rest of the conference-going world, AMP members are getting a grip on what privacy toggles suddenly are important as they navigate the previously unfamiliar world of online event-hosting and facilitating.

One thing’s for sure, though: Like the real world, the business of conferences requires data about participants from the moment they register to long after they leave.

By Robert Bateman

Tech giants Oracle and Salesforce are facing class-action lawsuits in the U.K. and the Netherlands over allegations that they are “misusing the personal data” of millions of people.

The legal claims relate to how the companies contribute to “real-time bidding” (RTB), a controversial advertising practice that involves the auctioning of personal data collected via web cookies and other tracking technologies.

The U.K. suit, led by privacy advocate Rebecca Rumbul, is seeking damages of approximately $13 billion, which would amount to about $650 for every U.K. internet user.

The parallel Netherlands case, led by the nonprofit Privacy Collective, is seeking approximately $19.5 billion.

By Robert Bateman

France’s data-protection authority has hit Google and Amazon with fines totaling $163 million over the tech giants’ use of tracking cookies online.

Google’s $121 million fine and Amazon’s fine of $42 million were imposed Dec. 7 by France’s Commission Nationale de l’Informatique et des Libertés (CNIL).

CNIL enforces privacy laws, such as the EU General Data Protection Regulation (GDPR), France’s Data Protection Act and the ePrivacy Directive, which sets the rules on cookies use across the EU.

According to Dec. 10 statements on CNIL’s website, Google and Amazon’s websites placed cookies on user devices without proper notice and without requesting consent.

By Jason Collins

Anyone who uses Instagram or Facebook knows that moment when you realize that something you were talking about has popped up as an advertisement on your feed.

Whether you find this expedient or creepy, you now have realized that your cellphone is listening to you.

While most of the blame for breach of privacy is laid on Apple, Microsoft and other big tech companies, a major player is being overlooked: Telecom giants are directly connected to personal information, since not only do they now provide phone access, but also mobile data and WiFi as well.

By Jackson Chen

With the calls for the creation of a comprehensive privacy law in the U.S., politicians from both sides of the aisle have proposed solutions.

In March, Sen. Jerry Moran, R-Kan., introduced the Consumer Data Privacy and Security Act, which aimed to create a federal standard for data-privacy protection.

It also sought to give consumers control over their data and restrict how businesses collect peoples’ data.

Moran’s bill also would give the Federal Trade Commission enforcement authority for these protections while offering the agency more resources.

The proposal is awaiting a hearing by the Senate Commerce Committee.

In the summer, Democratic Sen. Sherrod Brown, Ohio, put forth his take on a comprehensive privacy bill.