The Federal Trade Commission (FTC) announced today that it has issued an order requiring Marriott International, Inc. and Starwood Hotels & Resorts Worldwide LLC, a subsidiary of Marriott, to implement more robust data security programs.
Starting January 1, 2025, doing business in California gets a little pricier—at least for those caught slipping on privacy compliance. The California Privacy Protection Agency (CPPA) has announced higher fines and updated thresholds under the California Consumer Privacy Act (CCPA). These changes, tied to inflation and the Consumer Price Index (CPI), mark a biannual adjustment aimed at keeping penalties relevant and impactful in an evolving regulatory landscape.
In a recent decision by the French data protection authority (CNIL), KASPR, a company known for its data scraping practices, has been fined €240,000 for violating the General Data Protection Regulation (GDPR). The fine comes after KASPR’s controversial method of collecting personal contact details from LinkedIn users, even those who had specifically chosen to limit their visibility.
Meta Platforms Ireland Limited (MPIL) is ending the year with a hefty €251 million fine from the Irish Data Protection Commission (DPC). The penalty stems from a 2018 data breach that laid bare the personal information of 29 million Facebook users worldwide—3 million of them in the EU/EEA.
ParkMobile recently reached a $32.8 million settlement over a data breach that affected 21 million users. This breach, which happened back in 2021, is a reminder of how much more needs to be done to protect our personal data, even with widely used platforms. For anyone working in IT security or risk management, this case raises some serious red flags about how we’re securing sensitive information.
France’s telecommunications giant, Orange, is facing a €50 million fine for embedding advertisements within users’ email inboxes—a move deemed a serious violation of privacy rights by the French Data Protection Authority (CNIL). The ruling, issued on November 14, 2024, underscores the growing intolerance for digital marketing practices that bypass user consent.
The European Union is stepping up its cybersecurity game. At the initiative of the Hungarian presidency, the Council of the European Union has approved a set of conclusions aimed at bolstering the role of ENISA, the EU’s cybersecurity agency. These recommendations come as the bloc faces an increasingly complex cyber threat landscape and amid ongoing discussions to revise the Cybersecurity Act (CSA).