France’s telecommunications giant, Orange, is facing a €50 million fine for embedding advertisements within users’ email inboxes—a move deemed a serious violation of privacy rights by the French Data Protection Authority (CNIL). The ruling, issued on November 14, 2024, underscores the growing intolerance for digital marketing practices that bypass user consent.
The European Union is stepping up its cybersecurity game. At the initiative of the Hungarian presidency, the Council of the European Union has approved a set of conclusions aimed at bolstering the role of ENISA, the EU’s cybersecurity agency. These recommendations come as the bloc faces an increasingly complex cyber threat landscape and amid ongoing discussions to revise the Cybersecurity Act (CSA).
In an era where personal information flows through countless digital channels, the Consumer Financial Protection Bureau (CFPB) has proposed a sweeping rule to rein in the burgeoning data broker industry. This initiative seeks to impose stricter accountability under the Fair Credit Reporting Act (FCRA), ensuring that consumer data is shared only for legitimate purposes and safeguarding sensitive information like Social Security numbers and income data from misuse.
The European Data Protection Board (EDPB) has released new guidelines on data transfers to third-country authorities and approved the implementation of a European Data Protection Seal, marking significant steps in clarifying and strengthening data protection under the General Data Protection Regulation (GDPR).
In a bold move to protect consumer privacy, the Federal Trade Commission (FTC) has taken action against three data brokers—Gravy Analytics, Venntel, and Mobilewalla—for unlawfully tracking and selling sensitive consumer location data. The charges stem from allegations that these companies sold location information revealing visits to places like health clinics, places of worship, military installations, and labor union offices, without the consent of those affected.
The European Data Protection Board (EDPB) is calling for more coherence between the General Data Protection Regulation (GDPR) and the increasingly complex web of new digital legislation coming out of the EU. In a statement released after its December 2024 plenary session, the EDPB welcomed the European Commission’s second report on the GDPR’s application and emphasized the importance of aligning digital laws with the GDPR to maintain legal certainty.
New York Attorney General Letitia James and Department of Financial Services (DFS) Superintendent Adrienne Harris have secured $11.3 million in penalties from GEICO and Travelers Insurance. The auto insurers were found to have inadequate data protections, leading to breaches that exposed the personal information of over 120,000 New Yorkers, with some of that data later used to commit unemployment fraud during the COVID-19 pandemic.