Dec 032020
 December 3, 2020  Posted by  Breaches, Business, Featured News

Scott Ikeda reports:

South Korea’s information protection regulator has fined Facebook the equivalent of $6.1 million for privacy violations, concluding an investigation that began in 2018. The regulator says that Facebook shared the personal information of 3.3 million residents of the country with third parties without collecting proper user consent and in violation of laws protecting personal information, with the breach window running from May 2012 to June 2018.


The agencies determined that Facebook shared names, addresses, dates of birth, work experience, hometowns and relationship statuses of South Koreans without collecting user consent; the information was shared automatically while users were logged into their accounts. The PIPC believes that this information may have been shared with as many as 10,000 companies without user consent or knowledge.

Read more on CPO Magazine.

Dec 032020
 December 3, 2020  Posted by  Business, Healthcare, U.S.

David Lazarus writes:

For months, Amazon has been signaling that it planned to open an Amazon-branded online pharmacy to compete with the likes of CVS, Walgreens and Rite Aid. This week, it did.

For many consumers, this represents greater convenience and the possibility of paying less for prescription drugs.

It also means what little privacy you have left is rapidly disintegrating.

Read more of David’s thoughts on Los Angeles Times.  I will respond to one thing he wrote here:

I choose not to live in fear. My initial take is that Amazon has earned my trust, so it’s not unthinkable I’ll now share my medical information with the company.

But if you’re wrong, David, there will be no unringing that bell…… how might sensitive medical and pharmacy information wind up in the wild  being misused and there’s no way to claw it back?  It’s a chance you may be willing to take. It’s not one I would be willing to take.

Dec 032020
 December 3, 2020  Posted by  Non-U.S.

Dan Cooper, Lisa Peets, Mark Young, Marty Hansen, Sam Jungyun Choi and Marianna Drake of Covington & Burling write:

On 25 November 2020, the European Commission published a proposal for a Regulation on European Data Governance (“Data Governance Act”).  The proposed Act aims to facilitate data sharing across the EU and between sectors, and is one of the deliverables included in the European Strategy for Data, adopted in February 2020.  (See our previous blog here for a summary of the Commission’s European Strategy for Data.)  The press release accompanying the proposed Act states that more specific proposals on European data spaces are expected to follow in 2021, and will be complemented by a Data Act to foster business-to-business and business-to-government data sharing.

Read more on InsidePrivacy.