As data privacy professionals, Meta holds a special place in our ecosystem. This week’s edition of Privacy Insider just so happens to feature not one, but two stories where the tech giant bumps up against data privacy regulations.
There’s a well-known acronym in the investment world: FAANG. It refers to Meta (formerly known as Facebook), Amazon, Apple, Netflix, and Alphabet (formerly known as Google). The acronym came about due to the massive valuations, market influence, and popularity of their respective stocks.
From a privacy perspective, most of these companies reached their respective dizzying valuations in part by collecting user data en masse. It’s no exaggeration to say that modern data privacy laws were spurred on by the data collection practices employed by businesses like the FAANG companies.
Meta has been a particularly egregious collector of user data. Companies of this size are going to inevitably clash with data protection authorities, but Meta seems to appear in the headlines more so than its peers. When the social media giant announced its ambitions with the metaverse, all of the news seemed to center on concerns around privacy.
Much remains to be seen as to whether the Metaverse will really take off. Meta’s reputation when it comes to data privacy certainly won’t help.
Best,
Arlo
Meta and US hospitals sued for using healthcare data to target ads
Plaintiffs filed a class action lawsuit in the Northern District of California against Meta, the UCSF Medical Center, and the Dignity Health Medical Foundation. The plaintiffs allege that the organizations collected sensitive healthcare data — without informing users or asking for consent — for use in targeted advertising. They became aware of the tracking when they began seeing Facebook advertisements explicitly tailored for their medical conditions.
Read more
Meta warns it may be forced to pull Facebook from the EU
Since the invalidation of the Privacy Shield in the 2020 Schrems II decision, international data transfers from the EU to the US have been on shaky legal ground. Meta has relied on standard contractual clauses (SCCs) to transfer data, but the Irish Data Protection Commission signaled that it may soon ban EU-US data transfers that rely on SCCs.
In a US regulatory filing, Meta warned, “If a new transatlantic data transfer framework is not adopted and we are unable to continue to rely on SCCs or rely upon other alternative means of data transfers from the EU to the US, we will likely be unable to offer a number of our most significant products and services, including Facebook and Instagram, in Europe.”
Read more
India withdraws personal data protection bill
The Indian government’s Personal Data Protection Bill has been withdrawn after drawing criticism from big tech companies and privacy advocacy groups alike. After deliberations, government committees recommended the creation of a comprehensive legal framework in regard to digital ecosystems and the introduction of a new bill that would fit within that framework.
Read more
GDPR butts heads with blockchain technology
The European Data Protection Board continues to work on providing guidance regarding blockchain technologies, but “cannot say by when the guidelines will be ready for publication, nor can we comment on the possible content.” The core issue is that blockchain technologies rely on distributed ledgers that cannot be deleted or changed — this immutability is central to the benefit of blockchain technologies, like cryptocurrency. However, blockchain’s immutability comes into conflict with the GDPR’s “right to be forgotten.” Businesses storing EU citizens' data on blockchains are therefore in a difficult position.
Read more
And if you someday aspire to be featured on the Spotlight series, why not check out our Careers page? We might have the perfect opportunity for you.