Meta violated EU privacy law by enabling automated "data scraping" of personal information, an Irish Data Protection Commission (DPC) investigation found. The inquiry launched in 2021 based on media reports of the discovery of a collated dataset of Facebook personal data on the internet. The DPC examined Facebook search, Facebook Messenger contact importer and Instagram contact importer tools about processing Meta carried out between May 2018 and September 2019. The main issues involved whether the company complied with the EU general data protection regulation's requirement for data protection by design and default, said a Monday news release. The decision, backed by all other EU data protection supervisory authorities, requires Meta to bring its personal data processing into compliance and to pay a $275 million (265 million euro) fine. A Meta spokesperson stressed the DPC didn't say the incident constituted a personal data breach, hack or security failing. Meta is cooperating fully and "made changes to our systems during the time in question, including removing the ability to scrape our features in this way using phone numbers," he said: The company is "reviewing this decision carefully."

Ireland’s Data Protection Commission is investigating TikTok’s data practices and data transfers to China, European Commission President Ursula von der Leyen confirmed in a letter Monday. FCC Commissioner Brendan Carr drew attention to the letter Tuesday. The DPC is investigating the company’s potential noncompliance with the general data protection regulation (GDPR), she said. She cited “several ongoing proceedings” involving data transfers to China, the processing of minors’ data and “litigation before the Dutch courts (in particular concerning targeted advertising regarding minors and data transfers to China).” She wrote the letter in response to members asking about Chinese government authorities potentially accessing the data of EU citizens. The GDPR applies to situations in which a company in the EU allows access to personal data to an affiliated company outside the EU, she said: The first company must ensure such data transfers don’t compromise EU data protections, specifically when public authorities are involved, she said. A TikTok spokesperson cited a company statement from earlier this year, saying the investigation was initiated in September 2021: "While we can't comment on an ongoing investigation, we're continuing to fully cooperate with the DPC. We're constantly reviewing our policies, processes and technologies to ensure that our community continues to enjoy a safe and secure experience on TikTok."

The FTC should grant consumers the right to block data brokers from selling their personal information, California Attorney General Rob Bonta (D) commented Monday. The agency collected public comment through Monday on its Advanced NPRM for a potential privacy rulemaking (see 2211170072). Bonta said the agency should ban businesses and third-party online trackers from “tracking or selling the data of users" who have opted out of "commercial surveillance practices.” Bonta wants more stringent age verification for online services directed at children. Public Knowledge in comments with the Yale Law School Technology Accountability and Competition Project sought structural rules for data minimization and retention, new data security standards and artificial intelligence assessments that “test for efficacy and fairness.”

Congress should pass major antitrust legislation targeting the tech industry, nearly 50 advocacy groups wrote leadership in both chambers Wednesday. They want passage of the American Innovation and Choice Online Act (see 2208020001 and the Open App Markets Act (see 2204150040). Access Now, Public Knowledge, Center for Digital Democracy, Consumer Reports, Fight for the Future, Open Markets Institute and Public Citizen signed. They called the bills “common-sense, compromise legislation that have the support of a wide range of stakeholders.”

A Republican bill aimed at alleged social media censorship in Ohio passed the House “informally” Monday, meaning the speaker is holding the bill on the House calendar. Introduced by Rep. Scott Wiggam (R), HB 441 would allow social media users to sue platforms for viewpoint discrimination, similar to laws passed in Texas and Florida (see 2203080071). Wiggam has “every intention of seeing this bill get through the House,” an aide told us Tuesday. The bill, which has no Democratic sponsors, also passed informally in June.

The Secret Service should update cybersecurity plans to reflect zero trust architecture guidance, the GAO said Tuesday. The GAO noted the Secret Service’s four-milestone cyber plan, which includes “assessing agency IT systems against federal guidance and implementing cloud services.” The plan was created before ZTA guidance was issued. ZTA "requires constant verification of everything that's trying to connect to an organization's IT systems," GAO said. The Department of Homeland Security responded on behalf of the Secret Service, concurring with the GAO recommendation.

Elon Musk’s leadership at Twitter will differ from his previous business ventures because he’s now operating in the heavily unregulated realm of social media, former FCC Chairman Tom Wheeler wrote Monday. A visiting fellow at the Brookings Institution, Wheeler said Musk is "now outside the rules-based worlds in which he has flourished." Musk, “who made his money in businesses governed by hard science and regulation” now must navigate a “messy reality where companies make money by selling advertisements to users attracted by virtually unbridled outrage, conflict, and misinformation,” Wheeler said.

FCC Commissioner Brendan Carr drew attention Monday to a bipartisan House Commerce Committee letter questioning why Apple and Google allow TikTok on their app stores. Carr has repeatedly cited national security and data security concerns about the popular Chinese social media app (see 2210210072). He cited letters from last week signed by House Consumer Protection Subcommittee Chair Jan Schakowsky, D-Ill., and ranking member Gus Bilirakis, R-Fla. “Turning a blind eye to an application that permits such surveillance endangers Americans, specifically the overwhelming number of teenagers that use TikTok,” Carr quoted from their letter in his tweet Monday.

Elon Musk’s “policy intentions” at Twitter “could significantly harm the Latine community by dismantling necessary safeguards against hate speech and disinformation,” National Hispanic Media Coalition CEO Brenda Castillo said Monday. NHMC is concerned Twitter’s content moderation council will include people who “actively promote hate and disinformation,” Castillo said, arguing staff cuts will mean less content moderation. She raised concerns about Musk’s reported plans to reinstate former President Donald Trump on the platform.

Chegg failed to establish basic security measures, exposing sensitive data of about 40 million customers and employees, the FTC alleged Monday in a proposed complaint against the education technology company. The commission voted 4-0 to issue a complaint against Chegg, saying the company failed to fix data security problems despite experiencing four breaches since 2017. The agency didn’t issue a fine against the company, but Chegg faces civil penalties of $46,517 for each subsequent violation. The company stored personal data on the cloud in plain text and used weak, outdated encryption standards to protect user passwords until at least 2018, the FTC said. Despite three phishing attacks, the company didn’t implement a written security policy until January, the FTC said. The company must implement multifactor authentication and establish a comprehensive data security program documenting how it collects data and when to delete it. Attorneys for Chegg didn’t comment.