Biden Issues Executive Order to Protect Sensitive Data, $23 Million Tax Act Settlement, FTC Fines Avast $16.5 Million, and More.

The Privacy News You Need This Week

This week, the privacy ecosystem has been buzzing with news ranging from the serious to, if we’re being honest, a little strange. Here’s what we’re keeping an eye on this week.

Legislative Actions

President Biden issued an Executive Order to protect Americans’ sensitive personal data from exploitation by countries of concern, like Russia and China.

President Biden issued an Executive Order on February 28, 2024, to safeguard Americans’ sensitive personal data from exploitation by countries of concern like China and Russia. This Executive Order is the most significant action any President has taken to protect Americans’ data security. 

The order addresses the risks posed by bad actors who can exploit this data for surveillance, scams, blackmail, and other privacy violations. The Department of Justice will issue regulations to protect sensitive data, and the Department of Homeland Security will work on security standards to prevent foreign adversaries from collecting data. It emphasizes the importance of protecting Americans’ privacy and national security in an era where sensitive personal data can be misused for espionage or other malicious activities.

Regulatory Actions

DoorDash is Fined $375,000 in the Second CCPA Enforcement Action.

California Attorney General Rob Bonta settled with DoorDash after an investigation found the company violated privacy laws by selling California customers’ personal information without notice or opt-out options. DoorDash will pay a $375,000 penalty and must comply with privacy regulations, emphasizing the importance of businesses being transparent and respecting consumer privacy rights.

FTC Issues $16.5 Million Fine to Software Provider, Avast

The Federal Trade Commission (FTC) has ordered software provider Avast to pay $16.5 million and banned the company from selling or licensing any web browsing data for advertising purposes. This action comes after charges that Avast and its subsidiaries sold consumers’ browsing information to third parties despite claiming their products would protect users from online tracking. The FTC found that Avast collected browsing data through its browser extensions and antivirus software, stored it without adequate notice or consent, and then sold it. The settlement also includes provisions such as deleting certain browsing information, implementing a comprehensive privacy program, and prohibiting misrepresentation of data usage.

Privacy Lawsuits and Settlements

TaxAct Inc. Settles for $23M Over Unauthorized Data Sharing with Meta, Google.

TaxAct Inc., a leading online tax preparation service, has reached a significant $23 million settlement to address accusations of sharing confidential taxpayer data with Meta, Google, and other third parties without user consent. This resolution, subject to approval by Judge Vince Chhabria in the US District Court for the Northern District of California, aims to compensate affected taxpayers and prevent future privacy breaches. The company faced scrutiny for distributing sensitive financial information to tech giants without explicit permission, violating privacy and tax laws while undermining user trust. TaxAct will also offer complimentary access to live tax experts for customers filing taxes through the company in 2024 as a gesture of apology and commitment to enhanced service quality and user privacy protection.

A New Lawsuit was filed on Monday in New York against MLB.TV for VPPA Violations

Major League Baseball Advanced Media LP is accused of violating the privacy rights of MLB.tv subscribers by allegedly sharing users’ information with Facebook without consent. The lawsuit alleges that MLB.com used a tracking tool to monitor subscribers’ video viewing activities, including the specific videos they watched, and then shared this data with Facebook. This practice is believed to violate the federal Video Privacy Protection Act (VPPA) by disclosing personally identifiable information to third parties. The case emphasizes that the information shared with Facebook, such as the title of videos watched and users’ Facebook IDs, can be traced back to individual subscribers, potentially compromising their privacy rights.

And in stranger news, 

Wired reported that the Pentagon learned how to use targeted ads to find its targets, including Vladimir Putin.  

The article discusses how the Pentagon utilized advertising data collected from mobile phones to track the movements of individuals, including members of the military and individuals close to Vladimir Putin. This is a not-so-subtle reminder that this tracking can and is used for a number of reasons beyond helping you pick out a new pair of shoes!

Other Privacy Happenings

FTC announced the agenda for PrivacyCon, which is taking place on March 6th, 2024.

The Federal Trade Commission (FTC) announced the agenda for PrivacyCon 2024, an annual event focusing on privacy and data security research, set to take place virtually on March 6, 2024. This event brings together various stakeholders, including researchers, academics, industry representatives, consumer advocates, and government regulators, to discuss cutting-edge research and consumer privacy and data security trends. PrivacyCon 2024 will feature panel discussions on consumer attitudes and behaviors, the economics of privacy, privacy-enhancing technologies, health privacy, artificial intelligence, mobile device security, and deepfakes.