Privacy and data protection regulations impact the work of every advertising, marketing and PR communications professional around the globe, and the focus on privacy by consumers and regulators continues to increase. W2O’s team is tracking the most important news and changes that directly influence our industry, including the latest on legislation, new privacy technology, enforcement actions, analysis and thought leadership in privacy and data protection.

Here’s the latest news we’re paying attention to right now. This week’s news includes an investigation into Twitter link tracking, Tim Cook’s comments about US privacy laws, and Facebook’s recent fine by the UK privacy regulator.

Twitter investigated by Irish Data Protection Commission

A complaint under the European GDPR privacy rules against Twitter has instigated an investigation by the Irish data protection authorities. While Facebook and Google are subjects of multiple investigations, this is the first time a regulator has investigated Twitter. A researcher at University College London named Michael Veale has said that he made a data subject access request to know the specific to data Twitter collects when people click on a shortened link, and that request was refused by Twitter on the basis of “disproportionate effort”. The Irish regulator has noted that the investigation will probably be handed off to the European Data Protection Board for further investigation.

What this might mean for brands – As regulators being to investigate their increasing number of complaints, all eyes will be on the results of those investigations. In addition to GDPR’s potentially massive fines, companies can face sanctions and bans on processing and data flows.

Apple CEO Tim Cook calls for GDPR-style privacy laws in the US

Cook was the keynote speaker at the International Conference of Data Protection and Privacy Commissioners on October 24th. Cook stated that Apple views privacy as a “fundamental human right”, and he endorsed a comprehensive federal privacy law in the United States. Apple also recently updated its privacy pages and now allows US customers to download a copy of their data in the same portal that EU customers have been able to use since May when GDPR came into effect. Facebook, Google and Microsoft also expressed support of a comprehensive US privacy bill.

What this might mean for brands – With the upcoming California Consumer Privacy Act (CCPA) and the privacy discussion heating up at the federal level, brands should be reviewing their data practices and preparing for compliance with the CCPA as soon as possible.

The UK’s Information Commissioner’s Office (ICO) issues 500,000-pound fine to Facebook

European regulators have fined Facebook 500,000 pounds over the Cambridge Analytica scandal, which is the maximum fine allowed under the former Data Protection Act (DPA) which was in force at the time. The DPA has since been replaced by GDPR, and the head of the ICO regulatory body Elizabeth Denham stated “the fine would inevitably have been significantly higher under the GDPR.” The ICO reported it intended to levy the maximum possible fine in July, but it is now official. Facebook is also facing an investigation by the Irish data regulator over last month’s data breach, which could result in a record fine.

What this might mean for brands – While the 500,000-pound fine is not meaningful to a company that posted $13.2 billion in revenue last quarter, it is noteworthy that it was the maximum fine allowed under the law that existed during the time of the incident. This may be a window into regulators mindsets, at least regarding the tech giants.

The opinions expressed in this post do not constitute or represent legal advice. No liability is accepted by the authors or W2O Group for any action taken or not taken based on the information or any associated communications.


If you’re interested in learning about W2O, check out our About and Healthcare pages.

Want to chat? Drop us a line.