TikTok faces latest class action over pixel tracking
June 5, 2023
Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.
Texas Privacy Bill Sent to Governor
Texas HB 4, implementing the Texas Data Privacy and Security Act, was unanimously passed by both chambers, sending the bill to the Governor for signature.
The Texas bill borrows several elements from existing privacy laws and also contains some unique elements.
For example, requirements for sensitive data are dictated based on the size of the company: large companies must obtain opt-in consent for all processing of sensitive data, while small companies must only obtain consent for the sale of sensitive data.
The Texas bill also requires specific language (“NOTICE: we may sell your [sensitive personal data / biometric personal data]”) be disclosed with the privacy notice, where applicable.
Finally, although opt-out preference signals must be recognized under the bill, Texas includes some exceptions absent in the other laws, including if a company “does not possess the ability to process the request”. Texas would be the fifth state (after California, Colorado, Connecticut and Montana) to require such recognition of opt-out preference signals.
TikTok Receives Class Action Over Pixel Tracking on Unaffiliated Properties
A class action lawsuit was filed against TikTok in the Central District of California, alleging various California statutory, common law and constitutional claims based on TikTok’s collection and use of ad event information, IP address, and cookie information from users of third-party properties that install the TikTok SDK.
According to the complaint, a multitude of users of the third-party properties were not TikTok users and never consented to or had any notice of TikTok’s interception and collection of the users’ data.
This case relies, in part, on the anti-wiretapping provisions of the California Invasion of Privacy Act, which imposes liability for reading the contents of a communication while in transit without consent of all parties to the communication.
Class action lawsuits under various state anti-wiretapping laws and the Federal Wiretap Act have been surging in recent years, targeting both third-party providers of tracking software and first parties who incorporate first or third-party trackers on their owned and operated properties.
Irish DPC Proposes Microsoft Fine For LinkedIn Targeted Advertising
Microsoft announced that it received a non-public Preliminary Draft Decision from the Irish Data Protection Commission, proposing a fine of approximately $425 million based on allegations that LinkedIn’s targeted advertising practices violated the GDPR.
Microsoft said it will dispute the legal basis for the decision and amount of the fine.
This announcement comes shortly after the French Data Protection Authority (CNIL) announced its closure of a case against Microsoft for alleged privacy violations related to ad fraud tracking on bing.com without user consent.
The nature of the alleged violations on LinkedIn were not publicly disclosed.
Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.
A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.
Latest Blog Posts
The Federal Trade Commission sent warning letters to five...
Delaware HB 154, implementing the Delaware Personal Data Privacy Act,...
How do different U.S. state laws define and protect...
Latest White Papers
The current state of publisher compliance with CCPA, and...
How to review your vendor list to mitigate compliance...
Keep in touch
Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.