27 European data-protection agencies sent a letter to Larry Page, CEO of Google, asking that the company modify its privacy policy so that users of its online services have a clearer understanding of what personal data is being collected and can better control how that data is being shared with Google’s advertisers. According to the agencies, Google provides users with incomplete disclosure regarding its processing and storage of data. Additionally, the agencies claim Google provides insufficient control over how information from different Google services—including its search engine, Android mobile apps and YouTube videos—is blended to build detailed personal profiles and that the company makes it too difficult to for users to prevent the collection of this data. The agencies also said that Google does not differentiate between data with different levels of sensitivity, attaching the same importance to credit card information and the contents of a search query.

Facebook is seeking the dismissal of a US$15 billion lawsuit against it which alleges the company "secretly track[ed] the Internet activity of its users after they log[ged] off". A lawyer for Facebook, Matthew Brown, reportedly said that the lawsuit should be dismissed because of its "utter lack of allegations of any injury to these particular named plaintiffs". A lawyer for the Facebook users bringing the lawsuit, Stephen Grygiel, reportedly said that Facebook's alleged tracking and interception of users' communication with third party websites after logging off Facebook is a breach of wiretap and stored communication laws, adding that "[n]owhere in Facebook's privacy policies does the company say, 'We are involved in your communication with third party websites after you log out'".

Bloomberg: Facebook Seeks Dismissal of $15 Billion Privacy Suit (6 October 2012)
(Source: Bloomberg)  

The United States (US) Department of Justice (DoJ) has announced that CVS Caremark Corporation subsidiary RxAmerica has agreed to pay US$5.25 million to settle charges that it submitted false pricing in relation to its Medicare Part D plan. The Medicare program offers Part D participants prescription drug coverage. Centres for Medicare and Medicaid Services (CMS) offers a web-based tool called Plan Finder to assist participants to choose a Part D plan that minimizes their out-of-pocket costs. It was alleged that during January 2007 and December 2008, RxAmerica made false submissions to CMS regarding prices for certain generic prescription drugs used for Plan Finder, despite certifying to CMS that it would submit accurate pricing data for Plan Finder.

DoJ's media release (15 October 2012)

(Source: DoJ)

The European Union Article 29 Data Protection Working Party (the Working Party) has considered Google's new data collection policy at a recent meeting and will express its concern that it breaches privacy laws. The single policy reportedly replaced up to 60 separate policies, even though the Working Party requested that the company await an assessment by data protection regulators as to the effect of implementing the single policy. Google had reportedly previously been warned by Commission Nationale de l'Informatique et des Libertés (CNIL) President Isabelle Flaque-Pierrotin that "[r]ather than promoting transparency, the terms of the new policy and the fact that Google claims publicly that it will combine data across services raises fears about Google's actual practices". In particular, Ms Flaque-Pierrotin reportedly stated that Google's new policy made it "extremely difficult to know exactly which data is combined between which services for which purposes, even for trained privacy professionals".

Out-Law.com: Google's personal data collection practices will be criticised by EU privacy watchdogs (9 October 2012) 

In related news, Reuters reports that CNIL has granted Google four months to bring its privacy policy in line with CNIL's recommendations, "including better informing users on how data will be used, and setting precise periods for data to be retained", or face the possibility of disciplinary action.

Reuters: EU gives Google 4 months to amend privacy policy (16 October 2012)

Related news item:
The Guardian: Google's privacy policy: EU data protection chiefs 'to act within days' (8 October 2012)
(Source: Out-Law; Reuters; The Guardian)

The United States (US) Commodity Futures Trading Commission (CFTC) has announced that Farr Financial (Farr) has agreed to pay a US$280,000 penalty to settle CFTC charges of improper investment of customer segregated funds and supervision failures. It was alleged that between 2007 - 2010, Farr invested customer funds in at least seven different accounts that failed to comply with the requirements of the CFTC regulations.

The United Kingdom (UK) Office of Fair Trading (OFT) has announced that it has written to 62 major online retailers after a review of 156 websites revealed that many may not be compliant with the UK's Distance Selling Regulations and other consumer protection laws.

The Australian Securities and Investments Commissions (ASIC) has announced that Barclays Bank has paid a penalty of A$80,000 to ASIC, imposed on it by the Markets Disciplinary Panel. The bank allegedly withdrew A$13.8 million of client monies from its client segregated account instead of its own account on 27 January 2011 without authorisation. Further, the bank failed to return the client monies for five business days.

ASIC's media release (15 October 2012)
(Source: ASIC)

While it’s being touted as the biggest antitrust settlement in U.S. history, opposition is growing over the agreement signed by Visa, MasterCard and other large financial firms in a dispute with merchants over credit card processing fees. The merchants had accused the firms of conspiring to fix processing fees at unfairly high levels. The terms of the settlement, which still needs approval from a judge, award about 7 million merchants $6 billion in damages with an 8-month reduction in fees valued at about US$1.2 billion. Those opposed to the deal believe it leaves the financial firms’ power to increase processing fees unchecked and also takes away the merchants’ ability to sue over processing fees in the future. Critics also say that while the US$7.2 billion being awarded to merchants is a large number, after it is divided amongst all of the plaintiffs it only amounts to about 2 months’ worth of processing fees. Merchant trade group The National Retail Foundation has said it plans on attempting to block the settlement’s approval.

The New Zealand Commerce Commission (NZCC) has released new information disclosure requirements for electricity distribution and gas pipeline businesses, under which regulated businesses are required to publicly disclose information about investment and innovation, financial performance, pricing and network management. The purpose of the new disclosure requirements is "to promote the long-term benefit of consumers in markets where there is little or no competition". NZCC deputy chairperson Sue Begg stated that "[i]nformation disclosure is particularly important for the 12 electricity distribution businesses that are not subject to price-quality regulation", adding that gas pipeline businesses will be required to disclose asset management plans. Electricity distribution and gas pipeline businesses must make their first annual disclosures under the new requirements in 2013.

NZCC's media release (1 October 2012)
(Source: NZCC)

The Australian Competition and Consumer Commission (ACCC) has announced that the Federal Court of Australia (FCA) has ordered retail company UNJ Millenium Pty Ltd (UNJ) to pay A$55,000 in penalties after it admitted to making false and misleading claims that its sheepskin and wool bedding products were made in Australia, contained 100% sheep wool or contained 100% alpaca wool. The FCA held that UNJ breached the Australian Consumer Law, and has further ordered the company and its director to contribute to the ACCC's costs.

ACCC's media release (3 October 2012)
(Source: ACCC)