Tech companies such as Apple, Facebook, Google, Microsoft and Twitter have opposed portions of the U.S. Federal Trade Commission’s (FTC) efforts to strengthen online privacy protection for children. Companies such as Viacom and Disney, along with other major cable operators, marketing associations and technology groups have also argued the proposed rule changes go too far and would actually deter companies from offering online services to children rather than enhance their online protection.

The United States (US) Department of Justice (DoJ) has announced that PLS Financial Services, PLS Group and The Payday Loan Store of Illinois as co-defendants, have been ordered to pay a civil penalty of US$101, 500 by the District Court for violations of the Disposal Rule, by improperly disposing of sensitive consumer documents, including credit reports, by placing them intact in rubbish disposal units. The US Federal Trade Commission also alleged that the companies breached the Federal Trade Commission Act, the Safeguards Rule and the Privacy Rule by "failing to develop reasonable safeguards to protect sensitive consumer information, failing to provide privacy notices to consumers and misleading consumers about its privacy policies".

Pizza Hut's website pizzahut.com.au has been hacked, with access gained to its customers' personal information such as names and contact information, including email addresses. Pizza Hut general manager Graeme Houston reportedly stated that "absolutely no credit card information was stolen" and that the security of Pizza Hut's online ordering system "has not been compromised in any way and ... customers can continue to order online in the knowledge the ordering system is secure".

The United Kingdom Information Commissioner's Office (ICO) has announced that it has fined financial services firm The Prudential Assurance Company Limited (Prudential) £50,000 for an incident which occurred in March 2007 where the records of two customers who share the same first name, surname and date of birth, were mistakenly merged. According to the ICO, the accounts remained merged for over three years, despite the company being alerted to the mistake on several occasions, including receiving a letter from one of the affected customers in late April 2010.

The United States (US) Federal Trade Commission (FTC) has announced that web-tracking software company Compete has agreed to settle charges that used its web-tracking software to collect customers' personal data without disclosing the extent of the information that it was collecting, as well as failing to safeguard sensitive data. According to the FTC, the company got consumers to download its tracking software in several ways, including by urging them to join a "Consumer Input Panel" with the promise of rewards. Once installed, the Compete tracking component operated in the background, automatically collecting information about consumers' online activity, including details such as consumers' usernames, passwords.

27 European data-protection agencies sent a letter to Larry Page, CEO of Google, asking that the company modify its privacy policy so that users of its online services have a clearer understanding of what personal data is being collected and can better control how that data is being shared with Google’s advertisers. According to the agencies, Google provides users with incomplete disclosure regarding its processing and storage of data. Additionally, the agencies claim Google provides insufficient control over how information from different Google services—including its search engine, Android mobile apps and YouTube videos—is blended to build detailed personal profiles and that the company makes it too difficult to for users to prevent the collection of this data. The agencies also said that Google does not differentiate between data with different levels of sensitivity, attaching the same importance to credit card information and the contents of a search query.

Facebook is seeking the dismissal of a US$15 billion lawsuit against it which alleges the company "secretly track[ed] the Internet activity of its users after they log[ged] off". A lawyer for Facebook, Matthew Brown, reportedly said that the lawsuit should be dismissed because of its "utter lack of allegations of any injury to these particular named plaintiffs". A lawyer for the Facebook users bringing the lawsuit, Stephen Grygiel, reportedly said that Facebook's alleged tracking and interception of users' communication with third party websites after logging off Facebook is a breach of wiretap and stored communication laws, adding that "[n]owhere in Facebook's privacy policies does the company say, 'We are involved in your communication with third party websites after you log out'".

Bloomberg: Facebook Seeks Dismissal of $15 Billion Privacy Suit (6 October 2012)
(Source: Bloomberg)  

The European Union Article 29 Data Protection Working Party (the Working Party) has considered Google's new data collection policy at a recent meeting and will express its concern that it breaches privacy laws. The single policy reportedly replaced up to 60 separate policies, even though the Working Party requested that the company await an assessment by data protection regulators as to the effect of implementing the single policy. Google had reportedly previously been warned by Commission Nationale de l'Informatique et des Libertés (CNIL) President Isabelle Flaque-Pierrotin that "[r]ather than promoting transparency, the terms of the new policy and the fact that Google claims publicly that it will combine data across services raises fears about Google's actual practices". In particular, Ms Flaque-Pierrotin reportedly stated that Google's new policy made it "extremely difficult to know exactly which data is combined between which services for which purposes, even for trained privacy professionals".

Out-Law.com: Google's personal data collection practices will be criticised by EU privacy watchdogs (9 October 2012) 

In related news, Reuters reports that CNIL has granted Google four months to bring its privacy policy in line with CNIL's recommendations, "including better informing users on how data will be used, and setting precise periods for data to be retained", or face the possibility of disciplinary action.

Reuters: EU gives Google 4 months to amend privacy policy (16 October 2012)

Related news item:
The Guardian: Google's privacy policy: EU data protection chiefs 'to act within days' (8 October 2012)
(Source: Out-Law; Reuters; The Guardian)

Australian Privacy Commissioner Timothy Pilgrim has issued a statement (9 October 2012) regarding the collection of data by Google for its Street View service. In a letter (8 October 2012) to Mr Pilgrim, Google stated that it had identified a further two disks which may have contained Wi-Fi payload data. Mr Pilgrim requested that Google destroy the newly identified disks in accordance with the requirements of a previous undertaking and investigation. In a letter (9 October 2012) to Google, Mr Pilgrim stated that he "[remained] concerned that this data still exists given that Google previously confirmed that all data relating to this issue had been destroyed". Mr Pilgrim also reminded all organisations that they "have a responsibility to protect customer privacy and securely store the data that they hold".

Further information from the Office of the Australian Information Commissioner
(Source: Privacy Commissioner)

The United States (US) Federal Trade Commission (FTC) has announced that celebrity fan site operator Artist Arena has agreed, under a consent decree and order (3 October 2012), to pay a US$1 million civil penalty for improperly collecting personal information from children under 13 years old without parental consent. The FTC stated that Artist Arena collected the names, addresses, email addresses, birthdates and gender of more than 25,000 children in violation of the Children's Online Privacy Protection Act.

FTC's media release (4 October 2012)
(Source: FTC)