Privacy Policy News
& Data Breach Tracker

Facebook removed references to its United States Regional Privacy Notice from its main privacy policy. The removed sections included links and mentions of consumer privacy rights available to U.S. residents under regional laws. This appears to be a structural reorganization rather than a substantive change to actual privacy practices, as the regional notice likely still exists as a separate document.

Instagram removed references and links to a United States Regional Privacy Notice from its main privacy policy. The removed sections included mentions in the table of contents, an introductory note directing US users to the regional notice for information about handling Personal Information and exercising rights, and a dedicated section explaining that US residents could learn about their consumer privacy rights through that regional notice. No substantive privacy practices appear to have changed - only the organizational structure and cross-references within the documentation.

Google agreed to pay $135 million to settle a class-action lawsuit alleging the company collected and transmitted Android users' data without proper consent, including background transmissions that consumed mobile data even when apps weren't in use or certain settings were disabled. US residents who used Android devices with cellular data plans from November 2017 to the settlement approval date may be eligible for payment. While Google denied wrongdoing, the settlement has received preliminar...

Google reorganized its privacy controls nomenclature and expanded explanations of data collection. The policy now distinguishes between 'Search Services History' (for Search, Maps, Shopping) and 'Web & App Activity' (for other services), where previously both fell under Web & App Activity. A new 'Personalized Recommendations in Search services' control was introduced. The language around audio collection was broadened from 'voice and audio information' to 'media (like images, files, audio and video) from your interactions,' clarifying that Google records a few seconds before activation commands like 'Hey Google.' Terminology shifted from 'customized' to 'tailored' in some sections, and the policy now explicitly states Google collects data 'not associated with your account' using unique identifiers.

Apple has released quantum-resistant encryption code and verification tools to the public, including implementations of two quantum-secure algorithms now used across its 2.5 billion devices in services like iMessage and VPNs. The release includes formal verification tools that use mathematical proofs to ensure code correctness, which caught a critical error in digital signature code that conventional testing missed and could have falsely authenticated iMessage communications. This matters bec...

The U.S. Supreme Court declined to hear Meta's appeal of a Vermont lawsuit accusing the company of designing Instagram to be addictive to young users and misleading consumers about safety risks. Vermont's attorney general claims Meta exploited teenagers' developing brains to foster compulsive use and sell advertising, including targeting Vermont markets, as part of a coordinated effort by 42 state attorneys general. Meta argued Vermont courts lack jurisdiction since the app wasn't designed in...

LinkedIn added a notice at the top of its global Privacy Policy directing EU, EEA, UK, and Switzerland users to a separate European Regional Privacy Notice for additional information applicable to their jurisdiction. This appears to be a structural reorganization to accommodate region-specific requirements rather than a substantive change to data practices.

LinkedIn added a notice at the top of its global Privacy Policy directing EU/EEA/UK/Switzerland users to a separate European Regional Privacy Notice for additional information applicable to their jurisdiction. This is a structural change that creates a bifurcated policy presentation, routing European users to region-specific terms while maintaining a global baseline policy.

Texas Attorney General sued Meta claiming WhatsApp does not actually provide the end-to-end encryption it has promised users since 2016, alleging the company can access message contents despite public assurances that communications are private. The lawsuit, which affects WhatsApp's more than 3 billion users, relies primarily on a Bloomberg report about a closed federal investigation that allegedly found Meta could view WhatsApp messages. Meta has called the allegations baseless and plans to c...

Google has agreed to pay $135 million to settle a class action lawsuit alleging it collected data from Android devices without user consent between 2017 and the present, potentially affecting 100 million people. Users who owned an Android phone with a cellular data plan during this period can claim part of the settlement, which also requires Google to update its terms of service to clarify passive data collection practices. The final approval hearing is scheduled for June 23, after which elig...