This Week in Privacy: Jun 29 - Jul 5, 2026
This week, Europe's highest court delivered a decisive blow to Google's business practices, upholding a record-breaking €4.1 billion antitrust fine. Meanwhile, the healthcare and insurance sectors faced a cascade of data breaches affecting millions, and the US Supreme Court strengthened digital privacy protections by requiring warrants for geofence searches.
Top Stories
Google Hit with Europe's Largest Antitrust Fine
The Court of Justice of the European Union upheld a €4.1 billion fine against Google on July 2, ending an eight-year legal battle over Android's dominance. The European Commission found that Google illegally forced device manufacturers to pre-install Chrome and Google Search as defaults, paid companies to exclusively use Google Search, and blocked manufacturers from selling devices with alternative Android versions. This is the largest competition fine the European Commission has ever imposed on Google, cementing Europe's position as the world's most aggressive tech regulator. The ruling validates the Commission's strategy of using competition law to address digital market power, and could embolden regulators in other jurisdictions to pursue similar cases against dominant platforms.
Healthcare Data Breaches Expose Millions
A wave of cyberattacks hit healthcare and insurance providers this week, compromising sensitive information for millions of people. AdaptHealth, a medical equipment company, suffered a breach after attackers used social engineering to trick a third-party contractor, gaining access to patient management systems and electronic health records. In an unusual twist, the attackers themselves contacted the company on June 15 to disclose the theft. Meanwhile, Aflac and Zurich disclosed that 2 million Japanese insurance customers had their data stolen after a US subcontractor's server was breached, with the stolen information later posted for sale online. Aflac also reported a separate 10-day breach of its Japan policyholder portal between June 15 and 25, and disclosed yet another breach where attackers stole personal and bank account information from customers. The healthcare sector's reliance on third-party vendors and legacy systems continues to create vulnerabilities that attackers readily exploit.
Supreme Court Requires Warrants for Geofence Searches
In a significant privacy victory, the US Supreme Court ruled 6-3 that law enforcement must obtain warrants before using geofence technology to collect cellphone location data. Justice Elena Kagan wrote that people have a reasonable expectation of privacy in their location records, and that accessing this data constitutes a Fourth Amendment search requiring probable cause and judicial oversight. Geofence warrants allow police to request data on all devices near a crime scene, casting a wide net that often sweeps up innocent bystanders. The Court rejected the government's argument that these broad data requests don't constitute a search at all, finding that location data deserves the same protections as emails and documents.
In Brief
- Russia threatened Apple with a $52 million fine unless the company pre-installs Russian government-approved apps on devices sold there by July 15, though enforcement mechanisms remain unclear given Apple's 2022 exit from the country.
- The FTC fined Amazon $2.25 million for violating the Fair Credit Reporting Act by refusing to provide identity theft victims with records of fraudulent transactions made in their names.
- Ireland's High Court upheld TikTok's €530 million fine but ordered regulators to reconsider suspending EU-to-China data transfers, determining they hadn't sufficiently addressed TikTok's arguments.
- The Supreme Court agreed to hear Apple's appeal of a contempt ruling related to App Store payment fees, with Apple arguing it can't be held in contempt for violating an injunction's "spirit" rather than its explicit text.
- Nissan disclosed a data breach affecting employees after attackers exploited a zero-day vulnerability in Oracle PeopleSoft software, part of a broader campaign by the ShinyHunters group.
- Hong Kong's Shun Hing Group suffered a March cyberattack that exposed data for 921,000 individuals, including names, addresses, and contact information.
- Bradford Health Services settled a class action lawsuit related to a December 2023 breach that compromised patient Social Security numbers and driver's license information.
The Big Picture
This week's events reveal two competing forces shaping digital privacy: aggressive enforcement from courts and regulators, and persistent security failures across industries. The Google and Amazon fines, TikTok court battles, and Supreme Court geofence ruling show that authorities are increasingly willing to impose meaningful consequences for privacy violations and anti-competitive behavior. Yet the parade of healthcare breaches demonstrates that many organizations still treat security as an afterthought, leaving millions vulnerable to attacks. As regulators raise the stakes with billion-dollar fines and new warrant requirements, the gap between privacy expectations and actual protections remains dangerously wide, particularly in sectors handling our most sensitive information.