CDP Institute

Results from the survey conducted in late 2020 evaluated top social media platforms on ten categories of media responsibility.

In a shot across the bow at Big Tech, Maryland is the first U.S. state to tax digital ad services. Companies making between $1M – $100M will pay 2.5% and those making over $15B, like Google and Facebook, will pay 10%. The state’s premise is that tech companies profit by collecting ad data on its residents so they should pay their fair share. Other states, including Connecticut and Indiana, may soon follow.

This follows Apple’s recent announcement that it plans to ask iPhone users’ consent to track their data, so the company can offer personalized ads. Facebook has raised concern this may be anti-competitive behavior, since Apple’s personalized ad platform wouldn’t have to provide users an opt-in for tracking by third parties.

A new bill introduced by Senate Democrats proposes to change Section 230, core U.S. legislation that shields social media and Internet providers from liability for publishing false or misleading information and from responsibility for the user content they publish. Section 230, which the New York Times quoted President Biden as saying should be "immediately revoked," gives the Internet companies unique immunity not granted to publishers or other media. The SAFE TECH Act would make an exception "when the provider or user has accepted payment to make the speech available," which would impact not only advertising but other kinds of paid services, including for premium web hosting. On the upside, the change would require more accountability from companies and would provide recourse to victims of cyberstalking and Internet harassment.

Virginia is now the second U.S. state to pass a comprehensive data privacy law. The Virginia Consumer Data Protection Act (VCDPA) provides consumers the right to know what data is being collected, to opt-out of collection and to refuse use of their information for targeting, profiling, or for sale. However, it does not give consumers private right of action, a choice that eased passage and may make it a model for other legislation.

Cisco’s survey of more than 4,700 security professionals from 25 countries found the average privacy budget doubled from $1.2M last year to $2.4M this year. This was true for organizations of different sizes. Additionally, 93% said privacy teams played a significant role in helping to manage corporate changes caused by the pandemic. Seventy-nine percent viewed the world’s developing privacy laws as having a positive impact.

Of 1,000 people in the US and UK, 82% reported they maintain moderate data privacy.  But in practice 83% are somewhat comfortable sharing biometric data and 64% say they would consider trading data for more personalization and convenience.

Emergency U.S. legislation proposed for healthcare privacy protection Looking to safeguard data not protected by the Health Insurance Portability and Accountability Act (HIPAA), Democrats in the U.S. House and Senate reintroduced the Public Health Emergency Privacy Act that was first proposed last spring. It is meant to address security issues related to COVID-19 response.

In a clear demonstration of how difficult it can be for consumers to exercise their privacy rights, Consumer Reports found that even trained agents could not get many requests done successfully. Utilizing California's "authorized agent" provision, 124 Consumer Reports agents reached out to 21 companies, including Airbnb, Amazon, Comcast, Home Depot and Starbucks to use Data Subject Access Requests (DSAR) and other company privacy preference mechanisms to make account changes.

Epsilon to pay $150M in settlement with U.S. Department of Justice As part of a remediation agreement, Epsilon will pay a total of $150M including $127.5M in compensation victims of fraud schemes resulting from sale of Epsilon data. The company had used data modeling to build and sell lists of customers, many elderly, deemed most likely to respond to marketing solicitation.

The company disputes the charges but Canada’s privacy watchdog plans to proceed with actions if Clearview doesn’t cease collecting biometric data on citizens and delete all previously collected.

Warning that use of facial recognition technology poses a risk to individual privacy and can negatively affect human dignity and rights, the Council specified that it should only be employed on an appropriate legal basis. They said it should not be used in uncontrolled environments; in ways that may promote racial, sexual or religious discrimination; or to determine personality traits, sentiments, or personal mental health.