CDP Institute

Convinced TikTok has been violating EU data protection laws and unable after a year to get satisfaction from EU data authorities, the Amsterdam Market Information Research Foundation, which represents 64,000 Dutch parents, brought its own case to Dutch court, suing for €1.4B (approximately $1.7B).

The British Medical Journal reported on the types of data collected by mobile health and fitness (mHealth) apps in the Google Play Store. The authors analyzed 20,000+ apps and found that nine of ten collect and track user data. More than a quarter (28%) didn’t adhere to the platform’s terms of service to list collected data, including email addresses, cell tower location and multiple device identifiers. Results also identified third party libraries embedded in the apps and detected more than half were sending data to third-party servers.

Concerned that use of AI for automated recognition of human features, emotions, and social scoring can lead to discrimination, the European Data Protection Board (EDPB) and European Data Protection Supervisor (EDPS) teamed up to propose legislation to ban it.

The EU has adopted two new sets of Standard Contractual Clauses (SCC). The Cross-Border SCC is the first and it becomes applicable June 27, 2021. From then until September 27, 2021, the old and new SCC can be used. After that, new contracts must use the new SCC, which is consistent with GDPR and the Schrems II ruling, though old agreements will be honored if deemed appropriate. By December 27, 2021, all old SCC’s need to be replaced. To ensure compliance, organizations should review and make appropriate changes to international... Read More >

It provides President Xi Jinping with power to shut down or fine tech companies for leaking data or when seen to be in violation of national security.

Rapid growth has the U.S. market for digital transformation pegged to increase to more than $30B by 2023. Truilloo, which helps companies verify that users are who they say they are, is speeding its international expansion, including into new verticals.

COVID-19 is having a big impact in data security, with ripple effects from remote working, increased threats, and much more data to manage. This survey of IT teams found only 24% believed they had complete knowledge of where their data was stored, and just 20% felt very prepared to handle risks they were confronting. Additional concerns were around skills gaps, the complexity of managing data in the Cloud, and the increased frequency of breaches.

Google has just announced that Workspace, beginning with Drive, Docs, Sheets, and Slides, will get client-side encryption. About to go into beta testing, this includes providing more granular control along with enhanced phishing and malware protection. Testers of Beta 2 for Android will also be trying out new privacy features. This will include more transparency on apps, including indicating whether a microphone and camera are on, and whether location is being tracked. A new clipboard reading notification is also in the works. Meanwhile, Google’s Federated Learning of Cohorts (FLoC) may... Read More >

Colorado is poised to pass the third U.S. state privacy law, pending its governor’s approval. The Colorado Privacy Act, which would come into effect July 2023, specifies that Colorado residents be allowed to opt out of data collection for ad targeting; imposes a duty of care in which companies must obtain consumer consent before collecting or using sensitive data; and,  restricts data controllers from using data other than for purposes for which it was collected.   No right of private action.

Key items are the addition of: 1) two-level VPN for Safari users; 2) new privacy report run-downs on app tracking for Apple users; 3) heightened protection in iOS Mail apps on open rates; and 4) a new “Hide My Email” feature to limit companies’ ability to collect personal data via email.

Alleging Amazon has violated privacy laws, Luxembourg’s National Data Protection Commission (CNPD) is looking for collective action from EU countries.

While Apple forced apps ask permission for 3rd-party tracking, Android will wait for them to opt-out before automatically erasing the Ad ID field.  It’s a step towards greater privacy but will also hinder analytics and fraud detection.   Google has said that it will provide an analytics and fraud detection alternative in July.  The company also plans to offer users more privacy options.