CDP Institute

The EU announced sweeping change via the Digital Markets Act (DMA), to force Amazon, Apple, Google, Meta – and anyone else with $83 billion+ annual revenue – to significantly alter how they treat EU consumers and operate in the EU. The DMA targets treatment in app stores and marketplaces; on search engines, social networks, and web browsers; and in cloud and ad services. It requires the ability to unsubscribe, fair access for sellers, and notification of mergers or acquisitions. It forbids ad targeting without consent, preferential treatment against competitors, reuse... Read More >

Hoping the third time’s a charm, the EU and US agreed in principle to terms that would allow businesses to transfer data to the US. This comes after two previous attempts failed because the EU felt citizen data wouldn’t be adequately protected. The question now is, if as before, the agreement will face legal challenges, including from privacy advocate Max Schrems and his noyb (stands for “none of your business”) group. In even more proactive data-transfer solving news, the UK announced that new transfer tools are ready under UK GDPR. These are the International Data Transfer Agreement (IDTA), and an addendum to the EU Commission standard contractual clauses. 

The Utah Consumer Privacy Act (UCPA) has been signed, making Utah the fourth state, following California, Virginia and Colorado, to have its own privacy law. The law is considered more business-friendly than predecessors and sets a new precedent by having a two-step process to implement enforcement. While it does provide consumers the right to access their data and to opt out of sales (narrowly defined) and targeted advertising, it does not provide private right of action or require prior consent for collection of sensitive data.

For example, why do marketers have to add this to their To Do list? Excellent question - and one of many that leading experts from Accenture, Acxiom, the Children's Advertising Review Board, Digital Smart Consulting, Hansa Cequity, Left Right Centre, Oracle, Tealium, and Treasure Data will address at CDPI's first Privacy to Market conference, April 26th from 8:45 am to 2:15 pm ET.

With Apple 15.2, customers have access to the Record App Activity tool, and with that they can check what a given app is doing. Surprisingly, despite the fact that Apple’s settings can deny permission for app tracking connections, URLgenius’s survey of 200 popular apps across 20 niche categories using the Record App Activity recorder found that even when permission denied, they made an average 15 potential connections with 80% to third party domains.

New York City’s Department of Education has asked the NY police department and FBI to investigate the hack of a widely-used online grading system owned by Illuminate Education that resulted in the exposure of 820,000 of the city’s students. Families are being notified about the extent of the breach, which included biographic, economic and academic information as well as sensitive information on who receives disability services. Questions being posed of whether encryption levels met state compliance guidelines.

At a time when socially conscious marketing is rewarded by consumer loyalty, it’s no wonder the newly-launched, Gated has already raised $3.3 million in seed funding. Go Gated!

The site displays messages telling search users there are only a few seats left– even if that’s not the case.

Now, on its 9th installment, the ACM has levied €45 million (of a maximum €50 million) in fines against Apple, payable if its demands are not met.

California’s Attorney General issued an opinion that “internally generated” inferences – including when done for marketing – must be provided upon request by state residents as part of rights granted under CCPA. The exception would be if the company could prove the information a type of trade secret.

Google Dialer and Messages apps on Android have been found to keep Google posted on who you’re in touch with, which of the two initiated contact, and how long you’ve been in touch. Then Google can, if it wants, get a detailed picture of your communication over time. And, no, you can’t opt out. This according to a study from Trinity College Dublin.

The Smart Africa Alliance, which includes 32 African countries, is working to create a single digital market in Africa by 2030. It has signed an MOU with the Network of African Data Protection Authorities (NADPA) to advance the enforcement and harmonization of personal data protection laws in Africa.