CDP Institute

Available now are an early look at 5DK Runtime, Topics API, and FLEDGE APIs.

The company has also been ordered to use personal data of residents that is publicly available on the Internet.

Clearview AI, known for scraping billions of facial recognition images without consent and running afoul of privacy regulators in numerous countries, has met its match in the American Civil Liberties Union (ACLU). Clearview’s agreement to settle the ACLU’s 2020 lawsuit which stated the company violated Illinois’ BIPA biometrics law means the company can’t continue to sell its software to most US companies, and sets a precedent that state privacy laws can have impact beyond state lines.

Four of five Supreme Court justices voted to allow access to citizen bank documents, removing the need for  warrants. The decision is based on argument that individual rights to bank privacy is secondary to the government’s need to combat tax fraud and monitor for money laundering. Needless to say, that opens the data of millions of Mexican citizens to scrutiny without consent or specified cause. It is, however, in keeping with the aim of Mexico’s president who wants to crack down on Big Tech abuses.

The EU Council has approved the Data Governance Act (DGA). The new law will promote the availability and reuse of data that is subject to the rights of others that can benefit the public sector. This includes trade secrets and intellectual property data as well as personal data, areas not covered by the 2019 Open Data Directive. The EU plans to set up a single access point with an electronic register of public-sector data as part of a framework to foster data intermediation services and provide a secure environment through... Read More >

Didomi’s “Data Privacy Barometer” shows at-a-glance which country laws are approved, enforced and still in draft; compares data collecting and tracking across 14 industries; and provides a snapshot of consent volume by industry.

No need to wait to see if you’ll consent or not, many companies, including Meta, TikTok and this Top Ten list of offenders, are pleased to snag email addresses and personal identifiers while you’re filling out forms. This KU Leuven and Radboud University study of the top 100K websites found 1,844 websites visited from the EU, and 2,950 visited from the US had email addresses exfiltrated.

Thoughtlab’s benchmark study of 1,200 diverse large organizations in 16 countries found that while more than $125.2 billion annually has been spent to shore up this area, the rapidly evolving threat landscape has many companies at significant risk. Weak links are: complexity of supply chain (44%), rapid digital innovation (41%), and inadequate budget plus lack of executive support (28% each).

Perhaps Illinois and Texas didn’t notice that Meta’s Instagram, Messenger, Messenger Kids, Portal and Facebook have been using facial recognition algorithms – which the company claims didn’t identify anyone anyway. Well, in case either could be a problem, Meta has temporarily shut off some avatars and filters for subscribers in both states. Certainly better than facing consequences like Clearview (see Story #1). The company is also changing Location Services in Facebook, including Nearby Friends, weather alerts, and Location History as of May 31st. This will mean Meta will stop collecting information used for these, even if you previously granted permission. 

The EU this week proposed legislation to mandate tech companies aggressively screen for and remove child sexual abuse material (CSAM). However, while that should be welcome news to child privacy advocates, the breadth and scope of what’s proposed had a chilling effect. Concerns are that it would impose extreme obligations on chat and other communication services, including WhatsApp, Signal and Facebook Messenger to broadly scan user messages looking for CSAM or solicitation of children via AI systems. But, privacy advocates feel the general nature of such detection orders that would be issued by individual EU nations, could leave the door open to more generalized surveillance.

Putting a request in here for Google to come up with better product names….

The investigation by Netherlands’ Authority for Consumers and Markets (ACM) was triggered by a complaint by Match Group (which owns Tinder and other dating apps). Match claims Google’s Android Play Store uses a dominant position to preclude use of other payment systems. Google, in a statement, says Match is eligible to use other (more expensive) options outside Google Play’s standard policies.