CDP Institute

Garante, the Italian data authority, found web publisher Caffeina Media Srl in violation of GDPR because its Google Analytics use resulted in the capture of EU personal data. This included device IP addresses, browser information, and visit dates and times – data which was subsequently transferred to the US. The Italian DPA also warned other local sites to check their own compliance. This follows a similar CNIL decision in France.

Alarm bells sounded across the US as citizens considered privacy implications of Friday’s Supreme Court ruling striking down Roe v. Wade. News warnings advising deletion of period tracking apps sparked fears that resulted in huge drops and gains for different apps – and sometimes both happened on the same platform. But the problem is, many decisions (including for one app that saw a 6,000% increase in its average daily downloads) were based on corporate messaging and gut impressions, rather than on what consumers knew about given app privacy practices.

Colorado, one of 5 US states with a new privacy law, has just passed a biometrics law that limits use of facial recognition by state government agencies and higher ed institutions. This law requires organizations that intend to “develop, procure or use” facial recognition technology to provide notice of intent, including how the data will be stored and protected. Prior to beginning use of a system, agencies will need to submit an accountability report, and they must also train users to ensure compliance with related prohibitions.

Privacy spending budgets are going up and corporate executives are concerned, but only 59% of those surveyed by Womble Bond Dickson law firm, felt their organization was “very prepared” to meet state guidelines in new US consumer privacy legislation. Further, 88% said they would prefer having a federal law to more state regulations. While 89% reported their tech budget had increased, the majority indicated it did so at a moderate pace.

Instagram is testing new age verification tools, which could be good, however the company objective seems focused more on knowing user information than on keeping young children safely off the platform. Plans include verifying ages by 1) asking teens to submit ID, which the company would store, then later delete; 2) having teens ask three adult friends to vouch for their age; and 3) inviting them to submit a “video selfie,” which the parent company Meta would scan to “guess” ages. The second idea seems promising, but the other two... Read More >

This follows increased concern from US and EU lawmakers over how biometric technology is being used by companies, and Mircrosoft’s own research that resulted in a lack of consensus that the mechanism worked.

Meta bought CrowdTangle in 2016.  But rather than committing to fighting the misinformation, Meta seems to prefer not risking more PR embarrassment, since some of what was previously identified was on their own Facebook and Instagram sites.

This is in addition to a couple other Windows 11 enhancements, one that protect against phishing and another that provides encryption prior to log-in.

The intent is to help brands set different strategies to evolve a safer space for advertising.

The anti-disinformation code to protect against false information has been released by the EU Commission. It is designed to protect against the social media and search engine algorithms that amplify click-bait messaging and proliferate false beliefs. Hopes were high this EU rule would force Facebook, Google, Microsoft and others to rein in the dangerous practice, but NewsGuard, which researches veracity of sites, and other privacy advocates fear that compliance is optional. The concern is many companies can’t be trusted to place the public good over their own profit.  NewsGuard noted that so far Microsoft is the only major player that has committed to the measure.

The Markup found that one-third of Newsweek’s Top 100 hospitals let Meta’s Pixel tracking tool collect patient data on their web sites, likely violating HIPAA privacy protection of medical data. Tracked clicks of doctor appointment scheduling shared doctors’ names, service search information, drop-down selects and patient identifiers.

Canada’s government introduced the Digital Charter Implementation Act, a multipronged law intended to give individuals more control over how data is used, provide strict rules on use of AI, and boost enforcement of violations. Critics note it doesn’t limit user data collection, other than for minors. The law would, however, provide Canada’s Privacy Commissioner with broader powers to stop a company’s data collecting, and issue large fines for non-compliance, so hopefully it can be strengthened on its way to passage.