CDP Institute

After thorough review, the Danish DPA ruled against allowing use of Google Analytics, having determined that the tool’s settings and terms of use don’t comply with EU regulations. This follows like decisions earlier this year by Austria and Italy and is seen to represent a common position among EU regulators.

The US National Basketball Association (NBA) is accused, in a new class action lawsuit, of sharing digital information that combines personal information NBA allegedly collects on its video viewers with unique Facebook identifiers, rendering the personal data identifiable. The suit, brought by a California resident, claims the NBA profits substantially from sale of the data, and, since users have not been made aware of this use, this allegedly would be in violation of the 1988 Video Privacy Protection Act (VPPA), which disallows having viewing history without consent.

Germany’s controversial data-retention law pertaining to telecom has been found to be incompatible with EU law by the European Court of Justice (EJC), so is now overturned. The law, which had permitted user data storage for up to ten weeks and permitted German law enforcement authorities to request it from the telecommunication companies, was a revision of an earlier law rejected by a German court. The EJC’s decision is consistent with arguments it has made against Sweden, France, Belgium and the UK over what was deemed unnecessary data retention.

The European Data Protection Supervisor (EDPS) has taken the unusual step of suing Members of Parliament (MEPs) to prevent them from enacting legislation that would allow law enforcement agency, Europol, to sidestep stricter privacy rules the EDPS wants. EDPS had ordered Europol to erase data it was holding on individuals who had no proven crime record, but MEPs and national governments stepped with alternate legislation that would shield Europol and expand its ability to sell data.

The US Federal Communications Commission (FCC) wants to levy a $3.4M fine on TV stations owned by Sinclair Broadcasting, Nextstar Media Group, Cunningham Broadcasting and others it has found violating the FCC’s Children’s Programming Commercial rules. The rules, which specify time limits on how much advertising can be done proportionate to hours of children’s programming have been flouted particularly by Sinclair (which would receive the largest fine totaling $2.652 million), repeatedly over many years.

The company, which has about 10 million customers, reported that data accessed on an unspecified number of current and former customers, included customer names, DOB, phone numbers, email addresses and ID document numbers.

The browser extension will launch as a Safari extension and soon be available on desktop, iOS and Android.

The US Congress discovered that customs officials have been copying personal data from as many as 10,000 cellphones, iPads and computers of travelers entering or leaving the country by land, sea, and air. This has been done without requirement of a warrant or a suspicion of crime and was made possible by courts that expanded Customs and Border Protection (CBP) access. Congress has criticized CBP and is calling for stricter protections to remediate this.

South Korea found Google & Meta violating its privacy law, so now slapped them with fines: 69.2 billion KRW (~$50 million – Google) and 30.8 billion KRW (~$22 million – Meta). The companies had not obtained consent before collecting data from site users, then enabled targeting with customized ads. At Google, users were not clearly informed of use plans and a default forced them to “agree.” At Meta, details about data use plans were not provided, nor was consent obtained before using behavioral and personal information.

Indonesia is set to pass its Personal Data Protection Bill (PDP) this week. The law, which gives companies two years to comply, will require data operators to obtain consent from individuals for collecting personal data or medical history. The strict penalty for noncompliance is up to 5 years in jail and a maximum fine of 5 billion rupiah (US $337,000). The law stipulates that personal information collected must be for a specific purpose only and that data must be erased once the purpose has been met.

Ad trickery using psychological games, misleading claims, hidden disclosures or other bait and switch tactics are not new to sales, but the move to online has presented new opportunities to lure and ensnare prospective buyers. A new US Federal Trade Commission (FTC) report displays examples of what’s called “dark patterns,” deceptive design practices used to dupe customers. The report is part of a larger effort by the FTC to identify and stop unfair business practices. This shortly after the FTC issued a policy statement warning companies against illegally tricking or... Read More >

Yubo, a French social start up popular with people under 25, and only available to those between ages 13-50, uses a mix of age-estimation technology from Yoti and data provided by users at sign-up to establish and vet age. This is crucial for ensuring safety for its 60 million and growing audience who use the platform to meet new people, play games and hang out in video chat rooms.