CDP Institute

Google received a mixed ruling on a suit alleging the company collected data about people who browsed in “incognito mode.” The federal judge ruled users cannot gain monetary damages on a class-wide basis but did allow the users to proceed with the case to request restricting data collection by Google. In Meta’s case, a federal judge rejected a $37.5 million settlement negotiated by the company and class action lawyers representing an estimated 70 million users. The lawsuit found Meta collected users' IP addresses, revealing general information about location - in violation of a prior privacy policy.

Epic Games LTD, one of the world’s largest gaming companies, has agreed to pay $520 million in the largest-ever US settlement for violating children’s privacy. The suit brought by the Department of Justice and the Federal Trade Commission (FTC) found that Epic had collected and shared children’s information without notice or parental consent, made children’s information visible to adult Fortnite players, and used privacy-invasive default settings. As part of the suit, Epic also agreed to a permanent injunction to not use children’s personal information it had already collected. The $520... Read More >

Tanzania recently passed the Personal Data Protection Act and became the fourth East African Community (EAC) country after Kenya, Uganda, and Rwanda to have a data protection law. Privacy advocates welcomed the news but have concerns about some aspects of the bill including whether Tanzania’s yet-to-be-established Data Protection Commission would be able to act impartially, whether data subjects would be given power of consent, and how security breach notifications will be handled. But, nevertheless, it’s viewed as a good step forward.

Plans are reportedly underway at Twitter to get past the niceties of allowing users individual privacy preferences and instead use a single-option “yes” consent pop-up to force users to consent to ad targeting, location data capture, and third-party data brokering. The facts that this: 1) would likely violate laws including GDPR, CPRA, and CCPA, 2) could trigger a Federal Trade Commission (FTC) enforcement action, and 3) would be incompatible with Apple privacy rules, seems to worry new owner Elon Musk not at all.

Comcast Xfinity, which serves 32 million households, surveyed 1,000 individuals and found that in comparison with their last survey in 2020, the number of connected devices has gone up 25% since before the pandemic and that smart home device shipments are now estimated at $306.3 billion. However, consumers are not practicing cyber-safe behavior. In fact, that significantly decreased since Comcast’s last survey and the report noted that more cyber-safe education is needed.

NetChoice, a tech industry group that includes Amazon, AOL, Google, Meta, and TikTok, has sued to block California’s Age-Appropriate Design Code (AADC) law, which is set to come into effect in 2024.  California’s AADC is the first privacy-by-design law in the United States and is based on the UK’s AADC.  California AADC would require tech companies to put in place more protections to keep children safe online, including making sites more user-centric and transparent. The law also proposes raising the age threshold above 13 years, which is what the federal... Read More >

This agreement between the 38 OECD countries and the European Union is a commitment to use common standards and safeguards to protect privacy and human rights particularly when accessing data for national security and law enforcement purposes.

The draft now enters a four-step process to proceed to the formal adoption stage.

Launching January 1, the phased rollout looks to address demand for digital sovereignty in the period before the EU-US Data Privacy Framework agreement is resolved.

There’s a long tradition of privacy policies being bogged down in legalese and getting consent, not by effectively explaining relevant information, but by frustrating intended users who may decide to accept terms even if they don’t understand them. But now the game company, King has gamified their privacy policy process. Their game, Privacy Saga, provides leveled play and a concluding quiz for people to learn, then test their knowledge – brava!

The European Data Protection Board (EDPB), which includes all the EU regulators, has ruled Facebook and Instagram (owned by Meta) can’t require accepting targeted ads as a condition of joining the network. If leaked details of the ruling are correct and this practice is deemed in violation of the General Data Protection Regulation (GDPR), the decision would have broad impact well beyond Meta. This is because it would limit companies from using data they directly collect on their own site.

Elon Musk’s Twitter purchase prompted widespread concern about what data he’d access, share, and protect. Subsequent news has alarmed privacy advocates. Now, an Adalytics’ study reveals that web crawler data from 70,770+ websites may be available through Twitter thanks to an ad pixel (called Pixel) which puts data from businesses, governments, organizations, hospitals, and users at broad risk unless a Restricted Data Usage (RDU) setting is activated – and the study found most times it’s not.