CDP Institute

Epic Games LTD, one of the world’s largest gaming companies, has agreed to pay $520 million in the largest-ever US settlement for violating children’s privacy. The suit brought by the Department of Justice and the Federal Trade Commission (FTC) found that Epic had collected and shared children’s information without notice or parental consent, made children’s information visible to adult Fortnite players, and used privacy-invasive default settings. As part of the suit, Epic also agreed to a permanent injunction to not use children’s personal information it had already collected. The $520... Read More >

Tanzania recently passed the Personal Data Protection Act and became the fourth East African Community (EAC) country after Kenya, Uganda, and Rwanda to have a data protection law. Privacy advocates welcomed the news but have concerns about some aspects of the bill including whether Tanzania’s yet-to-be-established Data Protection Commission would be able to act impartially, whether data subjects would be given power of consent, and how security breach notifications will be handled. But, nevertheless, it’s viewed as a good step forward.

Plans are reportedly underway at Twitter to get past the niceties of allowing users individual privacy preferences and instead use a single-option “yes” consent pop-up to force users to consent to ad targeting, location data capture, and third-party data brokering. The facts that this: 1) would likely violate laws including GDPR, CPRA, and CCPA, 2) could trigger a Federal Trade Commission (FTC) enforcement action, and 3) would be incompatible with Apple privacy rules, seems to worry new owner Elon Musk not at all.

Comcast Xfinity, which serves 32 million households, surveyed 1,000 individuals and found that in comparison with their last survey in 2020, the number of connected devices has gone up 25% since before the pandemic and that smart home device shipments are now estimated at $306.3 billion. However, consumers are not practicing cyber-safe behavior. In fact, that significantly decreased since Comcast’s last survey and the report noted that more cyber-safe education is needed.

NetChoice, a tech industry group that includes Amazon, AOL, Google, Meta, and TikTok, has sued to block California’s Age-Appropriate Design Code (AADC) law, which is set to come into effect in 2024.  California’s AADC is the first privacy-by-design law in the United States and is based on the UK’s AADC.  California AADC would require tech companies to put in place more protections to keep children safe online, including making sites more user-centric and transparent. The law also proposes raising the age threshold above 13 years, which is what the federal... Read More >

This agreement between the 38 OECD countries and the European Union is a commitment to use common standards and safeguards to protect privacy and human rights particularly when accessing data for national security and law enforcement purposes.

The draft now enters a four-step process to proceed to the formal adoption stage.

Launching January 1, the phased rollout looks to address demand for digital sovereignty in the period before the EU-US Data Privacy Framework agreement is resolved.

There’s a long tradition of privacy policies being bogged down in legalese and getting consent, not by effectively explaining relevant information, but by frustrating intended users who may decide to accept terms even if they don’t understand them. But now the game company, King has gamified their privacy policy process. Their game, Privacy Saga, provides leveled play and a concluding quiz for people to learn, then test their knowledge – brava!