CDP Institute

The UK Information Commissioner’s Office (ICO) has released new guidelines for video games to ensure they comply with the UK Children’s Code. Requirements include that companies must: 1) identify that if players are under 18, the game is not detrimental to them; 2) work to discourage false declarations of age; and 3) demonstrate that behavioral profiling for marketing purposes is switched off by default.

The suit, filed on behalf of a group of Illinois residents, says a person’s facial features are unique, so collecting and using them without consent is in violation of BIPA rules.

A wrist-slap for Meta, which was found in violation of South Korea’s Personal Information Protection Act (PIPA) for blocking users from Facebook and Instagram if they refuse to provide behavioral information. Penalty cost for Meta is intended to be 6.6 million won (about US$5,240).

Indiana, Utah and Maryland lead the list of states actively pushing for new privacy legislation. Indiana’s bill, similar to the Virginia Consumer Data Protection Act, moves from State Senate to the House; Utah’s amended bill allowing private right of action against social media companies passes the State House; and in Maryland, three new bills were filed addressing biometrics, children’s data and health data. More bills are taking shape across the country from Washington, DC to Hawaii.

What’s the state of GDPR enforcement? CMS Law, a global firm with seventy offices in 40 countries, offers an at-a-glance GDPR Enforcement tracker that includes country, decision date, fine, and the controller overseeing the case.

A research study by travel tech company, Amadeus surveyed more than 10,000 travelers to find out their greatest hopes and biggest concerns about travel in the next decade. What they found was: 1) 34% expect travel to be quite different, 2) 44% believe cybercrime will increase, and 3) 41% consider future data privacy a major concern.

At first glance, the news looked good! Florida has opted to forego its ill-received idea to ask student athletes multiple questions about menstruation on their physical evaluation form. Great, but then the punch line! Now the state becoming known for privacy devaluation has a new (not good!) idea – it will ask students to provide their “sex at birth.”

If so, a lot of personal data could be in their hands.

Damages could accrue in some cases to $10,000 per plaintiff.

Pushback from UK creatives have stalled aggressive government AI plans to override existing copyright law and allow broad use of text and data mining. Regulations currently allow developers and researchers to leverage disparate data sets to train algorithms, but access is not widely allowed for business because of risks of data getting into the hands of third parties. Now, the UK’s Intellectual Property Office’s (IPO) intention to extend existing access has hit a roadblock from the creative community, including music and publishing companies, which cited the need to protect copyrighted... Read More >

One massive database. Info on nearly every New Zealander. More than 100 breaches (though many were minor). But that’s still small consolation to anyone whose data may be at risk. Since 2013, IDI’s data trove has gathered information from government departments and shared information, including from Census surveys, with 1400 researchers – and the list keeps growing. There have been more than 100 breaches since 2015, and the pace has been accelerating causing concern.

The EU wants to get a move on with General Data Privacy Regulation (GDPR) oversight, to stop corporate negligence and infractions! No more waiting two, three and four plus years, as was the case with Meta and Google, for European regulators to issue decisions. Now, the European Commission will insist regulators handling large-scale cases that impact citizens in multiple countries provide the Commission with every-other-month progress reports.