CDP Institute

TikTok has to allay regulator concerns or face multiple shutdowns and bans. This week, 1) a whistleblower told The Washington Post TikTok’s $1.5 billion “Project Texas” plan to protect US user data could still allow China to access company data, 2) Denmark's Centre for Cyber Security’s concerns prompted a public broadcast company to alert journalists to avoid installing TikTok on work phones because of security risks, and 3) TikTok has had to go all-in courting EU regulators to address concerns over its data-harnessing practices in light of the upcoming Digital Services Act (DSA).

FBI chief Christopher Wray revealed during a Senate hearing that the bureau had in the past purchased sensitive location data rather than obtaining a warrant. This prompted concerns among privacy advocates, though Wray indicated that it was not currently the practice to do so and that there were no current plans to do it again. Still, concerns are that without federal privacy legislation, this and other agencies’ practices encroaching on individual privacy may happen without public knowledge.

The UK is opting for business-friendly, billions-saving GDPR-type regulation. The country’s Data Protection and Digital Information Bill (DPDI), which was introduced in September 2022, has incorporated improvements with the clear goals of buttressing the UK business community while ensuring data compatibility with the EU’s General Data Protection Regulation (GDPR). The bill, which is expected to generate £4.7 billion in savings over ten years for the country, also supports reduced paperwork, clarifies consent requirements, and helps to educate the public about AI technologies.

In fact, in a 1,000-person survey conducted by MessageGears of individuals who reported making an online purchase at least once per month on average – nearly 60% ranked keeping their data secure the top priority, whereas personalized digital messages came in as least important.

Compliance with the UK’s Online Safety Bill means disallowing children under age 13 to access sites containing adult material – or kicking them off if they do get on. But according to research conducted between April 2021 and April 2022 by media regulator, Ofcom, Snapchat was shown to be removing accounts of far fewer children than similar social sites. In data shared with Reuters by Ofcom, TikTok was shown to have blocked an average of about 180,000 suspected underage accounts in Britain every month, while Snapchat removed just 60 accounts... Read More >

The European Data Protection Board (EDPB) has issued its opinion on the EU-US Data Privacy Framework (DPF) and has reservations, including about exemptions to data subjects’ right of access, an absence of clear definitions, lack of rules on automated decision making, and lack of clarity on onward transfers, so it will now need more scrutiny by EU institutions. As a result, businesses that transfer personal data between the EU and US should continue relying on the other data transfer mechanisms available under the GDPR, such as Binding Corporate Rules and... Read More >

The UK lawsuit, which alleged Facebook used market dominance to monetize data unfairly, looked to get compensation for 45 million UK users of the social media site. A London tribunal put the burden of proof back on the claimants’ lawyers who have six months to represent.

Book and gift retailer WH Smith has reported a cyber-attack that accessed worker data, but not data of customers. The company, which employs approximately 10,000 people in the UK, reports it has notified the affected colleagues and the authorities. Retailers are at high risk for attacks because they collect a lot of data and are high-profile targets.

Pakistan’s National Database and Registration Authority (Nadra) has added a data protection service for citizens and a SMS enrollment service for citizens to enroll mobile numbers with Nadra. As of this week, all verification transactions in the country will require going through Nadra’s system to gain citizen consent via use of a 6-digit passcode that will be sent to the individual’s mobile number requesting consent.

The complaint sent to the UK Information Commissioner’s Office (ICO) claims the company is gathering data, including what kids watch on YouTube and the devices they watch the content on. If the suit prevails, the company could be facing a hefty fine and it could set a precedent for other cases using the age-appropriate design code.

This includes data on PCR test monitoring and tracing people and is ostensibly to protect citizen data privacy.

Objections are that in acquiring OneMedical, which has 836,000 members and contracts with more than 9,000 employers nationwide, Amazon could gain unprecedented clout in the healthcare business by leveraging its retail potential.