CDP Institute

More than 60 million sites use Google’s fonts, which are free. Now, an investigation has found data from site users is being harvested and sold. Data collected via fonts includes IP addresses and browsing history, which Google then cross-references with other data it holds and sells to advertisers and marketers.

Legal and compliance teams in healthcare are advising pullbacks from mass data collection and data use pending a clearer understanding the impacts of new regulation and recent actions by government agencies, particularly the Federal Trade Commission (FTC).  This follows the FTC imposing fines of $1.5 million on online pharma company GoodRX and $1.8 million on online therapy provider BetterHelp.

Vietnam’s Personal Data Protection Degree (PDPD) will come into effect July 1.  The government has published the outline of obligations for compliance by foreign agencies, organizations and individuals, as well as for Vietnamese organizations operating abroad.  The PDPD includes stipulations on data subject rights, including the right to be informed, consent, data access, and data portability.

The digital password, first used at MIT in 1961, is 62 years old, and according to many experts no longer serves critical security needs businesses have. The 2023 State of Passwordless Security Report, based on interviews Vanson Bourne conducted with 1,000 IT security professionals from EMEA, APAC, and US companies, indicates 88% had cyberattacks in the last year. Phishing (43%) was the most prevalent form and 28% were by push notification attacks (aka multi-factor authentication fatigue attacks -- MFA bombs).

The Egyptian government, which in 2020 switched away from using the US College Board exam due to that company’s concern about security issues, established its own exam and in 2022 partnered with UK-based Academic Assessment Ltd. Human Rights Watch reports that now that vast amounts of personal data of tens of thousands of children who took that test was exposed for months. This puts the children at great risk, as anyone with an internet connection could find where they live, go to school, and if they have mental health or... Read More >

Regulators want to verify whether OpenAI, owner of ChatGPC sufficiently protects personal data compliant with EU law.

The new features applies consent decisions captured by OneTrust, Didomi, and Usercentrics to web interactions governed by Tealium IQ.  It also honors opt-out cookies and Global Privacy Control signals.

This study shows 90% of games analyzed by Usercentrics didn’t comply with GDPR or the ePrivacy Directive by offering consent choice.  It also includes a case history that found a 1.5% increase in ad revenue per user with integrated consent.

A customer sued Tesla after former employees disclosed the company collected and shared “highly invasive videos and images” of people in their cars, then used them for in-work entertainment. What’s to say??? If what is alleged is true, not a lot of wiggle room here for meaningful apology or explanation.

The suit claimed Vimeo’s recently acquired Magisto AI-based video creation and editing platform collected and stored user biometric data, including using face mapping to identify age, gender and location without consent. This violation of Illinois’ Biometric and Information Privacy Act (BIPA) has been denied by Vimeo, which nevertheless agreed to settle the suit.

Montana legislators approved what would be the first US statewide bill to ban TikTok. SB 419 has been sent to the governor to sign. The bill cites Chinese surveillance as a main cause for concern. If signed, TikTok would be prohibited from offering its platform to residents, and Apple and Google would not be allowed to make TikTok available for download in Montana.

The “Social Media Safety Act,” which follows passage of a similar law in Utah, requires social media platforms to verify the ages of users who are under 18 and requires parental consent for minors to create an account. Companies will be required to check ages via government-issued IDs or other verification methods, though what those methods will be, and which companies are exempt, is still unclear.