CDP Institute

What’s a little privacy between friends? Amazon has just launched Amazon Clinic, a new service that for a low price provides text access to company partner clinicians who can prescribe medication. Only thing is, the registration form is a bit of a switch from standard US health protocol in that rather than telling you federal Health Insurance Portability and Accountability Act (HIPAA) rules will be followed, it asks permission to waive those rights so your data can be used and shared.

To address concerns over misuse of Bluetooth location-tracking devices, Apple and Google in cooperation with advocacy and industry groups have drafted specifications for devices such as AirTags and Tile, that would require device compatibility with iOS and Android detection to enable alerts. The Internet Engineering Task Force (IETF) has posted an Internet-Draft which is open for comment for the next three months.

Taiwan’s legislature approved plans for a national data protection agency. The agency, which needs to be set up by August 2024, will ensure adherence to Taiwan’s Personal Data Protection Act (PDPA) and require organizations to protect data from theft, damage or disclosure, or face fines up to NT$2 million (US $65,261).

A new report from Adjust, an app marketing and analytics company, shows that mobile ad spend offers some bright spots in the marketing ecosystem. In 2022 ad spend was up 14% – and Apple ATT opt-in rates averaged 29% in the first quarter of this year, which is up 4% YoY. The report emphasizes that companies benefit when they prioritize customer needs and preferences – including for data privacy.

Parents are concerned that “My AI,” a chatbot tied in to ChatGPT, has gone too far in engaging with kids. Designed to feel more human in interactions, some teens that have used “My AI” said they use it for companionship and to get advice. In other examples, “My AI” was found to behave coyly when queried about what it “knew” about a user’s location, and it advised some others to hide information from parents. “My AI” is free to Snapchat users, but payment of the $3.99/month subscription fee is required... Read More >

The lines between oversight, monitoring and surveillance can be misunderstood or mishandled, which is why understanding where the US is headed with evolving work privacy legislation is crucial.

PrivateGPT redacts more than 50 types of PII and replaces it with placeholder data before that is submitted to ChatGPT.

Cost can be as low as $100 a month, making it accessible for small and large businesses.

The EU Commission has named 17 companies and 2 search engines to its Very Large Online Platforms (VLOPs) and Very Large Online Search Engines (VLOSEs) lists for Digital Services Act (DSA) regulation. This includes Alibaba, Amazon, Facebook, and TikTok (VLOPs), and Bing and Google Search (VLOSEs), which will now have four months to comply with new obligations to be regulated by the DSA.

KrebsOnSecurity site reports that Salesforce Community public websites may be leaking data from organizations including banks, healthcare and government. This comes two years after a researcher first identified risk from misconfiguration in the Salesforce sites that allowed for exploitation. Now, according to KrebsOnSecurity, leaks are happening widely – and despite organizations being notified, most have not addressed the problem.

Indiana is the 7th US state to pass a privacy law. The Indiana Consumer Data Protection Law includes protection of the right to know, correct, and delete. It will go into effect in 2026. Montana and Tennessee's legislatures have both approved privacy bills that may come into effect sooner. Montana’s governor requested amending the Montana Consumer Data Privacy Act to ban not just TikTok but also other social media sites perceived as from foreign adversaries. With Tennessee, the Information Protection Act is business-friendly and weaker than privacy laws in the first states, California, Colorado, Connecticut, Iowa, Utah, and Virginia.

The Protecting Kids on Social Media Act is a bipartisan proposal that harkens back to earlier legislation designed to shield children from “indecent” ads or solicitation, and to keep them from hearing “obscene” language on television and radio. The proposal also comes as US states increasingly come up with their own legislation to restrict children, as in the case of Utah, which is requiring parental consent for social media account creation and Montana, which proposes to block ad targeting, selling kids’ data, and social media use without consent.