CDP Institute

The US Department of Transportation (DOT) announced it will review how customers’ personal Information is being handled by major airlines, and whether information collected is being shared with third parties. The airlines, including American, Delta, JetBlue, Southwest and United, will also be evaluated based on how they, their employees and contractors are trained to handle passengers’ data and enforcement actions would be pursued if appropriate.

Despite being saddled with a long, unwieldy name and no clear acronym, the Protecting Americans’ Data from Foreign Adversaries Act would, if passed by the Senate, mark a big step in the US regulating personal data handling at the national level. Aimed at the data broker industry, (PADFA?) would bar sales of sensitive data to adversarial nations. However, privacy advocates are concerned this is still too narrow to accomplish significant protection of US consumer data.

France passed the Children’s Image Rights Law to protect children by minimizing risks from parents or guardians sharing kids’ photos and videos and from those images being disseminated. Different from laws such as the UK Age Appropriate Design Code, which focuses on data processing and sales, this looks to reduce risk of exposure and reinforces the importance of protecting children, even when they are too young to advocate for themselves. It reinforces rights to access the images, ensures rectification, erasure, and the right to object how personal images are used.

New technologies, increased global threats, and an evolving web of regulations pose multifaceted challenges to companies trying to maximize compliance and minimize security risk. But the 2024 Thales Global Data Threat Report (DTR), which surveyed 3,000 respondents from 18 countries across 37 industries, found not surprisingly, that of those who reported failed a compliance audit, 84% also said they’d suffering a breach. Malware, phishing and ransomware were listed as the fastest growing attack areas, and even though companies indicated they were improving internal coordination to address these challenges, there’s still... Read More >

A new bill signed by Florida Governor DeSantis is poised to ban social media accounts for children under 14 and require parental consent for accounts for teens ages 15-16. Expectations are the bill will face legal challenges from tech companies, but if it stands it would be one of the most restrictive social media bans for children and would set the stage for similar legislation in other states.

The country’s deputy prime minister indicated multi-pronged incidences, including hackers accessing names and addresses of voters, and attempted reconnaissance on lawmakers were conducted.

Airbnb has announced that hosts will no longer be permitted to install indoor security cameras in their properties. Those hosts who have them already installed will have to remove them by April 30, or risk having their listing or account removed from the Airbnb platform.

The Court of Justice of the EU (CJEU) just ruled GDPR grants regulators power to require any data controllers caught unlawfully processing data to erase such data. This is in addition to the data controllers having to respond to data subjects’ requests to have their data released.

The EU Parliament passed The Cyber Resilience Act (CRA), which is intended to codify cybersecurity law for products with digital elements (PDEs), including smart home devices, connected toys, wearables and software products such as antivirus applications. Expected to be approved by the EU Council in April, it will then move to being adopted as a law. The EU views this as protecting against an important area of vulnerability and will require manufacturers to ensure products have protections for privacy built in.

Sometimes being #1 isn’t a good thing, as is the case in Aleo Network Foundation’s 2024 Data privacy report. In this case, 77% of more than 2,200 consumers surveyed said they were “very or somewhat concerned about privacy, and 48% said data privacy and security is “the most concerning issue” currently affecting the tech industry.

Maryland’s legislature unanimously endorsed a children’s privacy bill, which has been called the Maryland Kids Code, which if passed into law would make it the second US state after California to have specific children’s privacy protection. Key tenets are that companies would not be allowed to profile children for ads, not be allowed to track their location in real time, and they would be required to turn on the highest privacy settings by default for young users. However, opponents led by NetChoice are already gearing up to oppose the bill.

Opponents claim this is government overreach and possibly unconstitutional.  Senate passage is uncertain.