News

Archive for April, 2024

Categories : CDPI Privacy Newsletter
Dates : April 2024

Biden administration updates HIPAA to protect abortion and pregnancy records

April 30, 2024
The Biden administration affirmed the HIPAA Privacy Rule to Support Reproductive Heath Care Privacy. This rule supports women’s privacy by barring doctors and health plans from having to disclose health information about abortions to state officials. The objective is to ensure that information about “legal reproductive care” remains confidential and can’t be collected by state officials for criminal investigation and other use.
CDPI Privacy Newsletter

Kaiser-Permanente notified 13.4M customers of data violation

April 30, 2024
A breach at health care company, Kaiser Permanente exposed the data of ~13.4 million past and present customers who are now being notified by the company of the event. The company clarified the information was shared with other organizations inadvertently, rather than having been hacked or sold, and the company is both investigating the data situation and looking at how to guard against future problems.
CDPI Privacy Newsletter

IT’S THE LAW (04/30/2024)

April 30, 2024
Narrow, but interesting for auto privacy buffs is a new law Utah is enacting – the Utah Motor Vehicle Data Protection Act. This states that car brand companies (franchisors) cannot force car dealerships (their franchisees) to provide access to consumer data held in the dealer data systems. The law does not incorporate protection of data the cars can generate, nor data that can be obtained via devices people connect to their cars.
CDPI Privacy Newsletter

EDPB decides Pay or Ads is unfair

April 23, 2024
The European Data Protection Board (EDPB), in response to a request by the Dutch, Norwegian & Hamburg Data Protection Authorities (DPA), issued an opinion against the so called “Pay or Ads” model that Meta and other big online platforms have used. The regulator concern is that by offering consumers only a binary choice, consumers are forced to opt in to services at a level of consent they don’t want and should be offered a free option of providing companies less or no personal data.
CDPI Privacy Newsletter

IT’S THE LAW (04/23/2024)

April 23, 2024
Nebraska is the sixteenth US state to pass a privacy law. It will take effect July 1, 2025 and provides consumers opt-out rights to protect against online ad targeting and grants universal rights for consumers to use opt-out tools on browsers, where companies they are dealing with honor similar signals from other states. The law is already being criticized for not requiring small businesses to comply and for having limited enforcement mechanisms.
CDPI Privacy Newsletter

Children’s Privacy: TikTok happy with ~$16M wrist slap from UK

April 23, 2024
The UK Information Commissioner’s Office (ICO) fined TikTok £12.7 million (~US $15.9 million), a penalty the company says it was pleased to accept (in lieu of the £27 million originally planned fine). While the company did express some regret for having been found to allow children under 13 use its site without their parents’ consent, we are still left with the questions: 1) Why didn’t they feel badly for doing this?, and 2) Why make these fines so affordable to them, when the message and penalty have no impact?
CDPI Privacy Newsletter