CDP Institute

Recall, Microsoft’s optional “feature” coming to Copilot+ PCs, has been called “chilling,” and “a privacy nightmare,” and the UK Information Commissioner’s Office (ICO) has reached out to the company over safety concerns. Privacy advocates have said Recall, which can search a user’s past activity including files, photos and browsing history, is problematic because it takes screenshots every few seconds and can then search those images.  The risk is that potentially sensitive information displayed on the screen can be captured and exposed.

One of the world’s largest banks, Spain’s Banco Santander, announced a breach of a third-party provider. The institution believes the threat actor has accessed certain data of customers in Chile, Spain, and Uruguay, and of some former employees. The bank, which has 140 million customers globally, has been implementing containment measures to deny further access and has warned customers against sharing codes and passwords with any third party, if someone who claims to be an employee contacts them.

Minnesota, which this week has a new state flag, also has just approved the Minnesota Consumer Data Privacy Act. The Act grants consumers the right to data access, rectification, erasure, portability, and the ability to opt-out from targeted advertising. However, it does not grant private right of action.

Despite doom and gloom warnings on consequences of not moving to cookieless marketing soon, only 32% of global publishers are actively preparing for this critically important transition, according to media platform company Teads’ survey of 555 publishers across 58 countries. Confusion is a key factor, with 53% of those surveyed saying they’re overwhelmed by the numerous solutions and only 28% feeling confident they understand the new landscape.

Google announced teen privacy changes for YouTube, standard Search, Google Assistant, location history, Google Play, and Google Workspace for Education. This includes blocking ad targeting, making YouTube teen user videos private by default, and expanding the SafeSearch feature to filter explicit results.

A £750,000 fine has been levied, but the bigger concern is for police employees who have had to move house or be separate from family members to ensure safety.

Got a tracker on you? If you do and it’s one that has been dropped surreptitiously, then Apple and Android are now prepared to tell you. It’s just like having your own personal spy-friend!

Pretend you’re a consumer and give thumbs up or down for this one. Visa (often my credit card of choice) wants consumers to consent to letting it use AI to share previously withheld consumer transaction information with retailers. Problem at present is customer incentives are unclear.

Taking teeth out of BIPA in the bell weather state of Illinois? It’s a question as the bipartisan majority in the state Senate approved the first major change to the Biometric Information Privacy Act since the law was first passed in 2008. This, which involves toning down damage rewards costs for businesses, comes after the Illinois Supreme Court suggested clarification for the law, which has resulted in multi-million-dollar settlements against tech companies for collection of biometric data.

A children’s jewelry maker recently raised an alarm, contacting The New York Times after a business ad she placed on Instagram that featured a 5-year-old girl wearing jewelry found its way via an algorithmic path to adult men interested in sexualized interactions rather than to prospective customers for youth jewelry. The Times’ investigation turned up a number of disturbing reasons these two worlds can intersect, including Meta algorithms that direct men to photos of children, and also an attraction to child and parenting influencer social media accounts.

First is the AI-driven Theft Detection Lock sensitive to snatching-type behavior that will auto-lock your screen. Second is the Offline Device Lock that will lock your device for attempted thief-type behavior. And, third is Remote Lock, which enables a user to lock their smartphone or tablet remotely.

Dell Technologies has announced a data breach and has sent messages to alert customers. The company said payment information was not accessed, though customer names, addresses, and order details were. This follows receipt of a threat actor claim last month on the dark web saying access to 49 million records of Dell customers and employees was accessed.