News

CDPI Privacy Newsletter

Categories : CDPI Privacy Newsletter

Italy fines UniCredit $3.1M; investigates OpenAI’s “Sora”

March 12, 2024
Italy’s Garante, one of the EU’s most proactive regulators, has fined the country’s second largest bank, UniCredit, and has launched an investigation of a new OpenAI product. The €2.8 million (~US$3.1 million) UniCredit fine, which the bank plans to appeal, is in response to a 2018 data breach that may have impacted thousands of customers. The OpenAI Sora investigation is to clarify how the new algorithm, which creates short videos from text instructions, is trained, to understand what data it will collect, and to determine compliance with EU regulations.
CDPI Privacy Newsletter

EU Commission must remediate Microsoft 365 problems & other privacy rule violation

March 12, 2024
The European Data Protection Supervisor (EDPS), which oversees EU institutional privacy compliance, found the EU Commission in violation of GDPR through its use of Microsoft 365. This includes neglecting to implement adequate safeguards for data transfer and failing to specify types and purposes for personal data collection. Corrective measures will include suspension of data flows to Microsoft and its affiliates in non-EU/EEA countries that lack adequacy decisions, and aligning data processing with regulations.
CDPI Privacy Newsletter

Intentional or not, women’s health & wellness data not well protected

March 12, 2024
A four-year study of cybersecurity, privacy, trust and bias issues in femtech, the data related to women’s health, wellness and sexuality, found sensitive information is often not adequately safeguarded and is sometimes intentionally leaked. Multi-disciplinary research teams based at Royal Holloway, Newcastle University, the University of London and ETH Zurich focused on laws in the UK, EU, and Switzerland. They found women’s health protection underserved in large part because many of the devices and apps used in femtech are not considered “medical,” so fall outside protective guidelines.
CDPI Privacy Newsletter

Children’s Privacy: Kids’ location data sharing linked to increased risk of communication from strangers

March 12, 2024
A survey of 1,000 parents in the US conducted by Cox Mobile, a division of Cox Communications found that 56% of parents reported their children kept location data sharing accessible on their mobile apps, and 31% of parents said their kids had been contacted on their device by a stranger. More than a third of parents said the stranger referenced their child’s location.
CDPI Privacy Newsletter

LiveRamp flagged for extensive privacy violations to UK, French regulators

March 5, 2024
LiveRamp is the subject of a 61-page report by Vienna’s Cracked Labs research institute, which claims the company operates mass identity surveillance. The report submitted to UK & French, claims LiveRamp, which houses information on 700 million global consumers, facilitates identity trading with third parties via its proprietary RampID, which is used by customers to exchange data with 500+ third parties. Problem is tRampIDs, despite being pseudonymized, track information and learn about individuals over time, which means third parties can cross-match data to identify and advertise to individuals.
CDPI Privacy Newsletter

TurboTax politely invites your ok for financial exposure

March 5, 2024
How many friends do you share your tax return with? Just guessing not a lot – but despite that, US company TurboTax thinks you’ll be happy to share them with the world at large if they ask nicely. And they do – despite the fact your tax return is otherwise privacy-protected by law. What’s the benefit? Revenue for them and other tax services that offer the same, at minimum enabling ad-targeting – and beyond that, just imagine the possibilities of full financial disclosure.
CDPI Privacy Newsletter

Word salad: Bad for privacy, Australian report shows

March 5, 2024
While transparency is touted as the “best” word for businesses to use to assure customers their privacy is being carefully tended to, customers would do well to look to a business’s privacy policy for the real truth about the relationship. A report from Australia’s Consumer Policy Research Centre and the University of New South Wales shows where the pitfalls are. A key problem for survey participants was they didn’t understand much of the policy terminology often used, including ‘pseudonymised information’ (81%), a ‘hashed email address’ (74%), or an ‘advertising ID’... Read More >
CDPI Privacy Newsletter