News

CDPI Privacy Newsletter

Categories : CDPI Privacy Newsletter

Chick-Fil-A bumps up against VPPA

January 31, 2023
While the US still doesn’t have a federal data privacy law, it does have the Video Privacy Protection Act (VPPN) – a video rental-era holdover of a law that disallows sharing video viewership data without consent. Chick-Fil-A, which has been using a Meta pixel tracker for an ongoing series of Christmas videos, is facing a class action similar to VPPA lawsuits brought against nearly 50 other organizations, including the NBA, GameStop, CNN and BuzzFeed.
CDPI Privacy Newsletter

Twitter Whistleblower explains “GodMode” employee access

January 31, 2023
In the latest Whack-a-Mole privacy exposure reveal at Twitter, a former-employee whistleblower has told the US Justice Department, the Federal Trade Commission and members of Congress that as many as 4,000 Twitter engineers could have accessed user data, including after Musk’s takeover via a function nicknamed “GodMode.” Twitter, again having recently gutted its compliance and communications teams, had no comment.
CDPI Privacy Newsletter

Customers may buy from, but not trust you

January 31, 2023
The Optimove 2023 Consumer Trust of Retailers Survey of US consumers found more than half don’t trust brand handling of personal information, and 77% unsubscribe from brands when they feel information is misused. Interestingly, 64% of the 406 surveyed said they are loyal to and shop at brands they don’t trust – and indicated the most important action a brand can take to change that is, according to 56%, to have a policy that it won’t share personal information.
CDPI Privacy Newsletter

Children’s Privacy: Ministry of Education approved app used by millions of Indian students during COVID left data exposed

January 31, 2023
Digital Infrastructure for Knowledge (Diksha), a key public education tool operated by India’s Ministry of Education and used by millions of Indian students particularly during the pandemic, had its data left unprotected on a Microsoft Azure cloud server for more than a year. Wired, which has verified the story, reported this left the data searchable via a simple Google search.
CDPI Privacy Newsletter

T-Mobile reports 37M customers’ data hacked

January 24, 2023
T-Mobile informed US regulators that a bad actor gained access to data on roughly a third of the company’s 110 million customers. The breach, which was active for approximately six weeks before being discovered and then shut down within 24 hours, reportedly did not access the most sensitive data, such as financial data. Customers were informed that hackers did not gain access to full data sets, though information compromised can still be useful for hackers for phishing and identity theft.
CDPI Privacy Newsletter

Online pharmacies sharing abortion pill data

January 24, 2023
ProPublica found that nine of eleven online pharmacies selling abortion pills used web trackers that share sensitive data with Google. This can put customers at risk since data could be shared with law enforcement. The 9: Abortion Ease, BestAbortionPill.com, PrivacyPillRX, PillsOnlineRX, Secure Abortion Pills, AbortionRx, Generic Abortion Pills, Abortion Privacy and Online Abortion Pill Rx; collect web addresses visited; click, location and search data; and information on devices being used.
CDPI Privacy Newsletter