CDP Institute

Deception’s not okay with California, so to ensure Google gets (and remembers) the message, CA’s Attorney General slapped a $93 million fine on the company for having led users to believe they were turning off location history, when in fact they either were not – or were inadvertently turning it back on. And Google also allowed personal ads to be shown after users toggled that option off. So, CA’s AG has helpfully sent Google (along with the fine) a list of a half dozen things it must do to comply.

X (formerly Twitter) used to own MoPub, the mobile ad platform accused of “illegal trafficking” of personal data of millions of Dutch users while Twitter owned it. The class action suit alleges MoPub collected people’s data and then shared and traded sensitive information with scores of companies without user knowledge or consent in clear violation of GDPR.

The Delaware Personal Data Privacy Act is now the 12th US state privacy law.  The Act allows residents to opt out of ads based on pseudonymous data collected over time – including data stored on cookies or other identifiers. Ads based on first-party data or contextual ads are still fine.

A UserTesting survey of consumers in the US, Australia and UK found consumers will consider trusting AI for a good retail deal. Of those surveyed – 2,000 US, and 1,000 each in Australia and the UK – 87% of US consumers were willing to exchange personal information for savings and exclusive deals, compared with 24% AU and 27% UK. Around a third (36% US, 28% AU, 39% UK) were willing to use AI for auto-ordering and shopping online.

Ireland’s Data Protection Commission (DPC) issued its ruling against TikTok, charging €345 million (~ $367 million) for its non-privacy-by-default settings that set children’s accounts to public by default on sign-up, which allowed their videos to be publicly viewable, their comments to be publicly read, and their “Family Pairing” links to adults to be linked to adults not verified to be a parent or guardian.

This is a concern because companies need to implement more inclusive data-privacy practices to ensure consumer protections are protected at levels to ensure compliance regardless of the state they live in.

What a difference three years makes. IBM, which in 2020 told Congress it would stop offering “general purpose” facial recognition in response to concerns about resulting racial profiling, has just signed a $69.8 million contract with the UK to develop a national biometrics platform. The purpose is to provide facial recognition capability to government immigration and law enforcement – but IBM stated this is not in conflict the 2020 promises because it won’t be used for public surveillance.

New York is making it harder for advertisers to use geofencing tactics when near healthcare facilities, in an effort to protect the privacy of people using those facilities. Geofencing allows tracking within a particular geographic area. In this case, corporations are prohibited from creating a geofence within 1,850 feet of a hospital or health facility.

Uganda is pressuring business, government, legal, health, and financial organizations to register with its Personal Data Protection Office (PDPO) to comply with requirements of its data protection law. This follows a major breach last year which impacted its stock market’s data storage due to problems with its data management system.

In fact, Mozilla alarmingly reports you’ve got a data-brokering spy there too. Their survey of twenty-five top car brands found cars are by far the worst offenders (more than your phone, doorbell camera, or the fridge) when it comes to your privacy. Tesla was rated worst and was followed by Nissan, which gathers information including on sexual activity – but then Kia claims to do something similar. Once collected, 84% sell the data, and 56% are prepared to provide your data to law enforcement for just a polite ask. Check... Read More >

Barbie, Hot Wheels, American Girl and other top Mattel brands can be marketed to YouTube viewers under 13 without violating COPPA protection rules, as a result of the deal in which Mattel will leverage Pocket.watch’s child-friendly ad sales capabilities. Pocket.watch is one of the few third-party companies that has received YouTube’s approval to sell contextually targeted, COPPA-compliant ads.

It has been used in 70 or more class actions against companies like General Mills, Geico, and Chick-fil-A that were filed just in the past year.