CDP Institute

An ethical framework and best practice guide for the data and marketing industries.

Hamburg’s data authority issued an injunction against Facebook to stop processing the WhatsApp data of German citizens. Facebook, which recently issued new terms for continued use of WhatsApp, has 60M German users. The regulator challenged the legality of Facebook’s update and issued a 3-month order preventing the company from continuing data processing.

Advertisers in the U.S., UK and Germany are either using (66%), or experimenting with (28%) mobile measurement routinely, according to a new AppsFlyer and IDC survey. At the same time they are concerned (69%) about privacy violations, the risk of revenue and reputation loss, and about fines. The survey also found that the toughest punishments were given to U.S. companies (4.4%), a number roughly double either the UK or Germany.

Privicera survey reveals significant challenges in ensuring data security in the Cloud. Seventy percent of Fortune 500 data access participants polled found migrating analytics workloads more difficult; 58% reported a conflict of interest between managing analytics and security; and 81% were not confident of PII deletion across data repositories.

Disqus Inc., the U.S. company which provides a forum and online tools for publishers, received notification from Norwegian data protection authority, Datailsynet that it was acting in violation of GDPR. The data authority found Disqus tracking, profiling and sharing data with third-party advertisers without legal basis.  Disqus said it didn’t realize GDPR regulation applied, since Norway is not an EU member.

This is part of growing opposition to the idea – which Facebook has so far ignored.

Complying with the regulator’s order to recheck ages of all its Italian users, the company identified more than 500K who were either confirmed younger than 13 or were determined likely to be under 16.

Privacy Affairs’ GDPR Tracker provides a country-by-country breakdown of fines levied since the law’s inception in May 2018. Italy, France, Germany and the UK had the highest total fines, while more (22) were levied against companies in Spain than anywhere else.

The “Children and Teens’ Online Privacy Protection Act” has been introduced in U.S. Senate. The bipartisan bill aims to create a ‘Digital Marketing Bill of Rights for Minors,’ updating the country’s Children’s Online Privacy Protection Act (COPPA) with changes including: 1) prohibiting internet companies from collecting personal information from anyone 13- to 15-years old; 2) creating a user ‘Erasure Button’ to excise personal information; and 3) establish a new office, the ‘Youth Privacy and Marketing Division’ at the Federal Trade Commission (FTC).

An Axway survey of more than 1,000 Americans across a broad demographic range showed significant support for the approach Apple was taking to data sharing. Seventy-six percent said mobile apps should tell you when and how you are being tracked, 53% worry about tracking of browser history, 51% about location tracking and 38% about advertiser use of ad tracking.

The same week that Peloton announced a voluntary recall of two treadmills, independent research firm, Pen Test Partners say they notified the company in January of flaws in its API that could allow unauthenticated individuals to view sensitive information, even for users who chose private mode account settings. The security firm says that the company’s initial fix did not fully solve the problem and Peleton has not fully reported how many people may have been impacted.

Google has indicated it will introduce a “safety” section to its Google Play marketplace. Beginning next year, app developers will be required to share information on the data they collect, and how it’s stored and used. Google’s plans differ from Apple in that the focus is on whether the data is being handled responsibly, not gathering consent to what is collected and tracked. Google will also allow independent verification of the app data labels, which may add to user trust.