CDP Institute

Good privacy news out of Google this week. First, a policy expansion that allows removal of select personal data used in Search, including log-in credentials, that could risk identity theft. Second, for YouTube and Display users, a new option to limit ad types, including for parenting, dating and weight loss. And, third, beginning in July, developers will be responsible to show Android users what their apps are collecting.

None of my business, really, unless you decide to tell me. But Meta feels it’s crucial for them to know -- and they don’t mind not asking! In fact, in a joint study, non-profit newsroom The Markup and Mozilla privacy platform Rally found Meta snapping up a mass of sensitive data with its Pixel tool. Pixel helps itself to snippets of HTML code, then tracks you around the Web. This crafty tool did so with a mass of FAFSA college student aid data – regardless of whether the users had logged in.  Meanwhile, a Facebook document leak revealed that because it builds systems with open borders, it doesn't know what data it has, and can't find out!

India’s Computer Emergency Response Team (CERT-In) just set a strict new directive applicable to data centers, Virtual Private Servers (VPS), Virtual Private Networks (VPN), Cloud Service providers, crypto exchanges and others that serve as intermediaries. Effective from late June, organizations will be required to maintain logs containing specified customer data for minimum 5 years, report cyber incidents of concern to CERT within 6 hours, and to respond requests for data CERT-In may impose for “protective and preventive” reasons.

Surfshark’s research of the most popular keywords in nine categories shows just how vulnerable we are. Most dangerous popular search term for malware – “Robert De Niro” at 54.1% results of potential malware). “Kate Winslet” came in at 52.6%, and the game, Mortal Combat, at 46.5%. Scarier still for some will be to learn that sweet film “Finding Dory” cruised in at 46.7%, and even Tom Hanks came in high at 51.6%. The report shows which terms are key targets – and how to stay safer.

Privacy management company, CYTRIO research alarmingly found only a small fraction of B2B and B2C companies in full compliance with CCPA and GDPR. This despite mounting fines against those who don’t comply with the regulations – and, in California, the additional requirements that will come in 2023 when CPRA comes into effect along with a 12-month lookback.

Teens fall outside the protective bounds of COPPA, the privacy legislation that protects children up to age 13 in the U.S. Yet, the 13-17 age group is a major consumer group that’s particularly vulnerable to risks and harms – and they’re a complex group to engage with. That’s why BBB National Programs’ Center for Industry Self-Regulation has stepped up with the TeenAge Privacy Program (TAPP), designed to help businesses manage teen data responsibly.

The settlement also requires Zoom to make more than a dozen changes to improve privacy and security.

Researchers from the University of Washington, UC Davis, UC Irvine and Northeastern University said in a report that Amazon uses Alexa voice data for targeting, which is inconsistent with company privacy policies.

Their product is designed to remove friction between privacy law and the constraints of blockchain to move personal information without disrupting the chain.

Big tech, which claims to have far more important ways to spend its time, is about to find out just how much people support their right to ignore hateful, harmful content – or if they want it removed. EU officials have agreed in principle that under the Digital Services Act, companies will need to: 1) make it easier for consumers to flag problems, 2) ban online ads aimed at kids, and 3) allow regulators to punish noncompliance with billions in fines.

It will now take just a click for Europeans to accept or reject cookies on Google search and YouTube when  in Incognito Mode or when signed out. France’s regulator, CNIL, provided guidance for the changes, which began roll-out this month in France, and continues on in the rest of Europe, UK and Switzerland.  Mid-May, the Google Play Store will begin blocking 3rd-party call recording apps – but only for apps that record calls where the person on the other end doesn’t know. However,  if a phone has a pre-installed dialer, that will continue to function. A start, but not feeling overly satisfied with the logic here!

Connecticut’s Senate unanimously approved a Data Privacy Bill, which now moves to the House. If it passes there, it puts Connecticut on track to be the fifth US state privacy law – and it would be one of the strongest consumer protections in the US. It includes rights for consumers to see what’s being collected and to opt out of sharing. It also increases the age limit for youth data protection – up to age 16 from 13, below which young people would need to opt in for data collection.