CDP Institute

A new report looks at case filings involving the California Consumer Privacy Act (CCPA) private right of action provision, which is used when a business is deemed to have failed to implement security practices to sufficiently protect personal information from disclosure or theft. As of March, less than a year after the law began to be enforced, 83 actions had been filed, more than half of which were against the same 11 defendants. 83% of those filed were data breach claims, and 61% of cases filed unfair competition law (UCL),... Read More >

This reflects the pressure companies are facing on use of this technology, which has been shown to deliver inconsistent results in accurately identifying individuals, particularly from Black and Brown communities.

WhatsApp, which planned to mandate users agree by May 15th to a new privacy policy or lose access to service, faced new opposition this week. India asked for proof of sufficient protection for its citizens. Brazil delayed full enforcement of WhatApp’s policy pending determination of compliance with their LGPD law. Turkey had conflicting reports about whether WhatsApp would apply the new update now. And, Germany earlier this month ordered Faceook to stop processing WhatsApp user data.

Germany has passed a new Data Protection Act to unify the country’s privacy provisions from their Telecommunications Act and Telemedia Act and bring them in line with GDPR. The new law, known by its acronym TTDSG, is intended to make the legal situation in the country clearer and more consistent, though some critics feel its provisions on personalized data are too loose.

Company could be forced to halt transfer of EU user information to its servers.

An ethical framework and best practice guide for the data and marketing industries.

Hamburg’s data authority issued an injunction against Facebook to stop processing the WhatsApp data of German citizens. Facebook, which recently issued new terms for continued use of WhatsApp, has 60M German users. The regulator challenged the legality of Facebook’s update and issued a 3-month order preventing the company from continuing data processing.

Advertisers in the U.S., UK and Germany are either using (66%), or experimenting with (28%) mobile measurement routinely, according to a new AppsFlyer and IDC survey. At the same time they are concerned (69%) about privacy violations, the risk of revenue and reputation loss, and about fines. The survey also found that the toughest punishments were given to U.S. companies (4.4%), a number roughly double either the UK or Germany.

Privicera survey reveals significant challenges in ensuring data security in the Cloud. Seventy percent of Fortune 500 data access participants polled found migrating analytics workloads more difficult; 58% reported a conflict of interest between managing analytics and security; and 81% were not confident of PII deletion across data repositories.

Disqus Inc., the U.S. company which provides a forum and online tools for publishers, received notification from Norwegian data protection authority, Datailsynet that it was acting in violation of GDPR. The data authority found Disqus tracking, profiling and sharing data with third-party advertisers without legal basis.  Disqus said it didn’t realize GDPR regulation applied, since Norway is not an EU member.

This is part of growing opposition to the idea – which Facebook has so far ignored.

Complying with the regulator’s order to recheck ages of all its Italian users, the company identified more than 500K who were either confirmed younger than 13 or were determined likely to be under 16.