CDP Institute

Increasingly, US states are proposing or enacting laws that could deprive LGBTQ individuals of gender-affirming care. This refers to procedures and treatment done to support a transgender or nonbinary person in a gender transition. The concern which was recently addressed in new guidance from the US Office for Civil Rights (OCR), is that some laws require medical providers to disclose protected health information (PHI), which is in violation of the US Health Insurance Portability Accountability Act (HIPAA).

A HubSpot poll of 300 emailers found that, despite previous alarm that Apple’s Mail Privacy Protection and iOS 15 changes would take a massive toll on open rates (and email marketing overall), the impact has been quite moderate. In fact, 47% were neutral about it, and the rest split almost evenly – with 29% negative, and 24% who felt it was actually positive. However, those that reported it positively were also more likely to be leveraging channels other than email for marketing.

All’s fair, it seems, when trying to boost the number of kids using Facebook. That all-important goal has prompted parent company Meta to orchestrate a nationwide – and sometimes deceptive campaign to take down (or at least hobble) its biggest global competitor, TikTok. According to The Washington Post, this effort led by Targeted Victory, a political consulting firm, includes placing op-eds and letters to the editor in newspapers – and even lobbying to present TikTok as a danger to American children and society. And, while TikTok has had its own... Read More >

The company has been named for collecting facial data without providing information on how it would be used and how long it would be kept.

This is being discussed in Parliament because it is in violation of the legislative intent.

Not intentionally, perhaps, but it can pick up voice and swivel to get panoramic views. And, despite the fact the company was notified in 2019 and again last month of vulnerabilities that made the camera data vulnerable to hackers, it waited until last week to notify its customers.

The EU announced sweeping change via the Digital Markets Act (DMA), to force Amazon, Apple, Google, Meta – and anyone else with $83 billion+ annual revenue – to significantly alter how they treat EU consumers and operate in the EU. The DMA targets treatment in app stores and marketplaces; on search engines, social networks, and web browsers; and in cloud and ad services. It requires the ability to unsubscribe, fair access for sellers, and notification of mergers or acquisitions. It forbids ad targeting without consent, preferential treatment against competitors, reuse... Read More >

Hoping the third time’s a charm, the EU and US agreed in principle to terms that would allow businesses to transfer data to the US. This comes after two previous attempts failed because the EU felt citizen data wouldn’t be adequately protected. The question now is, if as before, the agreement will face legal challenges, including from privacy advocate Max Schrems and his noyb (stands for “none of your business”) group. In even more proactive data-transfer solving news, the UK announced that new transfer tools are ready under UK GDPR. These are the International Data Transfer Agreement (IDTA), and an addendum to the EU Commission standard contractual clauses. 

The Utah Consumer Privacy Act (UCPA) has been signed, making Utah the fourth state, following California, Virginia and Colorado, to have its own privacy law. The law is considered more business-friendly than predecessors and sets a new precedent by having a two-step process to implement enforcement. While it does provide consumers the right to access their data and to opt out of sales (narrowly defined) and targeted advertising, it does not provide private right of action or require prior consent for collection of sensitive data.

For example, why do marketers have to add this to their To Do list? Excellent question - and one of many that leading experts from Accenture, Acxiom, the Children's Advertising Review Board, Digital Smart Consulting, Hansa Cequity, Left Right Centre, Oracle, Tealium, and Treasure Data will address at CDPI's first Privacy to Market conference, April 26th from 8:45 am to 2:15 pm ET.

With Apple 15.2, customers have access to the Record App Activity tool, and with that they can check what a given app is doing. Surprisingly, despite the fact that Apple’s settings can deny permission for app tracking connections, URLgenius’s survey of 200 popular apps across 20 niche categories using the Record App Activity recorder found that even when permission denied, they made an average 15 potential connections with 80% to third party domains.

New York City’s Department of Education has asked the NY police department and FBI to investigate the hack of a widely-used online grading system owned by Illuminate Education that resulted in the exposure of 820,000 of the city’s students. Families are being notified about the extent of the breach, which included biographic, economic and academic information as well as sensitive information on who receives disability services. Questions being posed of whether encryption levels met state compliance guidelines.