CDP Institute

Italy’s data protection authority, the GPDP, found that ClearviewAI violated fundamental rules of GDPR when it collected biometric and geolocation data on its citizens. The data was collected without obtaining consent, so there was no transparency, or limitations on data usage or storage. Clearview is now required to erase the collected data and banned from future collection or processing of facial recognition data in Italy.

The Video Privacy Protection Act (VPPA), passed in 1988 to protect personal data of Blockbuster and VHS rental customers, has recently been used in suits against streaming services including Hulu, AMC and ESPN. Now, a federal class action suit out of New York accuses HBO of violating the VPPA because it shares customer lists with Facebook, which can subsequently use the HBO data and Facebook’s profile data to ascertain customer viewing habits.

Wyoming’s Genetic Data Privacy Act has been signed into law and will go into effect July 1st. Businesses in the state that collect genetic data must be transparent with individuals about collection, use and disclosure; and must obtain express consent before collecting the data. The state’s Attorney General can levy penalties of up to $2,500 for violation.

The rapidly evolving war between Russia and Ukraine has moved us into uncharted digital waters with complicated alliances and offensive and defensive actions being taken on both sides. Risks are exacerbated by many factors, including that governments, businesses, cybergroups and individuals are quickly taking sides, bring their own agenda and tactics, and most critically, that there’s no clear oversight or way to assess what the consequences may be.

A new trends report from privacy company DataGrail shows how much impact the California Consumer Privacy Act (CCPA) has had in just one year, including in other states. Consumers are exercising their CCPA Data Subject Rights (DSR) to access their data, delete their data, and stop the sale of their information to third-parties. As a result, costs are rising for business in staffing and processing to keep up.

IDology’s 4th annual digital identity study found 61% of were “very” to “extremely” worried personal information is vulnerable to criminals, and 70% think companies capture their data without their knowledge. So, most would support passage of legislation similar to CCPA.

The acceleration of digital due to COVID-19 has taken many forms, and a major area of cyber concern is the intricate interconnection of traditional Internet Cloud data with many new “Smart” devices, grids, operations and overall systems. This includes input from many sectors – healthcare, industry, food & other supply chains, and many forms of infrastructure. Holistically, they are referred to as the Extended IoT (XIoT). A report from industrial cybersecurity firm, Claroty, looks at the rapidly evolving situation, key vulnerabilities, and why hackers’ ability to bypass the need for user action has opened the door for unauthenticated attackers to gain a network foothold and then move laterally—and quietly through a network to launch ransomware or perform other harms.

The Children’s Advertising Review Unit (CARU – a children’s safety program of the US Better Business Bureau) reports that TickTalk Tech failed to meet COPPA requirements, as it didn’t provide clear, non-confusing notice of information it collects on children and it doesn’t notify parents of practices as required by COPPA.

The suit filed late 2020 on behalf of a 12-year-old, accuses TikTok of processing children’s data unlawfully. It seeks damages on behalf of millions of children and the claimant is being sponsored by the former Children’s Commissioner for England, Anne Longfield.

noyb (a.k.a The Center for Digital Rights – and short for “none of your business”), the NGO led by Max Schrems, sent 270 complaints to websites that used cookie banners deemed non-compliant with GDPR. This is after the group alerted sites and gave a 60-day grace period to change banners before making public complaints. This is the same group that in 2021 got regulators in Austria & France to declare Google Analytics’ data transfers illegal.

Meta & Google seem shocked that Australia thinks Australians would prefer to protect their personal information and risk losing benefits provided by ad-supported apps. What can the government be thinking with regard to plans for the Australian Privacy Law? Meta argues these protections will hurt small business, as it did when Apple conceived of stricter on-device privacy controls (which have proved enormously popular with consumers)…while Google raised a geolocation technicality – stating that restricting addresses would be onerous, and perhaps blocking just postcodes would be sufficient. For whom, one might... Read More >

The Philippines’ controversial new SIM Card Registration Bill may soon be challenged in court. The law requires purchasers of SIM cards to register with name, ID and phone number before purchasing a SIM card, and disallows use of fictitious identities in social media accounts. Activists have claimed this robs users, including celebrities and political activists, of the right to anonymity in communication.