CDP Institute

Our most intimate data is shared with healthcare providers and services, so when a breach happens there as it did with Blue Shield of California, people are particularly vulnerable. This breach at one of the state’s largest providers potentially impacts the data of 4.5 million patients and can give access to very sensitive information, including social security numbers, information on family, and where you live as well as medical and insurance data.

The EU Parliament and Council reach agreement on the Cyber Resilience Act, paving the way for passage. The proposed law, considered a first-of-its-kind, will require manufacturers of IoT devices to report serious breaches and conduct risk assessments of their products along with informing customers of unpatched vulnerabilities.

Ofcom, the UK’s internet regulator, has issued a draft guidance for porn sites to meet a new legal requirement to prevent children from accessing adult content. The guidance offers a range of options including signing into Open Banking, uploading a copy of their passport with a live selfie to match against, letting the system estimate their age based on a webcam view of their face, and providing credit card details.

They are also calling on data experts, including data scientists, developers and managers to provide feedback.

Palantir, founded by Peter Thiel, is a company known for working with intelligence agencies and military organizations around the world. Now they and four partners, including Accenture, have won an NHS England £330M contract to build a massive data platform for health data sharing. The platform will allow individual and regional health service trusts to share data to increase efficiency and purportedly to improve care. Why worry? Well, it’s early, but tech, medical and civil liberties groups are concerned patients’ data could be mishandled, and it’s not clear if patients... Read More >

Italy’s regulator, one of the most proactive in the EU in investigating AI impact, has invited academics, AI experts and consumer groups to participate in assessing whether online websites are using adequate measures to protect against data scraping by AI platforms. Reuters reports that Italy, France and Germany have already reached agreement on how AI should be regulated and this comes at a time when the EU is completing its AI draft rules.

New Zealand’s regulator will issue a biometrics code draft in early 2024 and invite feedback from experts and the public. The draft code will focus on three main areas: proportionality, which balances why biometrics is being used against its privacy risk; transparency, in terms of providing clear information and notifications; and. purpose limitation, which outlines restrictions on collection and use of biometric data.

Meta, the “My Entitlement To your Assets” company has a penchant for using children to get mass amounts of data you might not otherwise give them. In fact, newly unsealed documents from the 33-state & DC Instagram and Facebook lawsuit, shows despite 1.1 million reports of under-age users on its platform, the company only removed a fraction of them and continued to collect children’s personal information. In fact, allowing this federal privacy violation was an “open secret” routinely documented in the company. And, if that weren’t enough, the company also... Read More >

The dating apps pulled advertising after tests conducted by the Wall Street Journal and The Canadian Centre for Child Protection found major ad brand ads could be served alongside sexually explicit images. Other brands affected include Disney, Pizza Hut, and Walmart.

The company is considering using passenger data to show you personalized ads in-flight.

The first was for a curb on the Federal Trade Commission (FTC) oversight of the platform’s privacy policies and the second was to block the FTC from questioning Elon Musk, who owns X Corp.

The Irish Council for Civil Liberties (ICCL) has issued a report claiming that real-time bidding (RTB), the automated buying and selling of online ad impressions, is being used to target EU military personnel and political decision-makers. This after the ICCL analyzed tens of thousands of pages of RTB data and determined that it would be possible to match sensitive information collected about EU leaders with their location and other data and leave them vulnerable to blackmail or other harms.