CDP Institute

This also included claims from an earlier breach in 2019.

In fact, it would have been even nicer to have been asked before the Meta platform began incorporating the capability to scoop up and retain nuanced details of what you may imagine are private conversations.

TikTok, AliExpress, SHEIN, Temu, WeChat and Xiaomi were flagged by noyb, the privacy advocacy group, for unlawfully transferring EU data to China. While only four admit to sending their data to China, the others don’t disclose where they send data, so expectation is that transfers include to China. This is considered high risk because China is a surveillance state that does not guarantee that it will honor GDPR.

Cognosphere, publisher of popular free-to-play game Genshin Impact, was charged by the US Federal Trade Commission with mishandling children’s data and violating US law by sharing data with advertisers. The company was deemed to be deceiving players about the cost of in-game transactions. It is known in the US as HoYovers.

The EU’s Digital Operational Resilience Act (DORA), which requires banks, financial services firms and tech vendors to bolster systems against cyberattack, is now in effect. Companies should be proactive given that penalties for breaches under DORA can be as high as 2% of annual global revenue and come with sanctions of up to a million euros.

A U.S. judge declined to dismiss a California class action initiated by the parent of a 5-year-old.  The suit claims “intrusion upon seclusion,” which means intrusion upon an individual that is physical or via electronic surveillance.  Some US states allow it as a type of privacy violation.

The US Federal Trade Commission (FTC) has decided to forgo the opportunity to crack down on mass privacy overreach of educational technology companies by deferring the matter to the Department of Education’s Family Educational Rights and Privacy Act (FERPA). This coming at a time when the Trump administration wants to weaken the education department, looks like a big a gift to edtech companies which have run amok sharing data without clear restrictions.

The privacy lawsuit that Texas’ attorney general wanted to bring against Google for misleading residents has been stopped on appeal.  The court ruled that Google has insufficient ties to the state, so is not within the state’s jurisdiction. The Texas AG claimed Google had misled consumers about location tracking data collection and how that data was being used.

In a first, the EU General Court has fined its own European Commission for failing to adequately comply with its data protection regulations. The Court determined the Commission transferred personal data, including IP address and web browser metadata, of a German citizen to Meta in the US without proper safeguards.