CDP Institute

The suit, which was filed in Kenya in December, alleged that inflammatory comments on the social platform may have fueled sentiments over Ethiopia’s civil war.

Synthetic data is generated using computer algorithms and takes a real data set, then employs AI to learn patterns from that data and finally produces similar data in volume. Gartner projects this area will account for 60% of information for analytics projects by 2024 and it will address the growing need for large volumes of data in the absence of consent for data set harvesting.

White Castle and a dozen business groups are trying to hold back against a ruling from Illinois’ Supreme Court that claims the company should pay $17 billion+ as a penalty for repeatedly collecting employee biometric data without consent. “Repeatedly” is key here, since the court wants to charge White Castle for each time they scanned the 9,500 employees, while company lawyers argue it should only be charged for the initial scan.

TikTok, which has been running afoul of EU regulators and recently received warning tougher rules are planned this year, has announced plans for two new EU data centers. The intent is to migrate the company’s EU user data there to be stored and managed locally.

New regulations and changes to existing laws are expected this year and soon after in Asia. India and Vietnam have legislation in process; and Australia, Japan, Korea, New Zealand and Singapore are looking to more closely align with the EU’s GDPR. Morrison & Foerster’s overview looks at changes evolving with regard to scope, cross-border transfers, breach notification rules and enforcement.

A true/false test taken by 2,000+ US consumers found 77% still don’t understand how they’re being tracked by companies. Not surprising, since privacy policies have so often been written in ways to obscure the information. According to this test conducted by the University of Pennsylvania Annenberg School, it would be good for the Federal Trade Commission to set more stringent limits (as it seems to plan to do) on data collection by companies, rather than to rely on individuals to opt in or out of having data collected on them.

Ever click from social to a brand site to make a purchase, or go back to the company site to buy later? According to a Simplicitydx survey of more than 3,000 US consumers’ social shopping behavior, only 23% reported clicking over, directly as opposed to 48% who said they would return to the brand website later to buy. That’s because trust levels in social are still low. It also makes for massive underreporting – as much as 245%, according to Simplicitydx – of the conversion rate.

The UK Information Commissioner’s Office (ICO) has released new guidelines for video games to ensure they comply with the UK Children’s Code. Requirements include that companies must: 1) identify that if players are under 18, the game is not detrimental to them; 2) work to discourage false declarations of age; and 3) demonstrate that behavioral profiling for marketing purposes is switched off by default.

The suit, filed on behalf of a group of Illinois residents, says a person’s facial features are unique, so collecting and using them without consent is in violation of BIPA rules.

A wrist-slap for Meta, which was found in violation of South Korea’s Personal Information Protection Act (PIPA) for blocking users from Facebook and Instagram if they refuse to provide behavioral information. Penalty cost for Meta is intended to be 6.6 million won (about US$5,240).

Indiana, Utah and Maryland lead the list of states actively pushing for new privacy legislation. Indiana’s bill, similar to the Virginia Consumer Data Protection Act, moves from State Senate to the House; Utah’s amended bill allowing private right of action against social media companies passes the State House; and in Maryland, three new bills were filed addressing biometrics, children’s data and health data. More bills are taking shape across the country from Washington, DC to Hawaii.

What’s the state of GDPR enforcement? CMS Law, a global firm with seventy offices in 40 countries, offers an at-a-glance GDPR Enforcement tracker that includes country, decision date, fine, and the controller overseeing the case.