CDP Institute

The Pakistan’s Personal Data Protection Bill draft is scheduled to be completed this month and plans are for strict measures and fines that range from $125,000 for individuals who violate the law to $2 million for businesses that disclose or disseminate personal information without authorization.

After years of speculation, discussion and prognosticating about life after 3rd party cookies in Chrome, it turns out Google was just kidding – and now we need to spread a new set of tea leaves to attempt to read as Google scraps that idea and may: 1) give users an opt-in for tracking, 2) wonder how to get users to want that, and 3) decide advertisers need the Sandbox afterall, once users astutely realize they strongly prefer not to be tracked. Here’s a look at early thoughts.

The Senate is trying again to get children’s privacy legislation passed after it got derailed from passage in the House. Not clear this stands much more of a chance, with the House currently in recess, vocal opposition from members there, plus major lobbying efforts by Big Tech to stall such legislation, but good on behalf of kids to keep trying….

This from having combined XSS with OAuth which led to severe breaches. This could impact millions of websites, including at major brands, including Adobe, Microsoft and T-Mobile.

A class action over Oracle’s alleged collection and sale of web user data resulted in a $115 million settlement. The settlement came shortly after Oracle said it was shutting down its ad business, which had about $300 million revenue in the past fiscal year.

Italy’s antitrust regulators believe Google may have misled users of multiple company platforms, including YouTube, Gmail and Maps, into agreeing to allow it to combine their personal data collected from different services. This is because the company gave them limited choice options.

Malaysia’s House of Representatives approved a series of amendments to its Personal Data Protection Act (PDPA) which will go into law pending approval in the Senate and receiving Royal Assent. Provisions include mandatory appointment of a data protection officer, mandatory data breach notification, changes in rules for data transfers, and data subjects’ rights to data portability.

The National Society for the Prevention of Cruelty to Children (NSPCC) accused Apple of undercounting (by a longshot) the number of times child sexual abuse material (CSAM) appeared on its platforms in England and Wales in a year. The NSPCC found the number of cases there exceeded more than Apple reported for all other countries combined, and to be far less than reported by big tech peers, Google and Meta.

The company is trying to address regulator concerns.

Meta plans to appeal Nigeria’s $220 million violation fine.

A data breach of nearly all AT&T customers via third-party vendor Snowflake has just resulted in a $370,000 payment to the hackers. And, while this is not unusual, it may be a strategy US companies cannot use for long, if a planned law is passed.  The Ransomware and Financial Stability Act 2024, a bipartisan law introduced this spring, would set a limit of $100,000 companies could pay for ransom in a cyber-attack.