CDP Institute

A survey by CommX, CommerceNext, Bizrate and Coresight Research of more than 1,000 shoppers revealed, a vast majority were concerned – 70% strongly agree, 87% strongly or somewhat agree – about data use.  Those in wealthy households ($150,000+ income) were most concerned about how their data was stored.

Finland’s Office of the Data Protection Commissioner is overseeing the GDPR4CHILDRN project, which has a 2-year plan to develop a toolkit to be used by children’s activity associations and by parents and young people to help educate about data protection for youth. Plans are for the toolkit to be published in Finnish, Swedish, and English, and translated into Russian, Estonian, Somali, and Arabic.

If 90+ US human & internet rights groups are to be believed, the end-year push to get the Kids Online Safety Act (KOSA) passed by the Senate during the current lame-duck Congress may do more harm than good. The groups sent a joint letter to lawmakers saying they believe the law’s weakly defined protections for ages 16 and under could provide opportunities for censoring information about LGBTQ+ and reproductive rights and also give parents tools to spy on their kids.

It also allows users to limit use of personal information and it ensures Snapchat’s compliance under the California Consumer Privacy Act (CCPA).

A key aspect is to help businesses sort out nuances of the multiple privacy regulations, including the five new state ones.

The company platform evaluates business privacy programs and aids clients in reaching compliance.

Ireland’s Data Protection Commission (DPC) just announced it is fining Meta €265 million (US $276 million) for GDPR non-compliance due to data scraping. This brings Meta’s 2022 total fines from the DPC to almost €700 million. The DPC oversees the company because it is headquartered in Ireland. And, reports are that more Meta fines may be announced there soon. This fine was for a 2021 breach that affected more than a half million records and resulted in personal data surfacing on a public forum and circulating widely on the web.

The MarkUp and The Verge allege that H&R Block, TaxAct, TaxSlayer, and Ramsey Solutions have shared sensitive personal and financial user data with Meta via Meta Pixel, a JavaScript code snippet embedded in websites. The exposed tax filer data includes income filing status, refund amounts, and college scholarship amounts, in addition to more basic identifying information. And, while the number of people affected hasn’t been confirmed, it is estimated in the tens of millions. Why? Apparently, the data is useful to feed Meta algorithms for ad targeting.

Citizen Labs’ new report adds to criticism of Canada’s pending (and long-titled) Bill C-27: An Act to enact the Consumer Privacy Protection Act (CCPA), the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act. Bill C-27 is an update to the Personal Information Protection and Electronic Documents Act (PIPEDA), which has been in force as federal law for two decades. Among the concerns raised is that the new CCPA law would be weaker than GDPR and that it includes problematic exemptions, including that organizations can decide when benefits of collecting of personal information outweighs risks - and that this could be done without having to notify people of collection or planned use.

A Twitter data breach last year, estimated to have exposed 5.4 million records, was thought to have been achieved and exploited by just one hacker. Now, evidence indicates multiple hackers accessed and then offered the data for sale on the dark web. The compromised data belonged to users from the UK, US and most of the EU countries. Twitter has not yet commented on the story, but as has been pointed out its communications team was just gutted following Elon Musk’s Twitter acquisition.

France has determined that free versions of Office 365 and Google Workspace potentially leave data at risk because they store data in the cloud in the US, so are not under obligation to comply with the EU’s GDPR and Schrems II, the 2020 ruling by the European Court of Justice on the cross-border sharing of data. As a result free versions are not allowed to be used in French schools.

Meta announced new users of Instagram and Facebook under 16, and users under 18 in certain countries will be put by default into more private settings when they join Facebook. This seems good, though those users already on the app will only be encouraged to change settings for more privacy, rather than having their settings changed by the company. At the same time, Meta is testing ways to protect teens from suspicious adults and is building a platform to help keep intimate images from being posted online.