CDP Institute

Privacy and dating don’t have a lot in common, but with the IAB Diligence Platform matching tool, advertisers and publishers looking for an adtech partner can fill out their perfect-partner wish list and find “the one” best, compliant vendor match for them.

Sri Lanka, considered to have one of the oldest flags in the world, now has the newest privacy law (passed Jan. 24, 2024). However, concerns are that the controversial Online Safety Act, which gives government broad powers and uses vague wording, will instead be used more to suppress dissent.

Not for lack of trying, according to 1,000+ privacy professionals, but a vast majority of EU companies would likely be found out-of-compliance if a data protection officer showed up unannounced to check. In fact, 74.4% assumed there would be relevant violations at the average company, and 56% reported difficulties trying to convince higher ups to improve on compliance. And, according to advocacy group noyb, more than 32% even reported pressure from their senior management to limit GDPR compliance.

Hard to say who was more dramatic, tech CEOs or the US Senators they were called to account by in a televised hearing. The sparring took place in front of an audience of parents who said their children were harmed or even killed as a result of platform engagement with social media. The proposed law at the center is the Kids Online Safety Act (KOSA), which may have surprised some by garnering endorsements for passage from the likes of Microsoft, X and Snapchat.  But then the question that even many... Read More >

The company is reportedly working to address issues raised.

Uncovered a breach? The US Security and Exchange Commission is expecting your call. Their new 96-hour-reporting-window regulation has gone into effect, and companies must take care to comply. This is designed to protect investor interests and in response to increased consumer expectations for quick action, accountability and transparency when breaches take place.

Italy’s Data Protection Authority (DPA) announced it found evidence of data privacy violations by OpenAI, maker of ChatGPT due to mass collection of data used to train the algorithm. OpenAI has 30 days to respond in its defense. The stakes are high, since fines for companies that break GDPR rules can be up to 4% of the company’s global turnover. This follows an earlier ban of ChatGPT in Italy last spring, which was subsequently lifted.

The New Hampshire Privacy Act (NHPA) has been approved and sent to the governor for signature. The NHPA applies to any business or person that produces products or services for residents of the state, or controls data on New Hampshire consumers. As with other states, minimums apply and there are some exemptions. Consumer rights provided include confirmation of processing, correction, deletion, opt-out rights, and the right to reject  behavioral ad-targeting.

Cisco’s Privacy Research’s seventh annual survey of 2,600 professionals found 94% of organizations say their customers would not buy from them if they didn’t provide adequate privacy protection. Respondents also said customers like hard evidence organizations can be trusted – such as in the form of external certifications, so 98% consider those important in their buying process. Organizations also support global privacy laws, with 80% indicating legislation has had a positive impact.

This 2024 State Children’s Privacy Law Tracker map from Husch Blackwell is a useful tool to identify US children’s-related privacy legislation. JD Supra's article provides an overview of current legislation, and looks ahead to what more states are proposing.

Google is issuing warnings to website and app owners that their account could be suspended in the EU if their GDPR banners aren’t compliant within Google-assigned deadlines.

In a win for privacy advocates, now authorities will have to submit formal legal requests to the company, rather than going direct to users.