CDP Institute

Singapore has issued guidelines for deterministic AI system use tying in with its Personal Data Protection Act (PDPA). The guidance, which is not legally binding, clarifies how the PDPA will apply when organizations use personal data to train AI.

A four-year study of cybersecurity, privacy, trust and bias issues in femtech, the data related to women’s health, wellness and sexuality, found sensitive information is often not adequately safeguarded and is sometimes intentionally leaked. Multi-disciplinary research teams based at Royal Holloway, Newcastle University, the University of London and ETH Zurich focused on laws in the UK, EU, and Switzerland. They found women’s health protection underserved in large part because many of the devices and apps used in femtech are not considered “medical,” so fall outside protective guidelines.

A survey of 1,000 parents in the US conducted by Cox Mobile, a division of Cox Communications found that 56% of parents reported their children kept location data sharing accessible on their mobile apps, and 31% of parents said their kids had been contacted on their device by a stranger. More than a third of parents said the stranger referenced their child’s location.

Concerns center around the company’s processing of biometric data. 

LiveRamp is the subject of a 61-page report by Vienna’s Cracked Labs research institute, which claims the company operates mass identity surveillance. The report submitted to UK & French, claims LiveRamp, which houses information on 700 million global consumers, facilitates identity trading with third parties via its proprietary RampID, which is used by customers to exchange data with 500+ third parties. Problem is tRampIDs, despite being pseudonymized, track information and learn about individuals over time, which means third parties can cross-match data to identify and advertise to individuals.

How many friends do you share your tax return with? Just guessing not a lot – but despite that, US company TurboTax thinks you’ll be happy to share them with the world at large if they ask nicely. And they do – despite the fact your tax return is otherwise privacy-protected by law. What’s the benefit? Revenue for them and other tax services that offer the same, at minimum enabling ad-targeting – and beyond that, just imagine the possibilities of full financial disclosure.

Australian Greens and Coalition groups want amendments to the Digital ID Bill that would put checks on law enforcement access and protect against racial bias. The bill, which includes restrictions for banning of data profiling and collection of data on sexual orientation and race, is designed to add business and personal protections to The Privacy Act.

While transparency is touted as the “best” word for businesses to use to assure customers their privacy is being carefully tended to, customers would do well to look to a business’s privacy policy for the real truth about the relationship. A report from Australia’s Consumer Policy Research Centre and the University of New South Wales shows where the pitfalls are. A key problem for survey participants was they didn’t understand much of the policy terminology often used, including ‘pseudonymised information’ (81%), a ‘hashed email address’ (74%), or an ‘advertising ID’... Read More >

A proposed bill in the Vermont Senate is intended to ban big tech companies from collecting kids’ data and from causing physical or emotional harms. According to Senator Kesha Ram Hinsdale, one of the bill’s co-sponsors, it is sensibly modeled on legislation in the European Union and United Kingdom that has proven successful.

Please provide the following biometrics: 1) audio data, 2) hand/body/eye tracking, 3) metabolic data – calories burned, etc., and 4) support data on your environment – real or imagined.

The US Federal Trade Commission (FTC) accused anti-virus software company, Avast of harvesting and selling the data of millions of customers. The company which promised to protect customer data, instead sold it – and now will pay a $16.5 million fine. The data was sold via company subsidiary, Jumpshot, to more than 100 third parties. Exposure included financial and location data as well as health and religious search information.

President Biden is expected to issue an order to prevent data brokers from selling sensitive data on Americans to ‘hostile foreign countries,’ including China, Russia and Iran. The move comes as the US still has not passed federal privacy legislation and concern has grown that advances in AI will make sensitive data, including geolocation, biometric and genomic data easier to analyze and to use for spying or blackmail.