CDP Institute

By unanimous votes in the State House and Senate, Iowa is poised to pass the 6th US state privacy bill, though Consumer Reports and other consumer advocates are urging Iowa’s governor not to sign the Consumer Privacy Act (aka Senate File 262) into law. Concerns are that while the bill seemingly includes key consumer safeguards such as the right to know information companies have collected and the right to have information deleted, the verbiage in the law serves to weaken the protections provided to consumers and strongly favors business.

A survey by Digital Third Coast of more than 800 Americans found U.S. consumers are fearful they are being tracked wherever they go. Four in five were concerned about ad tracking, with Baby Boomers and Gen Z most concerned at 84% each. There’s also a level of paranoia about always being spied on, with 60% surveyed reporting they believe their phone is listening to them, 3 of 4 believing Alexa and other devices are always listening, and 60% reporting they believe the government is tracking their phone data.

The US Federal Trade Commission has finalized its order for Epic Games saying it must pay $245 million for its use of dark patterns to get Fortnite players to make unwanted purchases and to persuade children to accrue unauthorized charges without parental consent. The FTC also charged Epic with having locked accounts of customers who disputed unauthorized charges. Consumers can visit FTC.gov/Fortnite to learn more about eligibility for getting a refund.

The company, which came out of stealth in August with $6 million seed funding, can automatically map the flow of data from collection through how it is stored to whether it is being shared with third parties, then can create a trouble ticket to alert an engineering team when there’s a problem.

TikTok has to allay regulator concerns or face multiple shutdowns and bans. This week, 1) a whistleblower told The Washington Post TikTok’s $1.5 billion “Project Texas” plan to protect US user data could still allow China to access company data, 2) Denmark's Centre for Cyber Security’s concerns prompted a public broadcast company to alert journalists to avoid installing TikTok on work phones because of security risks, and 3) TikTok has had to go all-in courting EU regulators to address concerns over its data-harnessing practices in light of the upcoming Digital Services Act (DSA).

FBI chief Christopher Wray revealed during a Senate hearing that the bureau had in the past purchased sensitive location data rather than obtaining a warrant. This prompted concerns among privacy advocates, though Wray indicated that it was not currently the practice to do so and that there were no current plans to do it again. Still, concerns are that without federal privacy legislation, this and other agencies’ practices encroaching on individual privacy may happen without public knowledge.

The UK is opting for business-friendly, billions-saving GDPR-type regulation. The country’s Data Protection and Digital Information Bill (DPDI), which was introduced in September 2022, has incorporated improvements with the clear goals of buttressing the UK business community while ensuring data compatibility with the EU’s General Data Protection Regulation (GDPR). The bill, which is expected to generate £4.7 billion in savings over ten years for the country, also supports reduced paperwork, clarifies consent requirements, and helps to educate the public about AI technologies.

In fact, in a 1,000-person survey conducted by MessageGears of individuals who reported making an online purchase at least once per month on average – nearly 60% ranked keeping their data secure the top priority, whereas personalized digital messages came in as least important.

Compliance with the UK’s Online Safety Bill means disallowing children under age 13 to access sites containing adult material – or kicking them off if they do get on. But according to research conducted between April 2021 and April 2022 by media regulator, Ofcom, Snapchat was shown to be removing accounts of far fewer children than similar social sites. In data shared with Reuters by Ofcom, TikTok was shown to have blocked an average of about 180,000 suspected underage accounts in Britain every month, while Snapchat removed just 60 accounts... Read More >

The European Data Protection Board (EDPB) has issued its opinion on the EU-US Data Privacy Framework (DPF) and has reservations, including about exemptions to data subjects’ right of access, an absence of clear definitions, lack of rules on automated decision making, and lack of clarity on onward transfers, so it will now need more scrutiny by EU institutions. As a result, businesses that transfer personal data between the EU and US should continue relying on the other data transfer mechanisms available under the GDPR, such as Binding Corporate Rules and... Read More >

The UK lawsuit, which alleged Facebook used market dominance to monetize data unfairly, looked to get compensation for 45 million UK users of the social media site. A London tribunal put the burden of proof back on the claimants’ lawyers who have six months to represent.

Book and gift retailer WH Smith has reported a cyber-attack that accessed worker data, but not data of customers. The company, which employs approximately 10,000 people in the UK, reports it has notified the affected colleagues and the authorities. Retailers are at high risk for attacks because they collect a lot of data and are high-profile targets.