CDP Institute

While having location data is quite valuable to Google, the company announced it will begin automatically deleting location history when it deems there could be personal risks. This includes visits to abortion, weight loss and cosmetic surgery centers, and to fertility clinics. Google is also making it easier to delete data from app logs, and it has committed to transparency and advocacy to not divulge excessive personal information in instances of governmental or law enforcement requests.

An anonymous hacker claims to have the records of one billion Chinese residents that were obtained from Shanghai’s police database, and is offering it for sale for approximately $200,000. While neither authorities nor hacker contact information have confirmed the claim so far, it comes just when China has promised enhanced data protection.

The US Department of Health & Human Services Office for Civil Rights (HHS OCR) published privacy guidelines to address HIPAA compliance concerns following the Dobbs abortion decision. It clarifies that providers are not required to disclose protected private medical information to third parties, and it addresses when HIPAA, which protects medical information, allows for disclosure. This comes at a time when a number of states are considering passing abortion legislation.  President Biden is said to be planning to formally ask the Federal Trade Commission (FTC) to act to help protect women's abortion rights.

A recent Qonsent poll of 1,000 US consumers and more than 100 marketers found that 94% of consumers want control of data they share with companies, and 66% ranked this as very important. The privacy and consent platform company also found that 78% of marketers believe impending privacy laws will lead to less engagement.

Routine malware checks conducted by Avast Security uncovered malware being propagated on Discord, the popular teen community chat app. The research team was surprised to learn that the activity was coming from teens, and identified the activity as part of a relatively recent trend called “malware-as-a-service,” in which people are given plug-and-play capabilities to be able to hack without the need for technical skills. In this case, it was being done by minors between the ages of 11-16.

A number of major companies announced plans to pull out of the market altogether if India’s Computer Emergency Response Team (CERT-In) is given power to require turnover of private data preemptively for “preventive” security reasons.

Germany’s regulator has already issued a warning letter to the company and BEUC, which consists of 46 organizations across 32 countries, is in contact with other regulators.

It is intended to ensure companies meet requirements of the EU Commission’s new Code of Practice on Disinformation.

Garante, the Italian data authority, found web publisher Caffeina Media Srl in violation of GDPR because its Google Analytics use resulted in the capture of EU personal data. This included device IP addresses, browser information, and visit dates and times – data which was subsequently transferred to the US. The Italian DPA also warned other local sites to check their own compliance. This follows a similar CNIL decision in France.

Alarm bells sounded across the US as citizens considered privacy implications of Friday’s Supreme Court ruling striking down Roe v. Wade. News warnings advising deletion of period tracking apps sparked fears that resulted in huge drops and gains for different apps – and sometimes both happened on the same platform. But the problem is, many decisions (including for one app that saw a 6,000% increase in its average daily downloads) were based on corporate messaging and gut impressions, rather than on what consumers knew about given app privacy practices.

Colorado, one of 5 US states with a new privacy law, has just passed a biometrics law that limits use of facial recognition by state government agencies and higher ed institutions. This law requires organizations that intend to “develop, procure or use” facial recognition technology to provide notice of intent, including how the data will be stored and protected. Prior to beginning use of a system, agencies will need to submit an accountability report, and they must also train users to ensure compliance with related prohibitions.