Italy’s Data Protection Authority (DPA) announced it found evidence of data privacy violations by OpenAI, maker of ChatGPT due to mass collection of data used to train the algorithm. OpenAI has 30 days to respond in its defense. The stakes are high, since fines for companies that break GDPR rules can be up to 4% of the company’s global turnover. This follows an earlier ban of ChatGPT in Italy last spring, which was subsequently lifted.
Uncovered a breach? The US Security and Exchange Commission is expecting your call. Their new 96-hour-reporting-window regulation has gone into effect, and companies must take care to comply. This is designed to protect investor interests and in response to increased consumer expectations for quick action, accountability and transparency when breaches take place.
The New Hampshire Privacy Act (NHPA) has been approved and sent to the governor for signature. The NHPA applies to any business or person that produces products or services for residents of the state, or controls data on New Hampshire consumers. As with other states, minimums apply and there are some exemptions. Consumer rights provided include confirmation of processing, correction, deletion, opt-out rights, and the right to reject behavioral ad-targeting.
With CDP vendors increasing their workforces by 3.4% in six months, compared with an average of 0.2% each six months over the prior two years, the sector seems to be growing again, according to our own semi-annual industry update. There is much talk of composable CDPs but they still employ no more than 5% of the sector workforce. What is a clear trend is the acquisition of independent CDPs by vendors interested in adding a CDP to a larger system (usually an activation system).