A mass data breach that’s considered the second largest known after a one billion record breach in China earlier this summer, has been revealed also in China. In this case, human error at the Hangzhou tech company Xinai Electronics inadvertently exposed facial data of 800 million people. Additionally, the company’s database ties to its cloud-based vehicle license plate recognition system. Xinai’s exposed data was not password protected and was found easily available on the web, according to the data researcher who discovered it.

Eureka!! California breaks the log jam and forges ahead with privacy legislation – in the US, and for kids! Meet the California Age-Appropriate Design Code Act (ADCA). Modeled on the UK’s Age-Appropriate Design Code, this game-changer now awaiting the governor’s signature, will go much farther than the federal Children’s Online Privacy Protection Act (COPPA) protecting teens and children by default. Specifically, online sites deemed likely to access youth data will not be allowed to share that data unless they can prove: 1) it is necessary to do so to provide a specific service, or 2) that doing so is in the young person’s best interest. Further, businesses will in most cases be required to implement the most privacy-protective settings by default, and there’s no provision built in for parents or kids to opt-out via consent.