Good privacy news out of Google this week. First, a policy expansion that allows removal of select personal data used in Search, including log-in credentials, that could risk identity theft. Second, for YouTube and Display users, a new option to limit ad types, including for parenting, dating and weight loss. And, third, beginning in July, developers will be responsible to show Android users what their apps are collecting.

India’s Computer Emergency Response Team (CERT-In) just set a strict new directive applicable to data centers, Virtual Private Servers (VPS), Virtual Private Networks (VPN), Cloud Service providers, crypto exchanges and others that serve as intermediaries. Effective from late June, organizations will be required to maintain logs containing specified customer data for minimum 5 years, report cyber incidents of concern to CERT within 6 hours, and to respond requests for data CERT-In may impose for “protective and preventive” reasons.