CDP Institute

Google received a mixed ruling on a suit alleging the company collected data about people who browsed in “incognito mode.” The federal judge ruled users cannot gain monetary damages on a class-wide basis but did allow the users to proceed with the case to request restricting data collection by Google. In Meta’s case, a federal judge rejected a $37.5 million settlement negotiated by the company and class action lawyers representing an estimated 70 million users. The lawsuit found Meta collected users' IP addresses, revealing general information about location - in violation of a prior privacy policy.

Epic Games LTD, one of the world’s largest gaming companies, has agreed to pay $520 million in the largest-ever US settlement for violating children’s privacy. The suit brought by the Department of Justice and the Federal Trade Commission (FTC) found that Epic had collected and shared children’s information without notice or parental consent, made children’s information visible to adult Fortnite players, and used privacy-invasive default settings. As part of the suit, Epic also agreed to a permanent injunction to not use children’s personal information it had already collected. The $520... Read More >

Tanzania recently passed the Personal Data Protection Act and became the fourth East African Community (EAC) country after Kenya, Uganda, and Rwanda to have a data protection law. Privacy advocates welcomed the news but have concerns about some aspects of the bill including whether Tanzania’s yet-to-be-established Data Protection Commission would be able to act impartially, whether data subjects would be given power of consent, and how security breach notifications will be handled. But, nevertheless, it’s viewed as a good step forward.

Plans are reportedly underway at Twitter to get past the niceties of allowing users individual privacy preferences and instead use a single-option “yes” consent pop-up to force users to consent to ad targeting, location data capture, and third-party data brokering. The facts that this: 1) would likely violate laws including GDPR, CPRA, and CCPA, 2) could trigger a Federal Trade Commission (FTC) enforcement action, and 3) would be incompatible with Apple privacy rules, seems to worry new owner Elon Musk not at all.

Comcast Xfinity, which serves 32 million households, surveyed 1,000 individuals and found that in comparison with their last survey in 2020, the number of connected devices has gone up 25% since before the pandemic and that smart home device shipments are now estimated at $306.3 billion. However, consumers are not practicing cyber-safe behavior. In fact, that significantly decreased since Comcast’s last survey and the report noted that more cyber-safe education is needed.

NetChoice, a tech industry group that includes Amazon, AOL, Google, Meta, and TikTok, has sued to block California’s Age-Appropriate Design Code (AADC) law, which is set to come into effect in 2024.  California’s AADC is the first privacy-by-design law in the United States and is based on the UK’s AADC.  California AADC would require tech companies to put in place more protections to keep children safe online, including making sites more user-centric and transparent. The law also proposes raising the age threshold above 13 years, which is what the federal... Read More >

This agreement between the 38 OECD countries and the European Union is a commitment to use common standards and safeguards to protect privacy and human rights particularly when accessing data for national security and law enforcement purposes.