CDP Institute

A ruling by Italy’s Data Protection Agency (DPA) that prohibits use of facial recognition technology (FRT) is receiving mixed reviews from privacy advocates, including concern it may set a broader EU precedent. This is due to a caveat in the ruling that FRT can still be used for crime fighting and judicial investigations. The rule is a stop gap measure pending new privacy legislation from Italy’s DPA and at a time when the EU is evolving its comprehensive AI Act, which is intended to be the first comprehensive legal framework... Read More >

Discord, Inc., a voice over IP and instant messaging company, was fined €800,000 by France’s data authority CNIL for failing to define and honor a data retention period in accordance with GDPR. The amount of the fine took into consideration the number people impacted, which was close to 3 million, and also the fact that the company worked throughout the investigation to reach compliance.

India, which this summer shelved plans to pass a Personal Data Protection Bill, has introduced a new draft proposal for a privacy bill that eases the burden on overseas data transfers, but advocates high penalty amounts of up to ₹500 crore ($61 million) for non-compliance and ₹250 crore for breaches. Decisions yet to be made are about which countries would be white listed for data transfers and to what degree state agencies could be exempted from provisions in the bill.

Favorite brands have secret ways to get you to gift them your data for the holidays. This is made easy via fun products, including from Meta with their Quest Pro ocular-reading headset; Amazon, which is hungry for more data to feed Alexa and has several new product offerings; and Google, Verizon, Nintendo and others. The majority of products on this Top 10 gift list are, however, a bit unclear on how you can delete data after you provide it – but no worries! The companies are happy to keep it.

Children’s apps will now face a more stringent process to gain a place in Google’s Play Store because of changes to ensure apps in the store are compliant with children’s privacy regulations, including the Children’s Online Privacy Protection Act (COPPA), and the EU General Data Protection Regulation (GDPR). The vetting process will adhere more closely to Google’s “Teacher Approved” program, which has stricter guidelines than its other programs that oversaw apps not designated for educational use.

This suit claims Facebook violated an article of GDPR by collecting personal data to use for ad targeting.

This brings Facebook in line with other social media platforms, like Instagram and TikTok, which ask for much less information.

IAB argues on behalf of their constituency that this is a matter of “vast economic and political significance” to be reserved for Congress, which conveniently has failed to act on this issue for decades.

The company works as an agent for consumers who as individuals became part of a collective that acts in concert to demand companies desist using, or delete data unless consent is obtained.

The platform uses AI to detect, redact and replace more than 50 types of personally identifiable information in close to 50 languages.

Reports are that an NGO collected personal information including individual Aadhaar ID numbers from voters by having field agents pose as government officials.