The Privacy Corner (Robert Bateman)

Send us a text

This week’s Privacy Corner Podcast covers US state privacy law developments, data protection in AI development, and privacy in consumer products.

Send us a text

This week’s Privacy Corner Podcast covers three fresh GDPR judgments from the EU’s top court, the FTC’s proposed order to stop Meta from profiting from children’s data, France’s second multi-million fine against Clearview AI, and Kochava’s partial victory against the FTC’s privacy case.

Send us a text

This week’s Privacy Corner Podcast covers GDPR fines, UK data protection reforms, Meta's defense, EU-US data privacy framework rejection, and French AI Action Plan.

Send us a text

Our special episode commentating GDPR's 5th Anniversary along with the latest on Meta's GDPR fine, TikTok investigation, FTC's privacy order, and Nevada's new privacy bill. 

Send us a text

What if we told you that the Washington My Health, My Data Act is the most significant US privacy law since the CCPA in 2018? This week, we're joined by privacy experts Robert Bateman and Vopav Anthil as they unravel the implications of this groundbreaking law and its broadened concept of health information. Discover how it's creating new opportunities for health tech startups and the potential impact on data-driven businesses.

We also delve into the recent relaunch of Chat GPT in Italy and the strict privacy controls OpenAI had to put in place to satisfy the Garante, the Italian regulator. Are large language models (LLMs) actually compatible with the GDPR? Our hosts discuss this hot topic and explore the future of state-level privacy laws in the US, as they break down the recently passed Indiana privacy law. Join us for this engaging conversation that provides valuable insights for businesses and privacy enthusiasts navigating the ever-evolving world of privacy and data protection.

Send us a text

How does Microsoft find itself in hot water with the FTC over children's privacy, and what can we learn from a Danish GDPR decision? Join me, Robert Bateman, in the Privacy Corner as we uncover the intricacies of Microsoft's violations of the Children's Online Privacy Protection Act and discuss the proposed order that seeks to change the tech giant's approach to handling data from users under 13. We'll also tackle the delicate balance between safeguarding children's privacy and scanning biometrics, ensuring you stay informed on the ever-evolving world of data protection.

But that's not all! We'll also dive into Florida's Digital Bill of Rights, investigate a massive ad targeting database brought to light by Wolfie Crystal, and examine the data protection implications of cutting-edge Neurotech devices. Plus, stay ahead of the curve as we explore Apple's Vision Pro headset featuring eye-tracking technology and the company's new privacy manifest feature. And, if you're tired of unnecessary SDKs stuffed into apps, we've got you covered with a spotlight on Provado's innovative solution. Don't miss this engaging conversation on privacy scanning products like Pravado, and how they can shield users from unwarranted data collection.

Send us a text

In this week's discussion, we dive deep into the sweeping changes in US privacy laws that 2023 brought to us. We kick off with a comprehensive roundup of the new state privacy laws that came into effect this year, from the California Privacy Rights Act (CPRA) to the Utah Consumer Privacy Act (UCPA). Not only that, but we also delve into the state privacy laws passed this year, set to take effect in the coming years, including the Indiana Consumer Data Protection Act and the Texas Data Privacy and Security Act. 

Our conversation also touches on other privacy-related laws signed in 2023, such as Florida's "Digital Bill of Rights" and the Washington and Nevada My Health My Data Acts. Plus, we don't miss out on discussing the FTC's privacy-related actions this year. 

Joining us in this episode is Debra, as we explore the impacts these laws could have on individual privacy, the challenges of complying with diverse rules across jurisdictions, and whether the ADPPA or another federal privacy law will ever come into effect. Toward the end, Debra gives invaluable advice on how privacy teams should approach compliance with these diverse laws if operating across multiple states. 

Tune in to gain insights into the evolving landscape of US privacy laws. Don't forget to like, share, and subscribe for more comprehensive law discussions.

Send us a text

In this week's episode, we discuss recent developments in data protection and privacy laws, including a major EU court decision that found Meta cannot rely on consent, contract, or legitimate interests for targeted ads. We also cover a $3 billion lawsuit against OpenAI and Microsoft alleging privacy violations and actions against Google Analytics by Swedish regulators. 

Send us a text

In this week's news Robert Bateman, and Abishai, a privacy advisor from Privacy Team, talk about recent privacy news items and developments regarding the EU US Data Privacy Framework. They discuss the Norwegian Data Protection Authority banning Meta from behavioral advertising in Norway, the California Attorney General enforcing the CCPA to cover employee data which surprised many companies, and a data breach of military intelligence documents caused by a typo in an email address, highlighting the role of human error in data breaches. They also cover the pros and cons of US businesses signing up for the new EU US data privacy framework and the European Data Protection Board's note regarding it.

Mentions:

• Norway banned Meta's behavioral advertising, California enforced the CCPA on employee data
• A data breach occurred due to a typo in an email address, showing how human error causes breaches
• Businesses signing up for the new EU US Data Privacy Framework may provide benefits
• A backup plan is recommended in case it is invalidated like past frameworks
• The European Data Protection Board's note regarding it is covered

Send us a text

This week in privacy. US regulators issue warnings over healthcare tracking, raising questions of legality. OpenAI CEO Sam Altman's new venture, Worldcon, exchanges iris scans for crypto, igniting privacy debates. Meta fined over VPN data misuse.

Send us a text

Join Robert Bateman in this week's Privacy Corner, where he explores key privacy-related issues. This episode discusses Meta's switch to consent-based advertising in Europe, the progress of the Kids Online Safety Act and COPPA 2.0 in the US, and a controversial case involving UK's ICO and FaceWatch. Subscribe for weekly insights on how privacy, technology, and government regulation intersect. Stay tuned!

Send us a text

Send us a text

In our latest Privacy Corner discussion, we talked about privacy issues with the new education app Satin and how it shares students' private info. We also covered Zoom's TOS controversy around AI training. Finally, we got an overview of new state privacy laws passed in 2022 and 2023 from privacy expert Jody Daniels, including in CA, VA, CO, CT, UT and more states. Lots of insights on navigating this changing legal landscape!

Send us a text

In this week's Privacy Corner, we dive into the CPPA's recent draft regulations, explore the mounting concerns over privacy in the realm of connected cars, and shed light on Airbnb's recent clash with GDPR rules in Ireland.

Send us a text

Navigate the intricate maze of data privacy with the "Privacy Corner" podcast! Join Robert Bateman, a seasoned privacy advocate and industry expert, as he delves deep into the week's most pressing privacy stories from around the world. From corporate takeovers and their unforeseen data repercussions to evolving state legislations and international data protocols, Robert brings clarity to the often clouded waters of the digital privacy realm.

In this episode:

• 🌐 The Twitter Tangle: Journey through the fascinating revelations from a recent court finding about Twitter (or should we say 'X'?) during Elon Musk's early days at the helm.
• 📜 Delaware's Privacy Playbook: An in-depth analysis of Delaware's newly minted privacy law. Does it set a precedent or simply follow the crowd?
• 🇬🇧 UK's GDPR Shake-Up: The UK contemplates a seismic shift in its GDPR stance. Together, we unpack its implications and the bigger picture it paints for global data protection.

Send us a text

In privacy news this week:

• Dive into the alarming rise of "Sherlock", the zero-click spyware infiltrating through targeted ads and its potential global implications.
• Delve deep into the California Age-Appropriate Design Code Act's controversy, touching upon the tension between kids' online safety and free speech rights.
• Traverse the tumultuous waters of the EU-US Data Privacy Framework, exploring the growing challenges and what it means for data transfer across borders.

Featuring insights from Robert Bateman and the Privado.ai team.

Send us a text

This week in privacy - The UK unveils a groundbreaking "UK-US Data Bridge" to streamline personal data transfers. Meanwhile, OpenAI faces GDPR scrutiny in Poland, and Meta's ad algorithms are set for legal examination. Read more in this week's edition. 

Send us a text

Send us a text

In this episode of 'Privacy Corner', privacy expert Robert Bateman delves into some significant privacy news items. First on the agenda is Biden's eagerly awaited executive order on safe, AI, which heavily emphasizes privacy and introduces concepts such as 'Privacy Enhancing Technologies' and 'Differential Privacy Guarantee'. Second, the EDPB's decision on META's behavioral advertising methods is analyzed, with Robert debating its effectiveness and potential future consequences. Lastly, the script discusses the arguments outlined against the EU US Data Privacy Framework, specifically centering around Philippe Latombe's challenge to the framework. The episode concludes by expressing skepticism about whether Latombe's case will proceed but recognizes some valid arguments that might be reconsidered by others in the future.

Send us a text

Send us a text

In this episode of The Privacy Corner, we go over the UK's introduction of 124 pages of amendments to its data protection reforms, potential implications, and concerns from some quarters. The new draft regulations from the California Privacy Protection Agency regarding automated decision-making and AI. And examine complaints raised against Meta due to its new consent-or-pay model, including both data protection and consumer protection complaints. 

Send us a text

In this week's Privacy Corner, Robert Bateman presents his top three privacy stories, sponsored by Privado AI. He dives into the implications of a recent CGEU case, where the Lithuanian health ministry and a mobile app developer face fines due to GDPR violations for a COVID-19 contact tracing app. A lawsuit against Meta blends privacy and competition arguments, questioning the link between data protection and competition law. Lastly, Google and Apple have been reportedly handing over user data related to push notifications to government agencies globally. Tune in for these deep dives and more about the world of data privacy.

Send us a text

In this episode of Privacy Corner, Robert talks about key privacy-related news going on globally. He dives into the Court of Justice of the EU's latest judgement, the EU's upcoming AI Act, and the lawsuit Adobe is facing for allegedly tracking without consent. He also briefly describes EU's law-making process, explains implications of the latest privacy rulings, and highlights the upcoming Bridge Summit sponsored by Provado AI. Learn about these issues and more in this detailed and comprehensive coverage of privacy-related matters around the world.

Send us a text

The FTC is set to enhance children's online privacy with proposed changes to the COPPA Rule, aiming to strengthen safeguards against data misuse and increase parental control. - In a landmark decision, a retailer faces the FTC's order to delete its biometric database, highlighting the growing concerns and regulatory actions on biometric data privacy. - Google's new age-estimation face-scanning tool gains momentum with a UK certification, indicating a significant step in age verification technology and its acceptance in regulatory frameworks.

Send us a text

In this episode of The Privacy Corner, Robert Bateman discusses the latest updates in privacy laws within the U.S. These include details of Vermont's My Health, My Data Act, the effects of Utah's Consumer Privacy Act and finally, the universal opt-out mechanism defined by the Colorado Privacy Act. Bateman also mentions the upcoming Bridge Summit by Privado AI taking place on Data Privacy Day. Tune in for a detailed look at these critical privacy developments and more.

Send us a text

In this episode of Privacy Corner, Robert Bateman discusses three prominent privacy news developments of the week - EDPB's concluded coordinated enforcement action looking at Data Protection Officers across the EU, France's fine of 10 million euros to Yahoo for cookie violations, and the Spanish Data Protection Authority's (AEPD) view of cookies and requirements for consent. He ends by emphasizing the importance of having a data protection officer, providing them necessary resources and insights into AEPD's guidance on audience measurement cookies.

Send us a text

In this episode of The Privacy Corner, the first highlight is the French DPA's hefty fine on Amazon over its intrusive employee monitoring program. Up next is the Federal Trade Commission's (FTC) stern action against data broker, InMarket, for mishandling sensitive location data. The episode concludes with useful guidance from the California Privacy Protection Agency (CPPA) on universal opt-out signals. 

Send us a text

In this week's Privacy Corner, Robert Bateman discusses three major privacy developments. The Italian regulator Garante contesting Chat GPT's GDPR compliance; Google's plan to incorporate its large language model 'Bard' into its messaging app, potentially raising e-privacy issues; and the ICO's update on its cookie sweep and the development of an AI tool to identify cookie violations. The video also delves into the history of OpenAI's allegations, the repercussions of Google's plan, and the ICO's interaction with non-compliant websites.

Send us a text

Stay informed about the ever-evolving landscape of privacy with Robert Bateman in this episode of Privacy Corner. This week, he delves into key developments, including the UK government's approach to AI regulation, the Federal Trade Commission's case against data broker Cochava, and the recent report from the Connecticut Attorney General regarding the state's new data privacy act.

00:00 Introduction
00:15 UK's New Approach to AI Regulation
06:12 FTC vs Data Broker Cochava
09:53 Connecticut's Data Privacy Act Enforcement
12:36 Conclusion

Send us a text

In this episode of 'The Privacy Corner', Robert Bateman discusses the week's top three privacy developments. He talks about the California Privacy Protection Agency winning an appeal which makes its CPRA regulations enforceable. Also, he discusses the priorities set out by the French Data Protection Authority (CNIL) for enforcement up to 2024, which includes investigations related to the Olympic and Paralympic games, minors' data, and loyalty programs. Lastly, he describes a warning by the Federal Trade Commission (FTC) to companies about training their AI models on users. These developments imply a need for businesses to understand and comply with the implications of changing privacy regulations, especially in terms of AI usage and data protection.

Send us a text

In this episode of 'The Privacy Corner', Robert Bateman shares his top three privacy news developments for the week. He discusses the significant privacy fine and order imposed on UK based antivirus company Avast by the Federal Trade Commission (FTC). He also talks about DoorDash's settlement under the California Consumer Privacy Act (CCPA) and the ongoing investigation of TikTok under the Digital Services Act (DSA). Throughout the video, Bateman breaks down the privacy and data protection related elements of each case, offering insightful commentary on these important developments.

Send us a text

Privacy week in review with Robert Bateman

President Biden issues a groundbreaking executive order on international data transfers, diverging sharply from the EU's approach. Meanwhile, in Canada, the Pornhub operator faces serious allegations of privacy violations, with consequences described as "devastating." Down in South Africa, a landmark enforcement against spam emails marks a first under direct marketing rules.

Send us a text

In this episode of The Privacy Corner, Robert Bateman highlights the week's top privacy developments. He discusses a complex CJEU case related to the Transparency and Consent Framework in digital advertising, highlights bold statements from the FTC on privacy and data collection following significant enforcement cases, and examines the ICO's call for views on 'consent or pay' models. The episode covers the implications of these developments for data privacy and the responsibilities of companies in handling personal data.

Send us a text

In this episode of Privacy Corner, Robert Bateman discusses three major privacy-related developments. Firstly, the EU AI Act has been passed by the parliament, detailing the gradual enforcement of prohibited AI practices, general purpose AI system rules, and high risk AI system obligations. Secondly, Kentucky has passed a comprehensive privacy law, similar to Virginia's, encompassing data processing guidelines, consumer rights, and GDPR-inspired principles. Lastly, the European Commission has been sanctioned under data protection law for its use of Microsoft 365, highlighting issues in data processing agreements and data transfers. 

Send us a text

This week's episode of The Privacy Corner, with Robert Bateman and sponsored by Privado AI, covers three major privacy-related developments. Firstly, the OCR's updated guidance on tracking technologies for HIPAA covered entities, emphasizing strict regulations to avoid disclosing Protected Health Information (PHI) to vendors like Facebook and Google. Secondly, the Belgian DPA's decision supporting the use of legitimate interests in AI model training by analyzing a case involving Bank Y's discount scheme and the handling of transaction data. Lastly, the ICO's enforcement notice to the UK Home Office for failing to conduct a proper Data Protection Impact Assessment (DPIA) for its migrant ankle tagging scheme, indicating serious privacy oversights in the process. Additional discussions include the scope and implications of these developments and an announcement on an upcoming special edition with Keir Lamont on the Washington My Health My Data Act.

00:00 Welcome to The Privacy Corner!
00:12 HIPAA's New Guidance on Tracking Technologies
05:33 Belgian DPA's Decision on AI Training and Legitimate Interests
10:12 UK Government's Ankle Tagging Scheme Under Scrutiny
11:51 Closing Remarks and Upcoming Special Edition

Send us a text

Join us for a special episode of the Privacy Corner as Robert Bateman, Data Privacy Expert, hosts Keir Lamont, Director for U.S. Legislation at the Future of Privacy Forum, on the My Health My Data Act, scheduled to take effect in Washington on March 31, 2024, for regulated entities.

This legislation stands as one of the most comprehensive and significant privacy laws enacted in the United States that explicitly aims to protect consumer health data.

Lamont shares his expert insights on how this law integrates into the broader framework of U.S. and state privacy regulations. The discussion deeply explores the application, intent, and enforcement of the My Health My Data Act.

Tune in to get an understanding of the law's potential impact on businesses, consumers, and the broader privacy landscape.

Send us a text

In this episode of The Privacy Corner, we cover three major privacy news from this week:

First, WorldCoin, a digital identity and cryptocurrency project by Sam Altman, faces legal challenges in Portugal and other countries due to its biometric data processing practices. 

Second, the UK attributes a significant data breach of the Electoral Commission and an attempted cyber attack on its parliamentarians to China, raising concerns about national security. 

Third, the FTC releases a report showcasing its vigorous privacy and security enforcement activities in 2023, including notable cases and their focus on artificial intelligence, sensitive data, and algorithmic accountability.

00:00 Welcome to The Privacy Corner!
00:11 WorldCoin's Legal Troubles Across the Globe
04:26 UK's Electoral Commission Data Breach Blamed on China
06:46 FTC's Busy Year in Privacy and Data Security
09:10 Closing Remarks and Easter Wishes

Send us a text

Privacy News Roundup by Robert Bateman

California just released stricter guidelines for businesses. They can't ask for unnecessary personal info when you request access to your data. 

Google agreed to delete billions of browsing records following a lawsuit claiming "Incognito Mode" wasn't truly private. 

The UK is prioritizing children's online privacy! They'll be checking social media platforms like Facebook & YouTube to ensure they comply with child protection laws. 

Send us a text

In this week’s Privacy Corner Newsletter:

• European data protection authorities say “no” to (some) “consent or pay”.
• California’s privacy regulator says “no” to the new US federal privacy bill.
• The Federal Trade Commission (FTC) says “no” to telehealth provider Cerebral's alleged sharing of its users’ sensitive information.

Send us a text

In this week’s Privacy Corner Newsletter:

• Why a new US law that protects data from “foreign adversaries” extends beyond just TikTok.
• What the EDPB has planned for the next three years.
• How the ICO lost its appeal against Experian.

Send us a text

This week's Privacy Corner newsletter covers a range of important topics:

• Generative AI and GDPR: Privacy advocacy group noyb filed a complaint against OpenAI, alleging its AI tool ChatGPT violates user privacy by generating inaccurate personal data. The crux of the issue lies in whether noyb expects OpenAI to fix inherent limitations of the technology and the applicability of GDPR in this case.
• Fines for Location Data Sharing: The FCC penalized four major US wireless carriers nearly $200 million for allegedly sharing customers' location data with third parties without proper consent. This action reflects growing regulatory scrutiny around data privacy, especially concerning sensitive information like location.
• Updated Health Breach Notification Rule: The FTC finalized amendments to the Health Breach Notification Rule, expanding its scope to cover health apps and unauthorized disclosures of health information, not just security breaches. This highlights the evolving privacy landscape in the US healthcare sector.

Send us a text

This Week in Privacy: AGs Block US Privacy Bill, China Blamed for UK Hack, Finnish Retailer Fined Heavily

US: Attorneys General from 15 states oppose the American Privacy Rights Act (APRA) due to concerns about preemption of state privacy laws.
UK: Government suspects China of a cyberattack on the military payroll system, exposing names and bank details.
Finland: Data Protection Authority fines online store €856,000 for requiring account creation and indefinitely storing customer data.

Send us a text

This week's Privacy Corner dives into the latest data privacy developments:

🇬🇧 US: Maryland and Vermont passed groundbreaking privacy laws with strong data minimization requirements and a private right of action in Vermont (similar to California's CCPA).
🇬🇧 UK: The ICO is seeking views on how to uphold data subject rights in generative AI but avoids the right to rectification challenge.
🇪🇺 EU: The European Commission is investigating Meta (Facebook & Instagram) under the Digital Services Act (DSA) for potentially harming children and failing to meet age verification requirements.

Send us a text

This week's newsletter covers developments in AI regulation, enforcement actions by the ICO, and updates on the APRA draft.

Key takeaways:

• Colorado passed a new law (CAIA) regulating high-risk AI systems. Similar to the EU AI Act, it focuses on transparency, accountability, and preventing bias in areas like healthcare and finance.
• The ICO dropped its case against Snap's AI chatbot but is investigating Microsoft's new Recall feature. Recall captures screenshots of user activity, raising privacy concerns.
• A revised draft of the APRA clarifies data minimization rules, shortens response times to data requests, and adds new data broker regulations. Pre-emption, a controversial aspect, remains largely unchanged.

Send us a text

Privacy Corner Newsletter Summary

This week's newsletter covers several key privacy topics:

- EDPB vs OpenAI: The European Data Protection Board (EDPB) is investigating OpenAI's ChatGPT software to ensure it complies with GDPR regulations.

- UK's GDPR reforms are dead: The UK's attempt to reform data protection laws has stalled due to upcoming elections. The proposed changes, including a new "recognized legitimate interests" legal basis and relaxed data subject rights, are unlikely to be revived soon.

- Irish DPC's 2023 report: The Irish Data Protection Commissioner (DPC) report shows a significant increase in workload and fines issued in 2023. 

Send us a text

This week's Privacy Corner dives into several data privacy battles:

- EU privacy group noyb filed complaints against Meta alleging its AI training policy violates GDPR rules on transparency, data subject rights, and lawful processing.
- Noyb also targeted Microsoft, accusing them of misleading schools about their role in data processing for Microsoft 365 Education products and secretly tracking student data.
- The Australian privacy regulator dropped its investigation into TikTok's use of tracking pixels due to limitations in the outdated Privacy Act, but launched proceedings against healthcare provider Medibank for a massive data breach.

Send us a text

This Week's Privacy News Roundup: GDPR, Privacy Sandbox, and Child Data Protection

This week's Privacy Corner dives into key data privacy developments:

- UK Court Considers EU Law in GDPR Case: A UK court judgement clarifies the "household exemption" and "right of access" under the UK GDPR, referencing relevant EU law.
- Noyb Challenges Google Chrome's Privacy Sandbox Consent Flow: Privacy group noyb argues Google's method of obtaining consent for Topics ad targeting violates the GDPR.
- New York Enacts Strict Child Data Protection Act: New York introduces a strong child data privacy law with tight restrictions on data collection and a high bar for consent.

Send us a text

This Week in Privacy: Stalled Law, Meta's AI U-Turn, and Snap Appeasement

This edition of the Privacy Corner Newsletter dives into three key privacy headlines:

- Vermont's ambitious privacy bill, H.121, gets vetoed due to concerns about its impact on businesses. The bill included strong consumer rights and data minimization requirements.
- Meta delays its plan to train AI models on user posts following intervention from the Irish DPC. Privacy group noyb claims a "preliminary win" due to their complaints.
- The UK ICO reveals why it dropped an enforcement notice against Snap. The social media company took ten steps to address data protection risks associated with its My AI chatbot feature.

Send us a text

This Week's Privacy News:

US Privacy Update:
Comprehensive privacy laws in Texas and Oregon are now in effect.
Colorado's privacy law's opt-out mechanism for targeted ads is now active.
Federal privacy law seems unlikely in the near future.

Meta in Hot Water:
The EU is investigating Meta's "pay-or-OK" policy under the Digital Markets Act (DMA) for potentially violating user consent.
A potential fine of up to 10% of global turnover is on the table.

Grindr Loses GDPR Battle:
The dating app must pay a $6.1 million fine for sharing user data with advertisers without proper consent.
This case sets a precedent for how companies handle data revealing sexual orientation.

Send us a text

Privacy Corner Newsletter: July 18, 2024

Top Stories:

• UK Revives Data Protection Reform: The new UK government plans a "Digital Information and Smart Data Bill" (DISDB) that includes some proposals from the previous government's scrapped Data Protection and Digital Information Bill (DPDIB). Key details like the Information Commissioner's Office (ICO) restructuring and scientific research data rules are expected to return, but the final form of the bill remains unclear.
• Privacy Group Targets Microsoft-Owned Adtech Firm: noyb, a privacy advocacy group, filed a complaint against Xandr (owned by Microsoft) with the Italian Data Protection Authority (DPA). Xandr allegedly rejected data access and deletion requests, claiming pseudonymized data makes identification impossible. Noyb argues Xandr should be able to identify individuals and comply with requests.
• California Tightens CCPA Rules: The California Privacy Protection Agency (CPPA) proposed major changes to the California Consumer Privacy Act (CCPA) regulations. Highlights include a new definition of "artificial intelligence," cybersecurity audits for certain businesses, and an increased application threshold based on revenue.

Send us a text

Privacy Corner Newsletter: August 1, 2024

Top Stories:
▶️ Google Backtracks on Cookie Ban: Privacy Concerns or Regulatory Pressure? We explore Google's reversal on phasing out third-party cookies and the potential reasons behind it.
▶️ FTC Clarifies: Hashing Doesn't Anonymize Data The FTC reminds companies that masking data with hashing doesn't guarantee anonymity.
▶️ New York Pushes for Strict Tracking Regulations: But What's the Law? New York's Attorney General issues guidance on online tracking compliance, raising questions about legal grounds.

Send us a text

Privacy Corner Newsletter: August 15, 2024

Top Stories: 🚀 

▶ Meta Challenges EDPB's "Consent or Pay" Opinion: Meta is suing the European data protection authorities over their opinion on "consent or pay" models, arguing it violates EU law.
▶ US Sues TikTok for Children's Privacy Violations: The US Department of Justice accuses TikTok of illegally collecting and using personal data from children under 13.
▶ The UK Information Commissioner's Office proposes a multi-million dollar fine against a data processor for a security breach.

Send us a text

Privacy Corner Newsletter: September 5, 2024

This newsletter covers key privacy developments, including:
▶ Uber's €290 Million GDPR Fine: The Dutch DPA fined Uber for failing to use appropriate safeguards when transferring personal data from its EU entity to the US, despite Uber's claim it wasn't necessary. This case highlights the confusion around international data transfers under GDPR.
▶ Swedish Pharmacies Fined for Using Meta Pixel (Even with Consent): These pharmacies demonstrate that getting user consent for tracking isn't enough. Organizations must also implement proper security measures and assess risks before using tracking tools.
▶ Google Loses Round in Chrome Tracking Case: A California court revived a lawsuit against Google for allegedly misleading users about data collection in Chrome's "Basic Browser Mode." The court ruled a "reasonable user" wouldn't expect such data collection without being signed in.

Send us a text

Privacy Corner Newsletter: September 26, 2024

This week’s Privacy Corner highlights key developments in EU data protection:

▶ French CNIL: New guidelines set to affect over 10,000 mobile app developers; enforcement sweep scheduled for Spring 2025.
▶ UK ICO: Issued a reprimand to SkyBet, marking their most significant cookie action to date; 99% of top websites now comply with cookie regulations.
▶ EU Advocate General: Emphasized the need for clear and concise explanations of automated decisions; data subjects entitled to meaningful information about the decision-making process.

Sponsored by Privado.ai

Send us a text

Privacy Corner Newsletter: October 10, 2024

▶ Court ruling on credit card data: The UK tribunal rules that credit card numbers alone may not always qualify as personal data, challenging the ICO’s interpretation. This decision could reshape how companies assess their data protection obligations after a breach. How will this impact your approach to classifying sensitive data?

▶ EDPB clarifies processor responsibilities: New guidance outlines the extent to which controllers are accountable for sub-processors. Critical insights for your GDPR compliance strategy.

▶ CJEU redefines legitimate interest: A commercial interest can now qualify as a legitimate interest under GDPR—but only under specific conditions. What this shift means for your data processing activities.

Sponsored by Privado.ai

Send us a text

Privacy Corner Newsletter: October 24, 2024

This week, we dive into the UK’s resurrected data reform bill, ePrivacy Directive guidelines, and a new complaint against Pinterest. 

▶ Back from the Dead: Comparing the UK’s New and Old Data Reform Bills

The UK has introduced a new Data (Use and Access) Bill (DUAB), which incorporates several proposals from the previously scrapped Data Protection and Digital Information Bill (DPDIB). The DUAB revives and reshapes key provisions, such as legitimate interests and cookie consent exemptions, while dropping several controversial aspects from its predecessor.

How might these changes in UK legislation affect your organization's data compliance strategy?

▶ EDPB Finalizes ePrivacy Directive Guidelines: Fingerprinting, SDKs, and APIs Firmly in Scope

The European Data Protection Board (EDPB) has published its final guidelines clarifying how the ePrivacy Directive applies to modern tracking technologies. Developers and privacy professionals should note that the Directive covers not just cookies but newer methods like device fingerprinting and SDKs—tightening consent requirements across digital platforms.

Are your tracking technologies compliant with the latest ePrivacy Directive guidelines?

▶ Pinterest Hit by noyb Complaint: Cookies and the Right to Data Recipient Information

A complaint has been filed by privacy group noyb against Pinterest, alleging insufficient disclosure about the sharing of users' personal data. The case could set a new precedent on the amount of detail required in responses to data subject access requests, especially regarding which third parties receive personal data.

Could your data subject access request processes withstand a similar challenge?

Send us a text

Privacy Corner Newsletter: November 7, 2024

In this edition, we dive into the latest updates on GDPR fines, data broker enforcement, and the EU-US Data Privacy Framework review:

▶ Ireland fines LinkedIn €310 million, six years after a complaint—with full EDPB support:
The Irish DPC issues a €310 million fine against LinkedIn for GDPR violations, marking a significant shift in enforcement under new leadership.

▶ California prepares for a data broker enforcement sweep:
The California Privacy Protection Agency targets non-compliant data brokers, enforcing new registration and deletion requirements under the Delete Act.

▶ The EDPB reviews the first year of the EU-US Data Privacy Framework:
The EDPB’s first-year review of the EU-US DPF highlights both successes and areas for improvement in the data-sharing framework.

#privado #privacycodescanning #compliance #privacyengineering #gdpr #cpra #ccpa #mhmda #dataprivacy #compliance #softwarecodescanning

Send us a text

Privacy Corner Newsletter: November 21, 2024

▶ German Court Opens the Door to Mass Data Breach Lawsuits:

Germany’s Federal Court rules that "loss of control" over personal data qualifies for damages under GDPR Article 82—no proof of distress or financial loss required.

▶ Meta’s ‘Unskippable Ads’ Solution Gains EDPB Attention

Meta launches a free tier with ads using minimal data and unskippable formats in response to EU demands.

▶ Cyber Resilience Act Imposes New Rules on Digital Products

The EU’s Cyber Resilience Act sets strict cybersecurity and data protection requirements for most digital products, with significant penalties for non-compliance starting 2027.

#Privado #ThePrivacyCorner #GDPR #EDPB #CyberAct #EU

Send us a text

Privacy Corner Newsletter: Dec 5, 2024

In this edition:

The FTC proposes orders targeting sensitive data misuse, Australia bans kids from social media, and noyb gains new powers for collective GDPR actions.

▶ FTC targets sensitive location data misuse in proposed orders:
Gravy Analytics and Mobilewalla face sanctions for selling sensitive location data, including segments like “New Parents” and “LGBTQ+ Community.”

▶ Australia bans kids from social media and reforms privacy laws:
New laws require stricter age verification, ban accounts for under-16s, and introduce a tort for serious privacy invasions.

▶ Noyb gains rights to bring GDPR “class actions” across the EU:
Now recognized as a “qualified entity,” noyb can enforce collective claims and injunctions against GDPR violations.

Send us a text

Privacy Corner Newsletter: December 19, 2024

In this edition:

The Irish DPA fines Meta €251 million over a 2018 data breach, the Dutch DPA fines Netflix €4.75 million for transparency failings, and the French DPA cracks down on non-compliant cookie banners.

▶ Irish DPA fines Meta €251 million over 2018 data breach
The fine follows a breach affecting 29 million Facebook accounts. The DPC found violations of GDPR’s data protection by design, breach reporting obligations, and more.

▶ Dutch DPA fines Netflix €4.75 million for transparency failures
Netflix failed to disclose adequate privacy information, leading to a fine for GDPR violations regarding transparency, data retention, and international data transfers.

▶ French DPA issues cookie banner crackdown
Website operators have one month to comply with stricter cookie consent rules, addressing dark patterns and ensuring an equal choice between accepting and rejecting cookies.

Send us a text

Privacy Corner Newsletter: January 2, 2025

In this edition:

▶ OpenAI faces penalties for GDPR breaches linked to ChatGPT, including transparency failures and inadequate age verification.

▶ California Privacy Protection Agency settles with two more data brokers
PayDae and The Data Group fined for failing to register under California’s Delete Act, with further enforcement anticipated.

▶ Google will permit device fingerprinting starting February 16, 2025, despite ICO objections.

Before we wrap up…

Privado.ai is thrilled to announce Bridge 2025: A Technical Privacy Summit, happening virtually from February 5-6, 2025.

👇 Discover actionable solutions that connect privacy laws to practical engineering strategies, including:
- Unlocking privacy ROI
- Navigating adtech compliance challenges
- Designing privacy-first engineering frameworks

Mark your calendars and join the privacy engineering revolution here:
https://www.privado.ai/bridge-privacy-summit

Send us a text

Privacy Corner Newsletter: Jan 16, 2025

In this edition:

▶ European Commission must pay damages for Facebook Login feature violation

▶ Texas sues Allstate under new privacy law for illegal data collection

▶ CJEU rules gender data collection not lawful for personalization under ‘contract’ basis

Send us a text

Privacy Corner Newsletter: Jan 30, 2025
By Robert Bateman and Privado.ai

In this edition:

▶ UK Court Ruling: Invalid Consent in Gambling Case
A UK gambling firm unlawfully tracked users for marketing, despite their supposed consent. The court ruled that consent must be informed, freely given, and valid, emphasizing the importance of assessing users’ ability to provide meaningful agreement—especially in vulnerable groups.

▶ Google’s RTB System Accused of Sharing Data with China & Russia
A new complaint alleges that Google’s real-time bidding (RTB) system transmits sensitive user data to foreign entities, including those in China and Russia. The case claims these transfers violate US privacy laws and pose national security risks.

▶ New York Enacts Strict Health Privacy Law (NYHIPA)
The New York Health Information Privacy Act (NYHIPA) expands protections far beyond HIPAA, covering any organization processing health data linked to NY residents. This law applies to fitness apps, wearables, and non-HIPAA-regulated entities, making compliance a pressing concern for businesses handling health data.

▶ Privado.ai’s Bridge 2025: A Technical Privacy Summit – Happening Next Week!
The must-attend event for privacy and security leaders! On Feb 5-6, 2025, join industry experts to explore how to bridge the gap between privacy laws and engineering solutions. Expect deep dives into privacy code scanning, automated data flow mapping, and compliance best practices.

Send us a text

Privacy Corner Newsletter: February 13, 2025

🔹 EU’s AI Act Guidelines Clarify Compliance Risks –
The European Commission releases two sets of AI Act guidelines, breaking down the definition of AI systems and outlining nine prohibited AI practices, including emotional manipulation and biometric categorization.

🔹 UK’s Secret Demand for Apple’s Encrypted Data –
The UK government issues a confidential order under the Investigatory Powers Act, demanding Apple create a backdoor for accessing encrypted iCloud data, sparking concerns over user privacy and global implications.

🔹 Amazon Faces First Lawsuit Under Washington’s Health Data Law –
A class action lawsuit accuses Amazon of collecting precise geolocation data and Mobile Advertising IDs via its SDK without consent, violating the My Health My Data Act’s strict health data protections.