The U.S. Federal Trade Commission's Office of Technology wrote about how to strengthen data security systems to avoid punishable data breaches. The advisory discusses vulnerabilities that include cross-site scripting, structured query language injections and buffer overflows.Full story
The Colorado General Assembly approved an amendment to the Colorado Privacy Act for the protection of sensitive biometric and "neural data," The New York Times reports. The law aims to protect consumers from devices that collect data from brain activity. State Rep.
U.S. Sens. Edward Markey, D-Mass., and Bill Cassidy, R-La., announced 12 new co-signers and 13 additional supportive entities for the proposed Children and Teens' Online Privacy Protection Act, or COPPA 2.0.
Brazil's data protection authority, the Autoridade Nacional de Proteção de Dados, is soliciting public feedback on what personal data should be considered high risk as part of a study on the topic. Public input closes 16 May.Full story
The European Data Protection Board released its organizational strategy for 2024-2027. The strategy centers around four core pillars: improved legal harmonization and compliance promotion, reaffirming a common enforcement culture, ensuring cross-border data protection standards and promoting a global dialogue on data protection.Full story
CyberScoop reports the U.S. House of Representatives passed the Fourth Amendment is Not for Sale Act, which bars law enforcement and intelligence agencies from buying personal information from data brokers without obtaining a search warrant.
U.S. Sens. Todd Young, R-Ind., and Maria Cantwell, D-Wash., plan to introduce legislation to create a legislative framework establishing a licensing regime for deploying "advanced" artificial intelligence models, Politico reports.
The European Data Protection Board issued a nonbinding opinion on the legality of pay-or-consent models in the context of obtaining valid consent to process personal data. The EDPB ruled, "in most cases," large online platforms offering a binary choice between paying to prevent personal data from being processed for behavioral advertising or consenting to targeted advertising does not align with the EU General Data Protection Regulation.
The corrigendum of the EU Artificial Intelligence Act has been released. The document corrects and clarifies language in the act and is required before it can fully come into effect. Editor's note: Explore the IAPP AI Governance Center and subscribe to the AI Governance Dashboard. Full story
The IAPP will host a LinkedIn Live to examine the European Data Protection Board's opinion on Meta's pay-or-consent model. IAPP Research and Insights Director Joe Jones will discuss the EDPB's opinion on user consent practices for behavioral advertising with EDPB Litigation and International Affairs Legal Officer Diletta De Cicco, CIPP/E, 23 April at 16:00 EDT.Full story