France's data protection authority, the Commission nationale de l'informatique et des libertés, published a notice reminding health care institutions of the three types of protective measures needed for patient records. The notice comes after the CNIL found some insufficient access management policies at 13 health care establishments.Full story
Temu, an online discount retailer, faces a class-action lawsuit alleging it mishandled customers’ personal information, CBS News Chicago reports. The lawsuit claims Temu deploys a "complete arsenal of tools to exfiltrate all the private data on a user's device."Full story
Mozilla named Laura Chambers as its interim chief executive officer after Mitchell Baker stepped down from the position to focus on artificial intelligence and internet safety, Fortune reports.
IT company Cohesity purchased Veritas' data protection division to focus on data protection and management, TechTarget reports. Veritas' other assets will become a separate company named DataCo, and will include "InfoScale, Data Compliance and Backup Exec, and will function autonomously."Full story
There are five key considerations advertising technology companies should evaluate to ensure they comply with jurisdictional data privacy laws for user opt-outs or opt-ins, Baker McKenzie Partner Lothar Determann and IAPP Westin Research Fellow Andrew Folks, CIPP/US, write. They said the main areas of focus include which data processing activities trigger opt-in or -out requirements and what specific adtech entities are bound by such laws.
This year, the European Union Agency for Cybersecurity, ENISA, is celebrating its 20th anniversary amid what IAPP Managing Director, Europe, Isabelle Roccia, CIPP/E, described as "grim times." Roccia breaks down ENISA's Single Programming Document 2024-2026, which details the agency's multi-annual planning, the state of play of the EU cybersecurity policy landscape and the agency's role in the implementation of associated legislative texts.Full story
Technology industry group NetChoice reiterated its argument that California's Age-Appropriate Design Code Act is unconstitutional in an appeal court brief challenging the state's ability to enforce the law, MediaPost reports. The law requires online companies to largely limit collecting data from minors and prioritize their well-being, which businesses say will inhibit their First Amendment free speech rights by limiting what they can publish.
IAPP Managing Director, Washington, D.C., Cobun Zweifel-Keegan, CIPP/US, CIPM, offers his take on the latest privacy and artificial intelligence governance developments in the nation's capital and around the U.S. This week he dives into the latest chapter of the U.S. Federal Trade Commission's legal battle with data broker Kochava, which could help push toward reformed geolocation practices in the data broker industry.Full story
The U.S. Federal Communications Commission said generative artificial intelligence robocalls designed to scam consumers are illegal, effective immediately, Axios reports. The decision comes as fears of faked audio and video being used to deceive voters in the 2024 elections were stoked after a call pretending to be U.S. President Joe Biden went out to New Hampshire voters.
The Data Security Council of India released an FAQ to help better understand the Digital Personal Data Protection Act. It touches on the duties of data fiduciaries, cross-border data transfers rules and enforcement mechanisms.Full story