The Office of the Australian Information Commissioner launched an initial inquiry into whether TikTok is harvesting users' personal data without consent, the Guardian reports. The investigation will examine the use of marketing pixels, which follow people's online habits and can collect data outside of the app's usage. A TikTok spokesperson said pixels comply with the law.Full story
The U.S. Consumer Financial Protection Bureau proposal to put the same kinds of privacy and transparency regulations on digital wallets as it does on banks is getting resistance from major technology companies, Reuters reports. A letter to the CFPB from the Computer & Communications Industry Association said it failed to identify certain risks and additional regulation would hinder innovation.
After the European Data Protection Board ruled Meta could no longer use contractual necessity or legitimate interest as legal bases to process personal data for targeted advertising purposes, IAPP Westin Research Fellow Andrew Folks, CIPP/US, writes the company has "exhausted" all legal options, "save one: consent." Folks recapped the origins of user consent as an EU legal basis for processing personal data and analyzed how Meta's attempt to operationalize its model will be viewed by data protection authorities.
The New Jersey Legislature granted final passage to a comprehensive privacy bill, Senate Bill 332, on the final day of the 2023 legislative session. The bill was amended to its comprehensive framework in December 2023 before receiving same-day approval from the Senate and Assembly 8 Jan. Notably, SB 332 contains attorney general rulemaking authority as well as provisions for universal opt-out mechanisms and unique children's privacy provisions.
Global Cyber Strategies' Justin Sherman and Devan Desai wrote for Lawfare unpacking the U.S. Federal Trade Commission's plan to update the Health Breach Notification Rule. The proposed update could determine how health care apps and telehealth services collect and share health data with third parties.Full story
Tech Policy Press compiled the first amicus briefs filed in the NetChoice v. Bonta case concerning the constitutionality of California's Age Appropriate Design Code Act. The case, which is before the U.S.
In a blog post, security and privacy researcher Lukasz Olejnik explained his EU General Data Protection Regulation complaint to Poland's data protection authority regarding OpenAI's ChatGPT data processing standards. Olejnik said the artificial intelligence software "systemically ignores the provisions of the GDPR regarding the processing of data for the purposes of training models within Chat-GPT."Full story
Meta asked the U.S. District Court for the District of Columbia to delay an administrative hearing in a lawsuit with the Federal Trade Commission over the monetization of teens' data, MediaPost reports. The lawsuit was filed by Meta after the FTC suggested altering an agreement with the company to ban the use of minors' data for advertisement targeting.Full story
Join IAPP Research and Insights Director Joe Jones and IAPP AI Governance Center Director Ashley Casovan as they lead a LinkedIn Live discussion 17 Jan. on their privacy and artificial intelligence governance predictions for 2024. Additionally, IAPP Principal Researcher, Privacy Law and Policy, Müge Fazlioglu, CIPP/E, CIPP/US, and IAPP Principal Researcher, Privacy Management, Saz Kanthasamy, CIPP/E, CIPM, FIP, will offer their analysis on the latest legal and privacy operation management trends they expect to emerge this year.
France's data protection authority, the Commission nationale de l'informatique et des libertés, published a draft guide for conducting transfer impact assessments for data transfers outside the European Economic Area. When conducting a TIA, the CNIL recommends data controllers know what data is being transferred, document the transfer tool used, understand the laws in the receiving country, identify and implement any supplemental measures and reevaluate the appropriate level of data protection necessary.