The European Data Protection Board published its guidelines on the process for dispute resolutions among board members under Article 65(1)(a) of the EU General Data Protection Regulation. The board explained the guidelines aim to "clarify the application of the relevant provisions of the GDPR and Rules of Procedure" while making clear the EDPB's competence in the final binding decision.
Microsoft's advertising platform Xandr was found to target various audience segments with numerous data points of sensitive information, according to an analysis by The Markup. The publication examined 650,000 Xandr audience segments and found ads were targeted to users on the basis of the frequency of pregnancy tests they bought or their level of depression, for example.
Forty civil rights and technology advocacy organizations joined tech equity group Upturn in calling on the U.S. Federal Trade Commission to "develop specific, concrete civil rights protections" as part of its commercial surveillance rulemaking. The issues the groups would like to see addressed include the FTC issuing a rule banning discrimination as an unfair practice under the U.S.
U.S. Sens. Richard Blumenthal, D-Conn., and Marsha Blackburn, R-Tenn., wrote to TikTok CEO Shou Zi Chew about his company's data storage practices, according to a letter obtained by Forbes. In the letter, Blackburn and Blumenthal reportedly pressed Chew regarding "incorrect claims" allegedly made to Congress about where the company stores U.S. users' data.
While anonymized or deidentified personal data does not generally fall within the scope of privacy and data protection regulations, growing demand for techniques to anonymize personal data makes the issue a topic of intense discussion. IAPP Principal Researcher, Technology, Katharina Koerner, CIPP/US, looks at differing definitions and approaches under regulations in the EU, U.K. and U.S.Full story
The European Data Protection Board adopted its final version of the "Guidelines on the calculation of administrative fines following public consultation." The guidelines serve as a resource for EU member states' data protection authorities to "harmonise the methodology" they "use to calculate fines." The guidelines have five steps for arriving at a penalty: accounting for the "number of instances of sanctionable conduct," the starting point of the fine calculation, "aggravating or mitigating factors," maximum fine amount, and "requirements of effectiveness, dissuasiveness and proportionalit
The Record reports Gov. Ron DeSantis, R-Fla., signed SB 262, the Florida Digital Bill of Rights, into law. The targeted legislation carries comprehensive privacy requirements for covered Big Tech companies, while also requiring children's privacy protections for a broader swath of covered entities. The law takes effect 1 July 2024.
The European Commission opened a consultation on the template for Digital Markets Act compliance reports. Designated gatekeepers under the DMA will file reports on compliance with the law's obligations and prohibitions.
Hong Kong's Office of the Privacy Commissioner for Personal Data served an enforcement notice to the operator of Hong Kong's TE Credit Reference System for insufficient data protection measures.
Italy's data protection authority, the Garante, confiscated databases in use by two call center companies allegedly conducting illegal telemarketing activities. The companies were among four call centers fined a total of 1.8 million euros. The Garante said it is the first time it has confiscated databases.