Security researchers found a flaw with an automaker's website that allows hackers to access vehicle locations and gain control of certain features, Wired reports. Researcher Neiko Rivera said automotive companies typically focus on "'embedded' devices — digital components in non-traditional computing environments like cars — rather than web security," leading to security issues for the company and consumers.Full story
The IAPP Privacy. Security. Risk. 2024 closing general session focused on AI's future impact on the privacy world and beyond. Former Google Chief Privacy Officer Keith Enright shared his views on the technology industry's changing role, while three current CPOs mused about how professionals can meet those changes. IAPP Staff Writer Caitlin Andrews breaks down the big takeaways from the conversation.
The U.S. is on its way to restricting certain transfers of personal data to adversarial countries by way of a presidential executive order and approved bipartisan legislation. For companies, complying with two sets on unaligned requirements may prove difficult without attention to detail. IAPP News Editor Joe Duball reports on musings from an IAPP Privacy. Security. Risk.
In the absence of comprehensive U.S. privacy legislation, Consumer Reports and the Electronic Privacy Information Center partnered to draft the State Data Privacy Act. The framework is intended to serve as model legislation for state lawmakers to draft a consumer privacy law.
Digital rights group NOYB filed a complaint against Mozilla for the company's alleged web tracking practices, Reuters reports. The NOYB claimed Mozilla's privacy-preserving attribution feature collects user data without consent. Mozilla previously said the feature aims to provide websites with advertising analytics through less invasive consumer data collection.Full story
The European Commission announced more than 100 companies representing a variety of sectors signed the EU AI Pact. The pact is a voluntary commitment by organizations to begin implementing AI Act requirements ahead of its effective date and engage with the EU AI Office, as well as other stakeholders.
Following input from stakeholders, the U.K. Competition and Markets Authority still has competition-related concerns around Google's decision to scrap its plan to launch the Privacy Sandbox and depreciate third-party browser cookies. The agency could take further action if the CMA does not agree to Google's subsequent commitments to address the new concerns.Full story
CrowdStrike Senior Vice President of Counter Adversary Operations Adam Meyers was questioned by the U.S. House Committee on Homeland Security about the company's software update that caused a global outage, The New York Times reports. Meyers said the update system error was not detected by its screening process and that "AI was not responsible for making any decision in that process."Full story
Privacy Commissioner of Canada Phillippe Dufresne spoke to the Alberta Standing Committee on Resource Stewardship about Alberta's Personal Information Protection Act review and also discussed recommendations for amendments to the Digital Charter Implementation Act. Dufresne said Alberta's review of the PIPA "comes during a pivotal time for privacy law reform in Canada.
As the White House executive order on AI approaches the one-year mark, the U.S. National Institute of Standards and Technology said they have seen some educational and buy-in challenges for agencies to adopt privacy-enhancing technologies in their own workflows. The comments came as part of a discussion during the IAPP Privacy. Security. Risk. 2024 conference on how PETs are being viewed as a way to address privacy risks associated with AI. IAPP Staff Writer Caitlin Andrews reports on the conversation.