Operationalizing data subject rights can be a complex and risky endeavor. Advocacy organization Consumer Reports has not only been working on policy with states like California, but also with industry on standardizing consumer data rights. CR is announcing the open standard called the Data Rights Protocol.
In response to the U.S. Federal Trade Commission’s request for input on commercial surveillance, Planned Parenthood called for “tailored regulations to protect consumers’ sensitive data from the potentially dangerous consequences of commercial surveillance and lax data security,” MediaPost reports. The organization said technology companies should be prohibited from disclosing information related to abortion, including online searches, and required to dispose of health-related data quickly.
Chicago-based health provider CommonSpirit Health confirmed it suffered a ransomware attack which exposed personally identifiable information of more than 620,000 patients in 21 states, Bleeping Computer reports. CommonSpirit Health first announced an “IT security issue” Oct. 5, but did not disclose any other information. Recently, the company said it was targeted by a ransomware attack but did not state the number of affected patients.
Apple announced Wednesday a suite of data security improvements it plans to roll out that aim to protect consumer data and ward off hackers. The features include iMessage Contact Key Verification, Security Keys for Apple ID and Advanced Data Protection for iCloud. Apple Senior Vice President of Software Engineering Craig Federighi said the new features will provide users with "powerful new tools to further protect their most sensitive data and communications." However, the company's expansion of encryption in its services is drawing concerns from law enforcement.
The privacy community is mourning the loss of Brazilian data protection scholar Danilo Doneda, who died Sunday, Dec. 4 at the age of 52. Doneda, a member of the IAPP board of directors, pioneered Brazil’s General Data Protection Law and was dedicated to bringing privacy rights to Brazilians.
The Court of Justice of the European Union ruled search engine operators must delete search results if an individual proves information about them is "manifestly inaccurate." The decision comes after Google denied a request by two investment managers to "de-reference" results of a search they claimed produced "inaccurate claims." The German Federal Court of Justice asked the CJEU for its interpretation of the EU General Data Protection Regulation, which governs the right to erasure.
One of two lawsuits filed by Indiana against TikTok claims the platform's data can be used by China to surveil, blackmail and influence users, The Wall Street Journal reports. The second lawsuit accuses TikTok of promoting harmful content to young users. The suits, which seek civil penalties and changes to TikTok's practices, come as some states take action against the platform, including Texas which banned its use on government-related devices.
Leaders in the U.K. and Japan have established the U.K.-Japan Digital Partnership, a framework to "jointly deliver concrete digital policy outcomes" for citizens, businesses and economies. The partnership will focus initially on four pillars: digital infrastructure and technologies, data, digital regulation and standards, and digital transformation.
The European Union's General Court has ruled against a request by WhatsApp Ireland to annul a binding decision by the European Data Protection Board that led to a $267 million EU General Data Protection Regulation fine, TechCrunch reports. WhatsApp's parent company, Meta, is also appealing the fine issued by Ireland's Data Protection Commission.
Despite the Biden administration blacklisting the Israeli firm NSO Group, sales of commercial spyware to governments continue to grow, The New York Times reports. Citing five unnamed sources, the newspaper reported the U.S. "Drug Enforcement Administration is secretly deploying spyware” made by another Israeli company, which has hired former NSO Group employees after its blacklisting.