Finland's Office of the Data Protection Ombudsman and TIEKE Finnish Information Society Development Centre recently announced GDPR4CHLDRN, a two-year project to facilitate protection of children's data. Information on personal data processing will be provided to organizations involving children's activities, minors and their parents and tools will be developed to support data protection legislation.
More than 90 advocacy groups penned a letter to U.S. Senate leadership opposing passage of the proposed Kids Online Safety Act, CNBC reports.
An evaluation by a working group of German data protection authorities states Microsoft's cloud-based 365 products cannot be used in compliance with the EU General Data Protection Regulation, TechCrunch reports. After investigating privacy concerns involving Microsoft 365 products for the past two years, the group noted the company has not corrected any of the raised compliance issues.
Israel's Privacy Protection Authority published a guide with detailed recommendations on conducting privacy impact assessments.
Only 1.9% of directors at 91 companies listed on the S&P 500 have “relevant” cybersecurity experience, according to research conducted by The Wall Street Journal. The study reviewed the professional backgrounds of 4,621 board directors who together hold 100 board seats at 91 companies, accounting for 18.2% of S&P 500 companies. Seven board directors, or 0.15%, worked in a chief information security officer role.
The U.S. Department of Health and Human Services proposed a rule aligning 42 CFR Part 2 privacy regulations with the Health Insurance Portability and Accountability Act, Axios reports. The proposed rule, aimed to help substance use disorder patients, requires one-time patient consent for disclosure of treatment and allows HIPAA-covered entities to access records. It also gives patients the right to know when and to whom their information was disclosed.
U.S. Census Bureau Director Robert Santos defended the agency’s use of differential privacy to shield 2020 census participants’ identities in a letter reviewed by The Hill. Santos claimed differential privacy was the "best solution available" to prevent outside groups from reidentifying participants using third-party data and “powerful computers.” However, “prominent state demographers and academic researchers” previously urged the Census Bureau not to utilize differential privacy because it delayed data, created inaccuracies and found thousands of U.S.
Compliance platform SafeGuard Privacy announced it raised $7 million in funding led by venture capital firm TechOperators. The software as a service-based platform “allows publishers, agencies, brands, data providers, and tech platforms to assess, audit, and comply with global privacy compliance laws and requirements.” With the introduction of data privacy legislation in 33 U.S.
Ireland's Data Protection Commission announced a 265 million euro fine to Meta over alleged EU General Data Protection Regulation violations. The fine is the third-largest GDPR penalty served to date, following a 405 million euro fine from Ireland to Meta in September.
The U.S. Federal Trade Commission responded to a motion to dismiss the federal court claims against data broker Kochava over alleged unfair and deceptive location data sales, MediaPost reports.