The European Data Protection Board published updates to its guidance for data controllers identifying their lead supervisory authority. Updates were specific to joint controllership, with the EDPB explaining dual controllers "cannot designate ... a common main establishment" in relation to their LSA. The updates are open for public comment through Dec. 2.Full Story
The U.K. Information Commissioner’s Office released guidance on direct marketing using electronic mail. It details what is needed to comply with the Privacy and Electronic Communications Regulations 2003, including what electronic mail marketing is and how to comply with rules on direct marketing.
IAPP Managing Director, Washington, D.C., Cobun Zweifel-Keegan, CIPP/US, CIPM, breaks down the latest privacy happenings from the nation’s capital, including thoughts on embedding inclusiveness into privacy-by-design practices. He also discusses the latest on the EU-U.S. Data Privacy Framework and the U.S. Federal Trade Commission's commercial surveillance and lax data security rulemaking initiative.Full Story
The Network Advertising Initiative discussed takeaways from the U.S. Federal Trade Commission’s staff report on dark patterns. By maximizing “transparency and consumer choice,” the NAI said members can avoid many of the dark patterns outlined in the report.
In a lawsuit filed against Google, Texas Attorney General Ken Paxton claimed the company collected citizens' facial and voice recognition data without consent in violation of a state consumer protection law, The New York Times reports. The law requires companies to notify consumers and obtain consent before collecting biometric information.
The Dutch data protection authority, Autoriteit Persoonsgegevens, said a draft bill on money laundering would “open the door to unprecedented mass surveillance.” Under the proposal, all bank transactions of Dutch account holders would be monitored by algorithms in one centralized database. “This represents a far-reaching breach of the protection and confidentiality of customer data. The proposed system essentially amounts to a banking dragnet,” the AP said.
"Voice biomarker" software that analyzes the way a person talks to detect mental health problems is increasingly being used by hospitals, insurance companies, doctors’ offices and more, Axios reports. Kintsugi CEO Grace Chang said the software can detect depression or anxiety with 80% accuracy and patient consent is obtained before the software is used.
The California Privacy Protection Agency Board canceled its open board meetings scheduled for Oct. 21-22. Reasons for the cancellation were not made public. The board was expected to discuss recently released modifications to the draft California Privacy Rights Act regulations. The board's Oct.
France's data protection authority, the Commission nationale de l'informatique et des libertés, issued a 20 million euro fine to Clearview AI for alleged breaches of the EU General Data Protection Regulation. The CNIL began an investigation into a complaint regarding Clearview's facial recognition database and data processing practices in May 2021. The regulator handed down a formal notice to remedy alleged violations in November 2021 that Clearview did not reply to.