Euractiv reports Italy staked its position prohibiting targeted political advertising “based on pervasive tracking” and called for a total ban on processing sensitive data to target or amplify ads.
The U.S. Privacy and Civil Liberties Oversight Board is soliciting public comments toward its oversight review of the Section 702 of the Foreign Intelligence Surveillance Act.
Twitter former head of security Peiter Zatko testified about his prior employer’s lax security standards before the U.S. Senate Judiciary Committee. Zatko said company leadership ignored security vulnerabilities, covered up security failures, and mislead regulators and lawmakers. He told senators the Federal Trade Commission was under-resourced to be able to enforce privacy regulations on platforms, such as Twitter.
MediaPost reports Google and smartphone users established an “agreement in principle” to settle a federal class-action lawsuit over the company allegedly tracking their locations when users opted out of such tracking. The lawsuit alleged Google could track user locations even when they turned off location history unless they also turned off the separate setting “Web and App Activity.” The lawsuit was originally brought forth by San Diego resident Napoleon Patacsil in 2018. The proposed settlement has not yet been finalized.
Euractiv reports the Czech Presidency of the Council of the European Union submitted its final compromise proposals on the initial draft of the Data Act. The latest proposals focus on data security and retention periods around cloud provider switching, interoperability and enforcement cooperation. The council also proposed a European Commission-led review of the proposed law two years after its application.
The European Data Protection Board and the European Data Protection Supervisor sent a letter to European Parliament and the Council of the European Union urging increased funding to ensure proper enforcement of the EU General Data Protection Regulation. The regulatory bodies indicated their 2023 budget proposal for increased staffing and financial resources was rejected by the European Commission.
The Cybersecurity and Infrastructure Security Agency opened a Request for Information seeking public input on how to implement cyber incident reporting as required under the Cyber Incident Reporting for Critical Infrastructure Act of 2022. The RFI was published in the Federal Register Sept. 12 and will be open for public comment for 60 days. The CIRCIA directs CISA to create a Notice of Proposed Rulemaking recommending regulations for cyber incident and ransom payment reporting.
The Hindustan Times reports Reserve Bank of India deputy governor T Rabi Sankar said the new draft data protection bill should include protections for customer data.
Ireland's Data Protection Commission announced submission of a preliminary decision against alleged TikTok children's privacy violations to members of the European Data Protection Board under Article 60 of the EU General Data Protection Regulation. The case, which began in September 2021, concerns TikTok's platform settings and transparency around the processing of minors' personal data.
France’s data protection authority, the Commission nationale de l'informatique et des libertés, fined legal service provider Infogreffe 250,000 euros for violating the EU General Data Protection Regulation. An investigation found alleged violations of data retention requirements under Article 5(1)(e) of the GDPR and data security obligations under Article 32.