Israel spyware maker NSO Group announced a restructuring that saw CEO Shalev Hulio resign and the layoffs of approximately 100 employees, CyberScoop reports. The company will reportedly pivot to marketing its materials to NATO countries.
The Office of the Data Protection Authority of Guernsey published a guide for applying the seven principles of the Data Protection Law 2017 to employee privacy. The guide reminded businesses that human resources data is subject to the Data Protection Law, as well as special category data, such as an employee’s ethnic origin and sexual orientation that require an enhanced level of security.Full Story
Politico reports Norway's data protection authority, Datatilsynet, is among the authorities objecting to the Irish Data Protection Commission's draft decision over Meta's EU-U.S. data transfers. Datatilsynet wants a fine attached to the DPC's decision, explaining there's "little or no incentive" for Meta or other companies to comply with EU data transfer rules without a financial consequence.
Former Twitter Head of Security Peiter Zatko filed whistleblower complaints to U.S. Congress alleging Twitter operates under lax and insufficient cybersecurity practices, CNN reports. The disclosures by Zatko claim the platform has issues with broad user data access without oversight and its data deletion practices are inconsistent.
The California Senate amended Assembly Bill 2273, the California Age-Appropriate Design Code, on third reading. The latest changes include increasing the data protection impact assessment submission timeline from two to three days and extending the period to cure violations from 45 to 90 days. The amendments move the bill back to the Senate's second reading calendar and it now requires Assembly concurrence for final passage. The California legislative session adjourns Aug.
The Wall Street Journal conducted a roundtable discussion with privacy professionals on the current landscape for employee surveillance and monitoring. Topics covered include how widespread monitoring has become, legal limits and ethical versus non-ethical deployments.
Indonesia's communications ministry opened a data breach investigation into state-owned telecommunications companies and a state-owned utility, Reuters reports. The entities under investigation are Telkom, internet service IndiHome and state utility Perusahaan Listrik Negara. A Telkom spokesperson denied there had been a breach, according to Reuters.
New York Times Editorial Board member Alex Kingsbury writes smartphones are inconsistent with the notion of privacy humanity enjoyed before their invention. He said now that such tracking and monitoring data is used to prosecute women seeking abortion services, people need to look to Congress to pass laws so their personal data does not incriminate them.
In this week’s global legislative roundup, U.S. citizens’ perceptions of privacy have handcuffed efforts to work on a comprehensive federal privacy bill. The European Data Protection Board issued a binding decision related to a 600,000 euro fine given to a French hotel chain. U.S. Big Tech companies may be gearing up for a legal fight over the EU Digital Markets Act. And Indian Parliament may abandon the creation of an independent data protection authority in a new data protection bill.
The U.S. Federal Trade Commission's Advanced Notice of Proposed Rulemaking for privacy and data security has been filed to the Federal Register, thus opening the 30-day public comment period. The commission is soliciting for comments on 95 questions that will shape its potential rulemaking. The deadline for public comments is Oct. 21 and the FTC will hold a remote forum Sept. 8 to explain potential process and substance of proposed rulemaking while collecting additional stakeholder feedback.