EU Ombudsman Emily O'Reilly determined the European Commission's monitoring of the Irish Data Protection Commission's handling of "big tech" cases through bi-monthly overviews is "appropriate," RTÉ reports.
Scuba diving might not be the first thing that comes to mind when privacy professionals think of an incident response plan. But there are parallels and Melanie Ensign — an avid diver certified in rescue and prevention, and founder and CEO of Discernible — draws on them in her work in both areas.
A data breach at education publishing company McGraw Hill may have exposed “hundreds of thousands” of college students' emails and grades, Higher Ed Dive reports, citing a report from online privacy firm vpnMentor. Per the report, vpnMentor discovered the breach in June and tried to contact the company for months.
U.S. Sen. Jon Ossoff, D-Ga,. sent a letter to the FBI inquiring about its facial recognition practices. The letter, cosigned by U.S. Reps. Ted Lieu, D-Calif., and Yvette Clarke, D-N.Y., pressed the agency on the accuracy of the facial recognition systems it employs to ensure the use of the technology respects the freedoms of speech and privacy protected by the First and Fourth Amendments.Full Story
The anticipated finalization of California Privacy Rights Act regulations has been pushed back again. While the CPRA takes effect in just under two weeks — on Jan. 1, 2023 — the California Privacy Protection Agency continues working to promulgate final rules. CPPA Executive Director Ashkan Soltani said the final rules will likely be released in late January and, following a review by the California Office of Administrative Law, would take effect around April. IAPP Staff Writer Jennifer Bryant has the latest details from the CPPA’s Dec.
In this week’s Global News Roundup, a cryptocurrency exchange was fined by the Australian Communications and Media Authority. The rapporteur for France's data protection authority, the Commission nationale de l'informatique et des libertés, recommended a 6 million euro fine against Apple for alleged breach of privacy rules. Slovenia’s National Assembly adopted the Personal Data Protection Act. And U.S. lawmakers introduced a bill to ban TikTok. (IAPP member exclusive.)Full Story
Leaders of the European Commission, the Council of the European Union and European Parliament signed a declaration on EU digital rights and principles that highlights "the EU's commitment to a secure, safe and sustainable digital transformation." The declaration comprises six chapters focused on EU core values and fundamental rights and aims to "guide policy makers and companies dealing with new technologies." Institutions also put emphasis on the declaration fostering "control about how personal data is used and with whom it is shared."
U.S. District Court, Northern District of California Judge James Donato denied Meta Platforms' request for preliminary approval of a $37.5 million privacy class-action settlement regarding its collection of users' IP addresses that revealed location information, MediaPost reports. Donato said he denied the settlement for several reasons, including concerns the settlement amount was unreasonable given it affected an estimated 70 million people. Lawyers have until Feb.
"Data mapping" is typically considered the foundational step for any privacy program — but what exactly is it? BigID Chief Privacy Officer Heather Federman, CIPP/US, writes it's more than a compliance exercise. "It also demonstrates the more you know your data, the better you can protect and leverage it for greater business insights," she said. Federman walks through suggested steps for those in data governance and privacy professionals.