Articles from Around the Web

European Commission to introduce IoT cybersecurity rules

Euractiv reports the European Commission will soon introduce the Cyber Resilience Act, which lays out cybersecurity requirements for connected devices. The draft framework will cover digital products and their data processing solutions with exemptions for products covered by sector-specific regulations. Proposed security requirements for product design and development processes include ensuring confidentiality of data, encryption and purpose limitation principles.

How stakeholders can address privacy post-Roe v. Wade reversal

Organizations and individuals are still grappling with the impacts to women's reproductive health privacy following the U.S. Supreme Court's reversal of Roe v. Wade. The IAPP Resource Center carries guidance documents produced by Morrison Foerster outlining best practices for responding to the new landscape following the court's ruling, including privacy best practices for individuals, health care providers and technology companies.

Indonesia advances Personal Data Protection Bill to ratification process

The Indonesian House of Representatives announced an agreement between the House Commission on Defense, Foreign and Information Affairs and the Ministry of Communication and Information to elevate the Personal Data Protection Bill to plenary meeting for immediate ratification into law. "The PDP Bill raises public awareness and ensures recognition and respect for the importance of protecting personal data," Minister of Communication and Information Johnny Plate said.

CJEU to consider questions from IAB Europe TCF decision

TechCrunch reports the Belgian Market Court suspended IAB Europe's appeal of the Belgian Data Protection Authority's decision on the Transparency and Consent Framework while referring questions to the Court of Justice of the European Union. The referrals to the CJEU focus on the definition of joint data controllership and whether user consent signals via TCF can be considered personal data under the EU General Data Protection Regulation.

Potential class-action lawsuit alleges Walmart violated Illinois' BIPA

A recently filed lawsuit that may be granted class-action status alleges Walmart violated the Illinois Biometric Information Privacy Act. The complaint, brought by Illinois resident James Luthe, alleges Walmart illegally used “cameras and advanced video surveillance systems” and a software database provided by Clearview AI.

ICO cites 2 government departments for late FOIA responses

The U.K. Information Commissioner’s Office issued an enforcement notice to the Department for International Trade and a practice recommendation to the Department for Business, Energy and Industrial Strategy. The recommendation to the BEIS was for “persistent failures” in responding to information access requests within the time limit required by law. The DIT was late in responding to more than 50% of requests between January and March.

CARU says children's game app maker violated COPPA

BBB National Programs' Children’s Advertising Review Unit found the owner of a children’s mobile application game violated the U.S. Children’s Online Privacy Protection Act. The company, Tilting Point Media, also violated CARU’s self-regulatory Guidelines for Advertising and for Children’s Online Privacy Protection. Per COPPA and CARU guidelines, companies cannot collect the personal information of users under age 13. However, CARU reviewers were able to use the app posing as a 10-year-old and could consent to receive “personalized” advertising.

Tech provider of Oklahoma Student Loan Authority hacked

The technology provider of the Oklahoma Student Loan Authority suffered a data breach that exposed personally identifiable information of more than 2.5 million people, Bleeping Computer reports. Nelnet Servicing was targeted by hackers in June and “likely” compromised the company network and remained on its systems until July 22. Nelnet provides technology services to OSLA and EdFinancial, a student loan institution.

Intersection of privacy, marketing at the heart of landmark CCPA fine

The $1.2 million California Consumer Privacy Act fine against retailer Sephora put businesses on notice that the California attorney general's office stands ready to crack down on data mishandling. The first-ever enforcement action under the CCPA also shows the attorney general's interpretation of the law, particularly as it relates to data sales and consumer opt-outs.

PCPD reminds companies of CAC's cross-border transfer security measures

Hong Kong’s Office of the Privacy Commissioner for Personal Data reminded covered entities to begin complying with the Cyberspace Administration of China's Security Assessment Measures on Cross-border Transfers of Data, which took effect Sept. 1. Hong Kong-based companies doing business in mainland China may be required to report their security reviews on transfers to the CAC if they meet certain coverage thresholds.

Search form

Search form

Search form

Discover the latest industry insights and developments with our News from Around the Web page. We curate feeds from a variety of reputable organizations, bringing you a comprehensive overview of relevant news and trends. Stay informed and connected with the most current updates from across the web.