An independent study conducted by researchers from software company Mysk indicated Apple tracks and collects data from iPhone users despite user setting preferences, Gizmodo reports. "Opting-out or switching the personalization options off did not reduce the amount of detailed analytics that the app was sending," researcher Tommy Mysk said.
Credit rating agency Moody’s forecasted companies could enjoy a “credit positive” environment next year as rules surrounding the reporting of cyberattacks in the U.S. have tightened, Axios reports. As credit rating agencies have applied greater scrutiny to companies’ cybersecurity and history of data breaches to assess their creditworthiness, Moody’s predicted the U.S.
The California Age-Appropriate Design Code Act may lead to greater privacy protections for minors across the U.S., Government Technology reports. The law, which goes into effect in 2024, could make it “difficult for technology companies to apply different rules to users in different places,” and could compel them to add stronger protections by default.
Attention to and responsibilities concerning multifactor authentication are on the rise for U.S. organizations handling personal data. The focus stems from regulatory attention and is reflected through both enforcement and guidance from the U.S. Federal Trade Commission and Cybersecurity and Infrastructure Security Agency, respectively.
U.S. senators sent a letter to U.S. Federal Trade Commission Chair Lina Khan asking the agency to stop its rulemaking initiative on commercial surveillance and lax data security, MediaPost reports. Sens.
Politico reports members of European Parliament are making clear their displeasure regarding the U.K.'s plans to overhaul its data protection laws and risk the EU-U.K. adequacy. A recent meeting between MEPs and U.K. officials left EU representatives skeptical of the direction of proposed U.K. General Data Protection Regulation reform.
Members of European Parliament are expected to discuss the definition of artificial intelligence and governance structure within the upcoming AI Act during a meeting this week, Euractiv reports.
Brazil's data protection authority, the Autoridade Nacional de Proteção de Dados, published its 2023-2024 regulatory agenda. The ANPD will carry over several ongoing initiatives from the agenda of the prior biennium, including rulemaking procedures concerning international data transfers, data protection impact assessments and data protection officer requirements. The items carried over take precedent on the new agenda.
Digital Industry Group, the Business Council of Australia and Tech Council of Australia called privacy legislation that increases data breach penalties to $50 million or more "overreach" by targeting overseas customers, the Guardian reports. The BCA said "an unintended drafting error" would make U.S. companies with Australian users liable for how overseas users' data is handled.
Credit reporting company Experian and telecommunications provider T-Mobile entered into multistate settlements over data breaches sustained by both companies, Massachusetts Attorney General Maura Healey announced. The penalty for Experian totaled $13.67 million for breaches in 2012 and 2015, while T-Mobile’s penalty was $2.5 million for a 2015 breach. Per the settlements, Experian must offer five years of free credit monitoring to 15 million affected customers around the U.S. and implement stronger data protection practices.