Data Privacy

Subscribe to Data Privacy

On September 26, 2023, Windows released a configuration update on Windows 11 version 22H2  (all editions) that is worth reading and applying, particularly if you use Windows Copilot.

According to Microsoft, it has identified that when using Copilot in preview:

  • Narrator does not work as you expect with challenge–response tests, such as Captcha.
  • Narrator fails

Google’s Workspace for Education will require school admins to independently approve all integrated third-party applications students use. Users under 18 cannot use their Google accounts to access third-party applications without consent configured in user settings. Access will terminate automatically on October 1, 2023. Google Workspace for Education’s Terms of Service does not cover third-party applications

This week, Delaware Governor John Carney signed the Delaware Personal Data Privacy Act into law. The bill goes into effect on January 1, 2025, and a public outreach effort will begin by July 1, 2024. The outreach effort will inform Delaware consumers of their rights under the new law and describe businesses’ obligations. Delaware is

On September 8, 2023, the California Privacy Protection Agency (CPPA) will discuss the two new sets of proposed California Privacy Protection Act (CCPA) regulations. Here is a breakdown of the two new proposed regulations and issues up for discussion:

Auditing Requirements: If a business processes data that poses a “significant risk to consumers’ security”

State privacy laws are changing rapidly in the U.S. Here are summaries of seven new state laws that have been enacted and go into effect in the next few years. We anticipate that more state legislatures will continue to enact privacy laws to protect consumers due to the absence of a federal privacy law.

Under each of the acts summarized below, consumers will have the right to access their personal data, the right to correct inaccurate data, the right to data portability, the right to have their data deleted, and the right to opt out of targeted advertising of personal data. Businesses will be required to practice purpose limitation, maintain data security, get consumer consent for data processing, and complete regular data impact assessments. Businesses will be barred from discriminating against consumers who exercise their rights under the law and will be required to secure data processing agreements with service providers. Similarly, these laws each exclude financial institutions or their affiliates that are governed by, or personal data that is collected, processed, sold, or disclosed in accordance with, Title V of the Gramm-Leach-Bliley Act ; state bodies/agencies; nonprofit organizations; institutions of higher education; national securities associations registered with the SEC; and covered entities or business associates as defined in the privacy regulations of the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA).

Continue Reading Seven States Have Upcoming Privacy Laws 

Earlier this month, the Commissioner of Data Protection of the Dubai International Financial Centre (DIFC), a financial free-zone in the United Arab Emirates (UAE), issued the first adequacy decision regarding the California Consumer Privacy Act (CCPA), which recognizes the CCPA as an equivalent to the DIFC Data Protection Law (DIFC Law No. 5 of 2020, as amended

Recently, the California Privacy Protection Agency (CPPA) announced its new initiative in investigating the data privacy practices of connected vehicle (CV) manufacturers and the related technologies. Generally, the CPPA will focus its regulatory efforts on retail, advertising platforms, online platforms, and hospitality sectors. However, since modern vehicles are now “effectively connected computers on wheels,” collecting lots of information from built-in apps, sensors, and cameras, CVs are just another source of data collection like our laptops and mobile devices. In the CPPA’s press release, the Agency stated that data privacy considerations are “critical” because CVs “often automatically gather consumers’ locations, personal preferences, and details about their daily lives.” Due to these factors, the CPPA will make inquires to CV manufacturers to understand how these companies are complying with the California Consumer Privacy Act and its amendments pursuant to the California Privacy Rights Act (collectively the CCPA).

Here’s what you need to consider if you are in the CV manufacturing industry or related technologies:

Continue Reading CPPA Announces Investigation of Connected Vehicle Manufacturers’ Privacy Practices

The White House hosted a roundtable meeting Tuesday on the data brokering industry as a part of an administration-wide push toward strengthening America’s consumer privacy landscape. The meeting brought together researchers, regulators, and consumer advocates. The Biden-Harris Administration has called for stronger national regulations on data brokering, or the buying and selling of personal consumer

The California Privacy Protection Agency’s (CPPA) Enforcement Division is conducting a review of data privacy practices by connected vehicle manufacturers and related technologies. The CPPA, which was established by the 2018 California Privacy Rights Act, has been primarily focused on developing regulations. This investigation marks its first significant enforcement effort.

Connected vehicles, with features like

On July 20, 2023, the Federal Trade Commission (FTC) and the Department of Health and Human Services (HHS) issued letters to hospitals and telehealth providers “about the privacy and security risks related to the use of online tracking technologies integrated into their websites or mobile apps that may be impermissibly disclosing consumers’ sensitive personal health