The breakfast chain Tim Hortons is defending four class action lawsuits in Canada for allegedly collecting user geolocation data without user consent. According to a regulatory report, the Tim Hortons mobile app secretly collected a vast amount of geolocation data without user consent, violating Canadian law. The app allegedly cataloged every time a user entered

Unjected, a dating app and the “largest unvaccinated platform” online, apparently left its entire website’s back end unsecured. Security researchers, working with Daily Dot reporters, reportedly accessed the site’s administrator dashboard, which had been left entirely unsecured and in de-bug mode. As a result, they got incredible access, including the ability to view and modify

INRIX, a company that provides location-based data analytics, has been collecting, analyzing, and selling aggregated vehicle, traffic, and parking data for over 17 years. Now, after the Roe v. Wade decision, INRIX is under scrutiny for its data collection tactics and the ability to view data related to Planned Parenthood clinics. In a brochure for

Recent reports from several European Data Protection Authorities (DPAs), the bodies empowered to regulate consumer privacy under the General Data Protection Regulation (GDPR), have ruled that Google Analytics violates the law. DPAs in Austria, France, and Italy have found that the tool, which allows website owners to track and analyze traffic to their sites, impermissibly

On Friday, the newly created California Privacy Protection Agency (CPPA) issued its first proposed regulations under the California Privacy Rights Act (CPRA).

The proposed rules have drawn criticism for requiring companies to treat browser-based “Do Not Track” signals as consumers asserting their opt-out rights. This rule came as a surprise to many observers because, as

Connecticut Governor Ned Lamont signed the Personal Data Privacy and Online Monitoring Act (CPDPA) into law on May 10, 2022, making Connecticut the most recent state to pass its own privacy law in the absence of comprehensive federal privacy legislation. Connecticut follows in the steps of Nevada, California, Virginia, Colorado and Utah in enacting its

Researchers from the Mozilla Foundation reviewed the privacy policies of 32 mental health apps ranging from guided meditation to telehealth counseling services and flagged 28 of them as having “Privacy Not Included.” In addition, the report sorts the apps from “Not creepy!” to “Super creepy!” (The rankings are each accompanied by a delightful emoji face

Kentucky Governor Andy Beshear recently signed House Bill 474 to become the latest state to enact data insurance security legislation. The new law is modeled after the data security law of the National Association of  Insurance Commissioners (NAIC). Licensees with more than 50 employees who are authorized to operate, or are registered under the insurance