Privado.ai

Prashant Mahajan explains how scanning websites from different geographies helps privacy teams: - Simulate real user experiences across regions - Detect unauthorized tracking beyond cookies - Map real-time data flows to compliance policies

?? The first My Health My Data Act (MHMDA) privacy lawsuit is here! Read our latest blog to learn why Amazon was just sued for violating the state of Washington’s new MHMDA and how companies can regularly audit their mobile apps to prevent MHMDA violations. Read the blog ?? https://lnkd.in/gXVrn9TZ

Privacy risks start in development, not after release. Yet, most teams catch issues too late—leading to compliance gaps and last-minute fixes. Vaibhav Antil breaks down how to embed privacy into your tech stack from day one.

Kelly Peterson (she/her), FIP,CIPM,CDPSE,CIPP/E shares Grindr’s approach to embedding Privacy by Design into product development—where privacy isn’t just a policy but a built-in feature. ? Structuring a privacy program that scales ? Aligning engineering decisions with compliance ? Moving from trust-based to evidence-based privacy

From Browser to Mobile: AB 566 Proposes a Universal Global Opt-Out On February 12, Assemblymember Josh Lowenthal introduced AB 566, a bill designed to simplify data privacy by integrating an opt-out preference signal across both web browsers and mobile operating systems. Today, browsers such as Brave, DuckDuckGo, and Mozilla Firefox already offer native support for opt-out signals, yet the market leaders like Google Chrome, Microsoft Edge, and Apple Safari lag behind. As mobile devices increasingly become the primary way to access the internet, the absence of similar protections on mobile platforms leaves consumers and privacy managers facing additional challenges. AB 566 aims to bridge this gap by establishing a single, global opt-out setting that communicates a user's privacy choice to every website and app automatically. This initiative promises to reduce complexity and enhance the protection of sensitive information, from personal health details to financial data. What do you think about AB 566? How would you prepare for AB 566? Read more: https://lnkd.in/dHgP4i3u #privacy #dataprotection #CPPA

?? It’s time to uplevel consent management! Our research shows 75% of top websites are not privacy compliant with US and European regulations, and the threat of CIPA lawsuits has never been higher. Consent Management Platforms have proven to be too difficult for privacy teams to audit. Consent monitoring solutions are needed to ensure compliance. This comprehensive guide explores everything businesses need to know about consent management, including the latest: ?? Consent requirements for websites & apps ?? Consent management and monitoring solutions ?? Best practices for risk mitigation Read the guide ?? https://lnkd.in/gaS-x7P7

Inside the amazon MHMD lawsuit: why regular mobile app audits are essential for privacy Plaintiff Cassaundra Maxwell has filed a landmark class action against Amazon[.]com, Inc. and Amazon Advertising, LLC, alleging that Amazon harvested millions of consumers' location and health data via its advertising SDK. It is the first lawsuit under Washington’s MHMD Act, setting a precedent for privacy enforcement. What happened: Amazon embedded its Ads SDK into thousands of mobile apps to covertly collect sensitive data, including geolocation, device identifiers, and biometric signals. Users unknowingly allowed the SDK to run, capturing personal and health data without consent. This data was used for targeted ads and sold to third parties, generating profits. The lawsuit alleges federal law violations (e.g., Federal Wiretap Act, Stored Communications Act, Computer Fraud and Abuse Act) and breaches of state consumer protection statutes and the MHMD Act. Key issues: a) Lack of User Consent: Consumers were not informed that their location and health data was captured and monetized. b) Hidden Data Flows: The SDK operated discreetly, bypassing disclosures and hiding its data harvesting. c) Regulatory Non-Compliance: Amazon’s practices allegedly violate multiple privacy and consumer protection laws. d) Unjust Enrichment: Amazon profited from unauthorized data collection at the expense of its users. Mapping legal statutes and violations: - MHMD Act: SDK covertly harvests health and location data without consent. - Federal Wiretap Act (FWA): SDK intercepts real-time communications without user awareness. - Stored Communications Act (SCA): SDK stores intercepted communications without permission. - Computer Fraud and Abuse Act (CFAA): SDK exceeds access permissions on mobile devices for data collection. - Washington Consumer Protection Act (CPA): SDK conceals data collection, misleading consumers with false transparency. Why this matters: a) Pioneering MHMD Act Enforcement: The first challenge under the MHMD Act, crucial for stronger privacy rights in Washington. b) Industry-Wide Implications: Highlights the urgent need for transparency and accountability in mobile app SDKs. c) Consumer Trust at Stake: Transparent, consensual data collection is vital for protecting privacy and maintaining trust. The way forward: 1) Regular Mobile App Scanning: Routinely audit apps to detect unauthorized SDK behavior and hidden data flows. 2) Robust SDK Governance: Establish strict protocols for integrating and monitoring SDKs with full data transparency. 3) Enhanced Dataflow Monitoring: Continuously monitor data channels to promptly detect covert collection. 4) Transparent User Communication: Update privacy policies to clearly explain data practices and secure explicit consent. How is your team preparing for compliance with the MHMD Act and adapting to emerging privacy regulations? #Privacy #SDK #MHMD #ClassAction #DataSecurity #AdTech #FWA

Join Rob Priore, CIPP, CDPSE of ZoomInfo next Thursday as he shares his experience and insights for efficiently and accurately monitoring cookie compliance.

Closing the Gaps in Cookie Banner Compliance 75% of the top visited websites in the US and Europe?have compliance issues due to evolving website configurations, unmonitored tag management, and overlooked third-party data flows. Join Rob Priore, CIPP, CDPSE and Vaibhav Antil as they uncover the gaps in cookie banner compliance and explore technology-driven solutions for ensuring continuous compliance. This webinar will discuss: ?? Why do CMPs capture consent but fail to enforce it? ?? How do marketing and development teams unknowingly create compliance risks? ?? How can businesses automate consent enforcement and generate audit-ready proof for regulators? ?? Register here: https://lnkd.in/d_JWiRCm

It's been amazing partnering with PICCASO (Privacy, InfoSec, Culture Change & Awareness Societal Organisation) to bring together privacy professionals in London. We hope to have another one very soon! See you there!