Data Privacy Highlights & IAPP Global Privacy Summit Recap: April 5

This Week in Data Privacy, we're covering a variety of topics, including...

?? CPPA Enforcement Advisory: Data Minimization in Privacy Rights Requests

???? Florida Implementing Strict Social Media Ban for Minors

??? White House Setting AI Policies to Safeguard Americans

??Adapting Privacy Training to Evolving Regulations

?? US State Privacy Law Update from @ David Stauss

?? Privacy & Personalization: Evolving Digital Advertising

?? U.S. Drafting New Cyber Incident Reporting Rules

?? Apple Facing a Lawsuit Over AirTag Privacy Concerns

?? Google Settling 'Incognito' Lawsuit: Deletes User Data

?? US Government Mandates AI Safeguards

??? Podcast episodes of She Said Privacy/He Said Security: Privacy and Security Concerns in Data Retention With Bill Piwonka and Cybersecurity Scorecards with Owen Denby Denby

AND

Summarized points from the Red Clover Advisors team from the IAPP Global Privacy Summit.

US Regulators are focused on:

• Federal lawsuits related to data privacy have doubled since 2018
• California: Connected vehicles, appropriate notice & choice, dark patterns. Note that the CPPA has ramped up their staff to 40+ and plans to hire technologists, auditors and will continue to issue enforcement advisories that highlight priorities.
• Oregon: Access rights request companies provide a full list of third parties to which they disclose personal information
• Connecticut: Accurate and functional privacy notices, appropriate collection of sensitive personal information
• Colorado: Specific consent obligations, dark patterns

Shifting Concept of Consent:

• Watch secondary use of consent and review for dark patterns.
• Be careful of consent in the employment context.

sign up for our email newsletter to get the full list of highlights coming out Tuesday morning!

CPPA Enforcement Advisory: Data Minimization in Privacy Rights Requests

The California Privacy Protection Agency (CPPA) published an enforcement advisory April 2, providing insight on companies’ data minimization obligations related to consumers’ privacy rights requests under the California Consumer Privacy Act (CCPA). Read Red Clover Advisors practical steps you can take here.

White House Sets AI Policies to Safeguard Americans?

The White House introduces binding AI policies for federal agencies, emphasizing citizen privacy and rights. While private sector compliance isn't mandatory, federal contracts incentivize ethical AI development. President Biden's executive order gives these policies force within the executive branch. Industry leaders should note the potential shift towards government standards. The NTIA's AI Accountability Policy Report offers compliance guidance, promoting trustworthiness. Regular audits will ensure adherence to ethical and safety standards. Read more. ?

Florida Implements Strict Social Media Ban for Minors

Florida Governor Ron DeSantis has signed a bill imposing one of the nation's toughest social media bans for minors. Children under 14 are barred from social media, while 14- and 15-year-olds need parental permission. The law aims to protect minors from addictive technologies. Despite potential legal challenges, supporters believe it will prevail, focusing on safeguarding minors rather than restricting content. Read more. ?

Adapting Privacy Training to Evolving Regulations

Employee data privacy training often evokes eye rolls, but it's crucial for safeguarding your company and respecting individuals' privacy. Different training approaches are needed for various roles and regulatory landscapes. Tailored training covers basics like data security and privacy laws while role-specific training focuses on job-related data handling. Learn more about the five tips to make your employee training engaging AND effective here. ?

?

?

US State Privacy Law Update

Last week saw significant progress, including Kentucky's passage of consumer data privacy legislation, making it the fifteenth state to do so. This bill, mirroring Virginia's model, carries exemptions and nuances unique to Kentucky's regulatory landscape. Notably, it adopts Connecticut's consumer-friendly definition of biometric data and introduces exemptions for certain organizations and utilities.

Meanwhile, Georgia's SB 473 failed to pass before the legislative session ended. Stay informed about updates from Maine, Maryland, Rhode Island, Vermont, and more. Read the full blog here.

U.S. Drafts New Cyber Incident Reporting Rules?

The U.S. Cybersecurity and Infrastructure Security Agency has released draft rules mandating critical-infrastructure firms report cyberattacks within 72 hours and ransom payments within 24 hours. These regulations aim to enhance national cybersecurity by analyzing attack patterns and tactics. However, companies express concerns over disclosing sensitive details. The rules cover essential sectors like healthcare, energy, and finance, exempting small businesses. CISA seeks public feedback before finalizing the regulations. Read more. ?

Apple Faces Lawsuit Over AirTags Privacy Concerns?

?A class-action lawsuit alleges Apple's AirTags didn't adequately address privacy issues, leading to stalking and abuse. Despite Apple's efforts to enhance security features, incidents of unwanted tracking persist. Users can detect AirTags with the Find My app, but safety concerns remain. If you suspect you're a victim, contact law enforcement or monitor the lawsuit's progress. Read more.?

?

Google Settles 'Incognito' Lawsuit: Deletes User Data

Google has agreed to delete vast user data, settling a $5 billion class action lawsuit over its 'incognito' mode. Despite no damages payout, users can seek compensation individually. The lawsuit, initiated in 2020, accused Google of secretly tracking users despite 'incognito' browsing. As part of the agreement, Google pledges improved disclosure policies and allows incognito mode users to block third-party cookies for five years. Privacy concerns continue to drive legal actions in the tech industry. Read more. ?

?

Privacy & Personalization: Evolving Digital Advertising

In the privacy-first era, digital marketers are innovating through storytelling and consent-based personalization. Organic content marketing is resurging, emphasizing transparency and value exchange. Artificial intelligence streamlines content creation, but regulatory scrutiny looms. Brands are exploring universal user IDs for tailored experiences while contextual targeting gains traction. Weighted measurement models offer nuanced insights, reflecting the industry's shift towards outcome-based marketing. Embrace privacy-forward strategies for ethical and effective consumer engagement. Learn more here. ?

?

US?Government Mandates AI Safeguards

The White House has ordered federal agencies to implement concrete measures safeguarding Americans' rights and safety in AI usage by December 1. Agencies must monitor AI impacts, mitigate discrimination risks, and ensure transparency. The directive requires public disclosures on AI usage. President Biden's executive order emphasizes sharing safety test results for AI systems. The move aims to balance AI's potential benefits with risks, ensuring accountability and oversight in government AI applications. Read more.

?

Privacy and Security Concerns in Data Retention With Bill Piwonka

In this episode of She Said Privacy/He Said Security, Jodi and Justin Daniels speak with Bill Piwonka, the Chief Marketing Officer at Exterro, on the subject of data retention and how it relates to privacy. They go step-by-step through the pressing concerns, how companies like Exterro seek to help, how laws play into the equation, and keeping up with the lightning-fast pace of AI development.

Here’s a glimpse of what you’ll learn:

• Bill Piwonka’s career journey and introduction to privacy and security
• Why data is the starting point for all privacy concerns
• How new privacy laws impact data retention
• What responsible AI can and should look like
• What makes a data retention program successful?
• The biggest privacy challenges in the modern day
• Advice for creating stronger passwords

?

Listen to the podcast here.

Measuring Cybersecurity & Privacy Scorecard with Owen Denby

In this episode of She Said Privacy/He Said Security podcast, Jodi and Justin Daniels sit down with Owen Denby, General Counsel of SecurityScorecard to discuss:

?? How SecuritySecorecard helps companies evaluate their security

?? How SEC rules affect security for private companies

?? Putting guardrails around AI

?? Privacy’s role in security scorecards

?? Common security problems businesses continually face

? Keeping up with rapidly changing regulations

Don't miss this insightful episode that sheds light on the intersection of privacy, security, and technology.

Listen to full discussion here