Data Privacy Highlights

This week Justin Daniels and I are taking you through the top stories in privacy, including fines for Meta, Microsoft, the adoption of CPRA and VCDPA, Blockchain adoption, as well as welcoming Kimberly Burnham, JD, CIPM to our team! In addition, I had the honor of sharing with IAPP the impact of CPRA and VCDPA for companies.

Don’t forget to grab your copy of WSJ, USAToday, Amazon and Barnes & Noble Best-Seller, Data Reimagined: Building Trust One Byte at a Time, written by privacy and cybersecurity experts Jodi and Justin Daniels. www.redcloveradvisors.com/book-sales

??Welcoming Kimberly Burnham to the Red Clover Advisors Team!

We are so excited to introduce Kimberly Burnham as our new Senior Privacy Consultant here at Red Clover Advisors. Kimberly is coming to us from Vail Resorts where she spent two years as their Data Privacy Lead.

?? Irish Data Protection Commission fines Meta €390M Euros over legal basis for personalized ads

The Irish Data Protection Commission (DPC) has fined Meta a total of 390 million Euros concluding the company’s Facebook and Instagram advertising and data handling practices were in breach of EU privacy laws.

The Irish DPC announced that Meta’s basis for seeking user consent to collect data for personalized advertising on Instagram and Facebook is invalid. The company has three months to bring its data processing operations into compliance with the GDPR.

Meta violated transparency obligations by not clearly outlining its legal basis for personal data processing to users and invalidating its “contract” legal basis for personal data processing for ad targeting.

This follows four other fines from Irish regulators over data privacy violations since 2021, resulting in fines totaling to more than 900 million euros.?

In a post on Twitter, Future of Privacy Forum VP for Global Privacy Gabriela Zanfir-Fortuna said the Meta decision is “probably the most significant enforcement decision” since the GDPR’s implementation, not because of the notable fine, but the “changes that Meta will need to make to the services provided.”

For more on this topic from the IAPP: https://iapp.org/news/a/irish-dpc-fines-meta-390m-euros-over-legal-basis-for-personalized-ads/?mkt_tok=MTM4LUVaTS0wNDIAAAGJJ6TOJjRC7Kn_S4qq3EKYJwbur5vRC4-drMaHk9bReTeR1tKn5p1dHsDqg5_waH3REbrtpBvKncUqaOl1FGamuMDSZ2mS-zf9gg8jCa1vSgd1

?? French Regulator Hits Microsoft With €60 Million Fine Over Bing Cookie Consent

Microsoft is facing scrutiny as France’s lead privacy regulator, National Commission on Informatics and Liberty, (CNIL) has issued a €60 million Euro fine against the company over insufficiently transparent cookie consent policies.

It has been determined that Microsoft’s Bing search engine does not provide users with clear enough instructions for opting out of its tracking cookie system.

Microsoft has been given three months to get the system into compliance, or it could face additional fines of €60,000 per day.

CNIL emphasized that the cookie consent issue was that it was easier to accept cookies than to refuse them on the search engine.?

Microsoft appears to have accepted the cookie consent fine, but issued a statement pushing back against the decision to penalize the company for the deployment of its cookies that are used to combat ad fraud.?

More from CPO Magazine on the Microsoft Fine Over Bing Cookie Consent: https://www.cpomagazine.com/data-protection/french-regulator-hits-microsoft-with-e60-million-fine-over-bing-cookie-consent/

?? 2023 Brings US Privacy Law Preparedness Into Focus

Both the California Privacy Rights Act (CPRA) and the Virginia Consumer Data Protection Act (VCDPA) took force on Jan. 1, 2023 and different laws in Colorado, Connecticut and Utah will also go live at different points in 2023.

The CPRA amends the existing California Consumer Privacy Act (CCPA) with changes and updates including:?

• enforcement power to the California Privacy Protection Agency
• a higher threshold for covered entities
• a new category for sensitive personal information
• enhanced children's privacy provisions and?
• expanded notification requirements

Virginia’s CDPA law incorporates CPRA principles, including?

• language for data subject rights
• contract requirements and?
• privacy policy obligations.

Red Clover Advisors founder and CEO Jodi Daniels , indicated the shared provisions do allow for some streamlined compliance planning.

"Ensuring vendor contracts are updated and vendor due diligence has been performed is also important for both California and Virginia, as are performing privacy impact assessments," Daniels said. "Companies are then trying to figure out, once the baseline is created, how they maintain it all and keep the data inventories updated, while also catching new activities that need impact assessments."

For more on what is to come in 2023: https://iapp.org/news/a/2023-brings-us-state-privacy-law-preparedness-into-focus/

??? Blockchain: The Road to Adoption

The use of blockchain is growing as a decentralized form of finance. From banking transactions to digital concert tickets - this software poses security risks and can result in adverse online experiences. So, what does this mean for the future of blockchain?

In the latest episode of She Said Security/He Said Privacy, Justin Daniels and Jodi Daniels chat with Zenobia Godschalk, SVP of Communications at Hedera, to discuss security trends in the blockchain space given that blockchain is still widely unregulated.

Zenobia emphasizes that companies seeking to integrate blockchain must understand its underlying protocols and technology infrastructure to create seamless consumer interactions. Listen now to learn more about venture capital’s security regulations for blockchain, how to build trust in decentralized finance, and how to optimize digital transactions.

Listen to the podcast here: https://redcloveradvisors.com/podcasts/blockchain-the-road-to-adoption/