Data Privacy Highlights: July 10

Welcome to this week's privacy update! We've got some significant developments to cover, from Delaware's proactive approach to data privacy to guidelines for choosing privacy rights automation software. Let's dive into the key issues shaping the data privacy today.

???Delaware Launches Personal Data Privacy Portal

???Do You Really Need to Read the Privacy Notice??

?? Twilio Breach Highlights Importance of Vigilant Security

??? Upcoming Webinar: Privacy as a Sales Enabler with Ketch

??? Microsoft Could Revolutionize Privacy with Visual Encryption Eye-Tracking

???Colorado Protects Neural Data Privacy with New Law

???A Look at Big Tech’s Efforts to Influence Data Privacy

???Social Media Platforms Worry New Data Law Could Affect Child Safety and Ads

?? Brazil Halts Meta's AI Data Processing Amid Privacy Concerns

?? Congress Ignoring Small Businesses in Rush to Pass Data Privacy Bill?

???Meta’s Pay-for-Privacy Model Is Illegal, Says EU

??Guidelines for Choosing Privacy Rights Automation Software

?? Red Clover Advisors Hiring Senior Privacy Consultant

?

and...

???AI Predators and Digital Dangers: Keeping Children Safe Online w/ Angeline Corvaglia , Founder of Data Girl and Friends ?

----

Delaware Launches Personal Data Privacy Portal

The Delaware Department of Justice has unveiled a new personal data privacy portal aimed at helping parents, consumers, and businesses navigate the upcoming Delaware Personal Data Privacy Act (DPDPA), which takes effect on January 1, 2025. This act introduces stringent guidelines for handling personal data, granting Delawareans greater control over their information. Businesses must now disclose their data practices, obtain consent for collecting sensitive information, and implement robust security measures.

This is a crucial step towards greater transparency and accountability in data handling. Businesses should start preparing now to comply with these new regulations, ensuring they can meet the January 2025 enforcement date without any hitches. Begin auditing your current data practices and update your privacy policies to align with DPDPA requirements. Read the full article?here.?

Do You Really Need to Read the Privacy Notice??

Privacy notices often get overlooked, but they are critical in understanding how your data will be used. The Information Commissioner’s Office (ICO) has launched a series of short videos to help users understand the importance of privacy notices, especially for health-related apps like period and fertility trackers. These resources encourage users to ask key questions about data deletion, security measures, and data sharing before signing up. Learn more?here.

Twilio Breach Highlights Importance of Vigilant Security

Last week, Twilio confirmed that hackers accessed the phone numbers of 33 million Authy users. While this might seem minor, it poses significant risks. Attackers could use these numbers to launch targeted phishing attacks, pretending to be Authy or Twilio, and trick users into revealing sensitive information.

Ensure your systems are secure by regularly updating and patching endpoints. Educate your employees and users on recognizing phishing attempts. Read the full article?here.

Upcoming Webinar: Privacy as a Sales Enabler: Boost Your Business with a Strong Data Privacy Program

Join Jonathan Joseph , Head of Solutions at Ketch and Jodi Daniels, CEO of Red Clover Advisors for an insightful webinar to discover how integrating data privacy into your business strategy can dramatically boost your sales efforts. Learn how to harness the power of demonstrating your commitment to data protection to elevate customer trust, distinguish your brand, and amplify your revenue.?

Register?here.

Microsoft Could Revolutionize Privacy with Visual Encryption Eye-Tracking

Microsoft might soon introduce a groundbreaking encryption technology using eye-tracking to enhance document privacy. A recently published patent reveals a system that encrypts text, displaying it clearly only where the user's gaze is focused. Anyone else viewing the screen sees a jumbled mess of letters. This approach contrasts with current methods that blur text outside the reader's focus, which can be cumbersome. If implemented, this could significantly improve visual privacy for users, making unauthorized viewing nearly impossible. Read the full article?here.

Colorado Protects Neural Data Privacy with New Law

Colorado has become the first state to extend privacy protections to neural data under its Colorado Privacy Act. This new law requires businesses to obtain consent before collecting neural data, such as data from brain activity measured by devices like EEG headbands or Neuralink’s implants.

As neurotechnology becomes more mainstream, protecting neural data is essential. This law sets a precedent that other states may follow, highlighting the need for businesses to stay ahead in protecting all forms of sensitive data. Read more?here.

?

A Look at Big Tech’s Efforts to Influence Data Privacy

After years of failed attempts, Maryland has finally passed a data privacy bill, echoing similar struggles seen across the U.S. From Maine to Maryland, tech giants like Meta and Google have been deploying their resources to influence legislation.

In Maine, significant time and energy went into crafting two competing data privacy proposals. Despite neither bill passing, they saw an immense amount of lobbying—more than even the highly debated supplemental budget bill.

This story isn’t unique to Maine or Maryland. Lawmakers from Oklahoma, Kentucky, and Montana shared similar experiences, underscoring a nationwide trend of tech companies exerting their influence to shape data privacy laws. Read the full article?here.

?

Social Media Platforms Worry New Data Law Could Affect Child Safety and Ads

Social media companies like Google, Meta, YouTube, and Snap are raising concerns over India's new Digital Personal Data Protection (DPDP) Act. The law’s restrictions on behavioral tracking of children, coupled with the need for verifiable parental consent, could potentially compromise child safety, these platforms argue.

The DPDP Act aims to enhance data privacy by requiring parental consent for processing minors’ data and disallowing behavioral tracking of children. However, tech giants stress that such measures might hinder their ability to protect young users effectively. They point to similar regulations in the European Union, which initially banned behavioral tracking but had to be revised to re-enable certain safety features. Learn more?here.

?

Brazil Halts Meta's AI Data Processing Amid Privacy Concerns

Brazil's data protection authority, Autoridade Nacional de Prote??o de Dados (ANPD), has temporarily banned Meta from processing users' personal data for AI training. The ANPD cited inadequate legal grounds, lack of transparency, and risks to children as reasons for the ban. This decision comes after Meta updated its terms to use public content from Facebook, Messenger, and Instagram for AI training.

Human Rights Watch reported that the dataset LAION-5B, used for AI training, included identifiable photos of Brazilian children, raising concerns about deepfake risks. With about 102 million active users in Brazil, Meta's update violates Brazil's General Personal Data Protection Law (LGBD). Meta must comply with the order within five days or face fines.

Meta argues that their policy complies with Brazilian privacy laws, stating the ruling hinders innovation. The company faces similar issues in the EU, where it paused AI training plans due to data privacy regulations. Read the full?article.

?

Congress Ignoring Small Businesses in Rush to Pass Data Privacy Bill?

Small businesses are expressing concerns about the American Privacy Rights Act (APRA) H.R. 8818, which threatens to increase costs and inconvenience for millions. Despite outreach to Congress, loopholes in exemptions for small businesses would expose them to civil lawsuits and eliminate ordinary customer data and advertising practices.

Small businesses rely on digital advertising for growth and competition. The APRA's current form could hinder innovation, jobs, and economic growth by imposing strict regulations on digital advertising, which is deemed non-essential under proposed data minimization rules.

Learn more?here.?

?

Meta’s Pay-for-Privacy Model Is Illegal, Says EU

The European Commission has declared Meta's "pay or consent" subscription model illegal under the new Digital Markets Act (DMA). This model, introduced in November 2023, allowed users to pay up to €12.99 per month for privacy instead of consenting to personalized advertising.

The Commission's concern lies in providing users with the power to decide how their data is used. They demand an alternative option for users, one that may still contain ads but is less targeted. This ensures that innovative companies can compete on equal footing with tech giants on data access.

If Meta cannot reach an agreement with regulators by March 2025, the Commission has the power to levy fines of up to 10 percent of the company's global turnover. This decision follows a series of reprimands issued by the EU to US tech giants, highlighting the bloc’s stringent stance on data privacy and competition.?Read more.

?

Guidelines for Choosing Privacy Rights Automation Software

The wrong software can lead to more work, frustration, and worse results.?Avoiding this issue is a top priority for any business looking to automate?privacy rights. Choosing the right privacy rights automation software is crucial; knowing how to evaluate your options can save you unnecessary pain.??

Common Challenges in Managing Privacy Rights:

• Data Proliferation: Difficult to locate relevant information without accurate mapping.
• Volume of Requests: High request volumes can overwhelm internal resources.
• Scope of Requests: Requests vary widely and need different handling methods.
• Identity Verification: Necessary but can add complexity and delay.
• Vendor Relationships: Compliance may require passing requests to third parties.
• Compliance Timelines: Meeting deadlines can be tough without clear policies.

Read the full article for the 3 guidelines to follow when choosing the right privacy rights automation software?here.

?

HIRING: Red Clover Advisors Seeking Senior Privacy Consultant

We're hiring! Red Clover Advisors is seeking a motivated and engaging Senior Privacy Consultant to join our growing team. This client-facing role focuses on:

• Data inventories
• Privacy rights processes
• Cookie/pixel governance
• Privacy Impact Assessments (PIAs)
• Training
• Privacy program assessments
• Implementing and using privacy software effectively

We offer a remote-first, collaborative, non-competitive, and supportive culture. If you're passionate about privacy consulting, enjoy learning from peers, thrive in a fast-paced environment, and deliver impeccable customer service, this could be a great fit for you.

If you or someone you know is interested, check out the full job description for more details and requirements. Learn more?here.

AI Predators and Digital Dangers: Keeping Children Safe Online

In this week’s episode of?She Said Privacy/He Said Security,?Jodi and Justin Daniels chat with Angeline Corvaglia , the Founder of Data Girl and Friends , about protecting girls online. She shares actionable insights on shielding kids from intrusive data practices and online predators and discusses the underlying societal pressures that amplify these risks especially for girls.

Here’s a glimpse of what you’ll learn:?

• Angeline Corvaglia’s career journey from finance to founding Data Girls and Friends
• The common online risks impacting girls and the increasing pressures they face
• Strategies?parents can use to explain online risks to their teenagers
• How global child privacy laws have evolved and their impact on protecting children
• Angeline’s expert tip for safeguarding children, especially girls, online

Listen to the podcast?here.