Data Privacy Highlights: September 18, 2024
Jodi Daniels
Practical Privacy Advisor / Fractional Privacy Officer / WSJ Best Selling Author / Keynote Speaker
?? Apple’s iOS 18 Update: What You Need to Know
??? Privacy By Design: Essential for Modern Product Development
?? Meta to Use U.K. Facebook and Instagram Posts to Train AI Models
?? Navigating the Latest State Privacy Laws: Key Updates for 2024
??? Colorado Privacy Act Updates: What You Need to Know
?? Texas Lawsuit Challenges Federal Patient Privacy Rules on Abortion Records
?? Privacy Offense vs. Privacy Defense: Why A Proactive Approach Wins
?? UK ICO Fuels Controversial ‘Consent or Pay’ Trend
?? Google Introduces Confidential Matching: A New Era of Secure Advertising
…and
?? The Future of Ad Tech: Privacy-Savvy Strategies for Businesses with Darren Abernethy
——
This week we’re exploring Apple’s iOS 18 privacy enhancements, new state privacy laws, how companies like Meta and Google are navigating evolving privacy expectations, why proactive privacy strategies matter, and more. Dive in to learn how to stay compliant, build trust, and stay ahead of evolving privacy challenges.
Key Privacy Features in Apple’s iOS 18 Update: What You Need to Know?
Apple’s iOS 18 update is live, bringing important security and privacy enhancements to iPhone users including a dedicated Passwords app, making it easier to manage credentials and alerting users of weak or compromised passwords. New features also allow users to lock or hide apps for added privacy when sharing their devices, while updates to contact-sharing settings give more control over who can access your data.
Apple’s enhanced AI privacy protections ensure personal data stays on your device, reducing privacy risks while using AI features. “Apple continues to build privacy into its products, making protections more accessible and easier to understand.” - Jodi Daniels, Red Clover Advisors.?Learn more.
Privacy By Design: Essential for Modern Product Development
Integrating privacy into product development is no longer optional—it’s essential. As privacy laws continue to evolve, businesses must adopt a "privacy by design" approach, embedding privacy into the product lifecycle from the start. This proactive strategy helps ensure long-term compliance, build consumer trust, and provide a competitive edge.?
The seven principles of privacy by design include making privacy the default setting, embedding it into design, and maintaining end-to-end security throughout the data lifecycle. By involving stakeholders, defining privacy requirements, and implementing strong security measures, companies can build products that respect user privacy and meet regulatory standards, setting themselves apart in the market.?Learn more. ?
Meta to Use U.K. Facebook and Instagram Posts to Train AI Models
Meta will start training its AI models using public posts from adult users on Facebook and Instagram in the U.K., reflecting British culture and aiding local businesses with advanced AI capabilities. Users aged 18+ will receive in-app notifications with the option to object to their data being used. Meta promises to honor objections and excludes private messages and minors' data. This move follows guidance from the U.K. Information Commissioner’s Office (ICO) on using first-party data under the "Legitimate Interests" basis. While Meta's approach aims to be more transparent, critics argue the opt-out mechanism shifts the burden to users. The ICO will monitor Meta's compliance, emphasizing the need for transparency and safeguards when using personal data for AI training.?Read more. ?
Navigating the Latest State Privacy Laws: Key Updates for 2024
State legislatures are actively pushing forward with privacy laws as the U.S. Congress continues to stall on a national framework. New laws in Kentucky, Maryland, Minnesota, Nebraska, New Hampshire, New Jersey, and Rhode Island set strict standards for data protection, consumer rights, and business compliance. These laws grant consumers rights to access, correct, delete, and opt-out of data sales, and require companies to implement safeguards, disclose data practices, and conduct data protection assessments.
Amendments in states like Colorado and Virginia now include enhanced protections for children's privacy, while other states like Utah and Tennessee are targeting social media use among minors. With varying compliance deadlines, businesses must stay proactive in understanding and adapting to each state's specific requirements to avoid penalties and maintain consumer trust. It's clear that privacy is no longer optional—it's a competitive necessity in today’s data-driven landscape. Get the full rundown from Miller Nash LLP?here.
领英推荐
Colorado Privacy Act Updates: What You Need to Know
The Colorado Attorney General’s office has proposed draft amendments to the Colorado Privacy Act (CPA) Rules, addressing new biometric and children’s privacy requirements and establishing a process for issuing opinion letters and interpretive guidance.
Businesses operating in Colorado should review these changes to ensure compliance by the effective dates.?Learn more.
Texas Lawsuit Challenges Federal Patient Privacy Rules on Abortion Record
Texas is testing federal patient privacy protections with a groundbreaking lawsuit challenging a recent HIPAA rule that blocks the use of medical records in criminal investigations of out-of-state abortions. The Texas Attorney General argues that this federal safeguard violates state rights, hindering law enforcement efforts under Texas’s restrictive abortion laws. If successful, the case could impact patient privacy protections for women in states with similar abortion bans.
This lawsuit is the first of its kind and raises significant questions about the balance between state law enforcement powers and federal privacy protections, potentially reshaping how medical records are used in states with strict abortion restrictions. Privacy, legal, and tech professionals should monitor this case closely as its outcome could redefine privacy rights in health data across state lines.?Read more.
Privacy Offense vs. Privacy Defense: Why A Proactive Approach Wins
Don't let a reactive approach to privacy put your business at risk. In today's regulatory landscape, waiting for privacy issues to arise is a costly mistake. Learn why being proactive with privacy management not only reduces risk but also keeps you ahead of compliance challenges and enforcement actions. Featuring insights from Jodi Daniels, Founder & CEO of Red Clover Advisors, this session will equip you with strategies to take control of your privacy program.?Watch now.
Watch the entire series of Pre-PSR Know Before You Go Topics brought to you by Ketch , Kelley Drye & Warren LLP and Red Clover Advisors
UK ICO Fuels Controversial ‘Consent or Pay’ Trend
The UK’s Information Commissioner’s Office (ICO) claims success in pushing websites to improve cookie consent practices but has also spurred a controversial shift toward “consent or pay” models. This tactic forces users to either accept tracking for ad targeting or pay a fee to access content, raising concerns about privacy and fairness.?
While the ICO has reprimanded companies like Sky Betting and Gaming for unlawful data processing, it has yet to take a firm stance on the legality of the “consent or pay” approach. The ICO is currently reviewing this model and aims to provide guidance by the end of the year.?
Meanwhile, the rise of “consent or pay” highlights a grey area in privacy compliance, sparking debates on whether this trend aligns with data protection laws that prioritize clear, user-friendly choices over manipulative consent practices.?Learn more.
Google Introduces Confidential Matching: A New Era of Secure Advertising
Google has unveiled "confidential matching," a new privacy-enhancing technology that uses Trusted Execution Environments (TEEs) to securely manage first-party data for advertisers. Built on confidential computing, this feature isolates business data during processing, ensuring that no one, including Google, can access it.?
Confidential matching allows businesses to securely connect their data for audience measurement and solutions without compromising privacy. It offers transparency, security by default, and the ability to encrypt data before it leaves servers, meeting stringent data policies.?
As part of Google’s push towards privacy-first advertising, confidential matching is now the default for Customer Match and will expand across other ad solutions soon, enabling more secure data-driven marketing without changing existing workflows.?Learn more.?
The Future of Ad Tech: Privacy-Savvy Strategies for Businesses
In this episode of?She Said Privacy/He Said Security, Jodi and Justin Daniels talk with Darren Abernethy from Greenberg Traurig, LLP about AdTech’s future without third-party cookies. Darren shares tips for a privacy-first AdTech strategy: manage vendors proactively, update privacy programs, modernize assessments, refresh contracts, and keep documentation ready to build trust and reduce risks.?
Here’s a glimpse of what you’ll learn:
Listen to full podcast?here.?
It's been a great week together already and we are looking forward to more at #PSR24! Thanks for all you do Jodi Daniels! You can catch the rewatch of Jodi's sessions and the upcoming conversations here ? https://www.dhirubhai.net/feed/update/urn:li:activity:7239667548785446913
Advisor - ISO/IEC 27001 and 27701 Lead Implementer - Named security expert to follow on LinkedIn in 2024 - MCNA - MITRE ATT&CK - LinkedIn Top Voice 2020 in Technology - All my content is sponsored
2 个月Thank you, all for privacy by design and by default !