The Data Drop News for Friday, March 11, 2022
Committee Pushes Ahead with Data Privacy Bill Following Biden State of the Union Remarks. Privacy activists launch new offensive against non-compliant cookie banners. German court rules: CEO to be held personally liable for data privacy violations. EU, US close to replacing defunct Privacy Shield II. Plus, the latest in privacy-enhancing technology.
Pro tip: listen to The Data Drop at the gym, car, or while walking the dog by subscribing to our podcast. Data pros can also join the Node Zero community to access, query and bookmark our global dataset of stories from our Privacy Newsfeed tool.
Committee Pushes Ahead with Data Privacy Bill Following Biden State of the Union Remarks
Bolstered by a call from the president this week to strengthen data privacy protections for children, Connecticut lawmakers heard both praise and concern Thursday for a long-gestating bill intended to curb data collection by tech companies.
President Joe Biden targeted social media companies during his recent State of the Union address, accusing them of experimenting on children for profit. Although data privacy for children and adults remains largely unregulated on the national front, California, Colorado, and Virginia have all adopted varying policies on the issue in recent years.
According to Consumer Reports policy analyst Maureen Mahoney, more than 20 more states are considering following suit.
Privacy activists launch new offensive against non-compliant cookie banners
The privacy activists who took down Google Analytics in Europe have sent 270 draft complaints to website operators who use cookie banners that do not comply with the EU data protection rules.
This is the second in a series of complaints by NOYB, the non-governmental organization led by Max Schrems, the Austrian activist who become famous for initiating the legal proceedings that brought down the EU-US data transfer agreements in two separate lawsuits.
The privacy advocates recently scored a major victory as two of their complaints prompted the Austrian and French data protection authorities to declare Google Analytics illegal for unduly transferring the personal data of EU residents to the United States.
German court rules: CEO to be held personally liable for data privacy violations
In a recent German case, a court decided that a CEO was personally liable for a data privacy breach after they hired a detective to investigate possible criminal acts by the plaintiff. Given the potential risks, this case raises a number of issues for companies and their boards to consider.
The court ruled that the CEO hiring a detective violated data protection law and awarded the plaintiff €5,000 in non-material damages. In line with other German court rulings, the court found that data protection violations must not be trivial and that there is a threshold for awarding non-material damages. The sum of damages awarded also aligns with other German court rulings on damage claims.
EU, US close to replacing defunct Privacy Shield II
The State of the Net conference in Washington, DC, has heard officials representing the EU and the US say they believe they are close to reaching a data-sharing agreement to replace Privacy Shield.
The earlier legal arrangements to ease the vital sharing data between the two jurisdictions were kiboshed in 2020 when the EU Court of Justice struck down Privacy Shield in what became known as the Schrems II ruling.
Chelsea Manning and Data Privacy take centre stage at Geneva human rights film festival
Hans Block's unnerving documentary 'Made to Measure' was screened on Saturday 5 March at the 20th edition of Geneva's human rights film festival, FIFDH. The film poses the question: Is it possible to reconstruct a person’s life based solely on its google searches? The premise is an experiment that uses machine learning to analyse our digital footprint and then, crucially, to create a psychological profile from that data.
More privacy breaches in handling of military sexual misconduct settlement deal
The company overseeing the Canadian government's $900 million settlement deal with military members who experienced sexual misconduct in uniform has admitted to more privacy breaches.
Epiq Class Action Services Canada confirmed the additional errors last week after a second veteran came forward to The Canadian Press to report having received an email containing the personal details of a different claimant late last year. France Menard said she decided to speak up after reading a Canadian Press report last month about Epiq having inadvertently sent fellow veteran Amy Green the names, email addresses and claim numbers of dozens of other claimants.
Epiq at that time said it had mistakenly disclosed "limited information" about fewer than 100 of the 20,000 people who have applied for compensation as part of the class-action settlement to one other claimant.
Kurbo and WW International Agree to $1.5 Million Civil Penalty for Alleged Violations of Children’s Privacy Laws
The Department of Justice, together with the Federal Trade Commission (FTC), announced that the government this week entered into an agreement with Kurbo Inc. and its parent company, WW International Inc. (formerly Weight Watchers International Inc.) (collectively, “Defendants”) and will collect $1.5 million in civil penalties from defendants as part of a settlement to resolve allegations that they violated the Children’s Online Privacy Protection Act (COPPA) and Children’s Online Privacy Protection Rule (COPPA Rule) in connection with their weight management service for children, Kurbo by WW.
Activists pushed the IRS to drop facial recognition. They won, but they're not done yet
Privacy and digital rights activists are buzzing about a recent victory. In February, the Internal Revenue Service said it would back away from a controversial plan to force taxpayers to use facial-recognition software before they could log in to its website.
"This has definitely been a major team effort — the hook, right, left uppercut," said Joy Buolamwini, the founder and executive director of the Algorithmic Justice League which raises awareness of the consequences of artificial intelligence.
The activist effort also included groups such as Fight for the Future, the Electronic Privacy Information Center, and the American Civil Liberties Union
The latest in privacy-enhancing technology
Meta’s Graham Mudd To Depart Meta And Found His Own Privacy Startup
Meta’s VP of product marketing for ads and business products has announced in a personal Facebook post that he’s departing after nearly a decade at the company to launch a startup focused on building privacy-enhancing technologies.
Cisco publishes 2022 Data Privacy Benchmark Study
Privacy is now mission-critical for organizations worldwide, according to a new study by Cisco, which showed that privacy investment continues to rise and organizations see a high return on investments from privacy spending.
Nearly 87 percent of respondents believe they already have processes in place to ensure automated decision-making is done in accordance with customer expectations. Yet, Cisco’s 2021 Consumer Privacy Survey showed that 46% of surveyed consumers felt they cannot adequately protect their data, chiefly because they do not understand what organizations are collecting and doing with their data.
The Data Drop is a production of the Data Collaboration Alliance, a nonprofit advancing meaningful data ownership and inclusive innovation through open research and free skills training. To learn more about our partnerships, free learning, or the Node Zero community, please visit datacollaboration.org.