Malware groups claimed they can access expired Google OAuth cookies, gaining access to accounts even when the user logs out or changes their password, BleepingComputer reports. Using a Google "MultiLogin" endpoint, hackers claim it can restore expired authentication codes, gaining repeated access to accounts.Full story
The U.S. Federal Trade Commission's Notice of Proposed Rulemaking to update its Children's Online Privacy Protection Act Rule arrived as calls to address children's online privacy in the U.S. have never been greater. The proposed updates will add fresh requirements on the collection and use of children's data while also addressing how those data practices contribute to perceived "screen addiction" among children.
Google agreed to an undisclosed settlement in a U.S. lawsuit that alleged it collected personal information from users browsing with Chrome's "incognito" mode, NPR reports. The class-action lawsuit was originally filed in 2020 and sought USD5 billion in damages.
The California Privacy Protection Agency Board plans to discuss its strategic plan, legislative priorities and a budget update for the year during a 12 Jan. meeting. The meeting will also include closed-door discussions of two lawsuits involving the CPPA. Both concern the agency's ability to enforce regulations under the California Privacy Rights Act.Full story
Colorado Attorney General Phil Weiser issued a notice to organizations meeting certain criteria as data controllers under the Colorado Privacy Act. Beginning 1 July 2024, these organizations must offer consumers a universal opt-out mechanism for the sale of their personal data and processing of such information for targeted advertising.
South Korea's Personal Information Protection Committee published a guide for the new amendment to the Personal Information Protection Act, as well as an enforcement decree. Revisions to the PIPA include a requirement that private entities participate in dispute resolution, whereas prior to the new amendment, only public bodies were compelled to respond to citizen data protection complaints.Full story
The U.S. National Institute of Standards and Technology National Cybersecurity Center of Excellence released a report focusing on cybersecurity practices and suggestions for securing genomic data. The guidance aims to help organizations "assess, tailor, and prioritize their risk mitigation strategies and cyber investments for genomic data."Full story
MediaPost reports Meta asked a Washington, D.C., federal judge to determine if the U.S. Federal Trade Commission's ability to both investigate potential violations and issue rulings is unconstitutional. The argument is an escalation in the company's lawsuit against the FTC, which reopened a prior consent agreement concerning Meta's handling of children's privacy.Full story
Finland's Office of the Data Protection Ombudsman published notice of changes to the Data Protection Act and the Criminal Matters Data Protection Act. The updates account for changes to EU privacy laws and now require the Office of the Data Protection Ombudsman to either resolve a citizen data protection complaint or inform the party of the estimated time to complete a resolution within three months.Full story
Brazil's data protection authority, the Autoridade Nacional de Proteção de Dados, detailed its regulatory agenda for the 2023-2024 biennium. The agency moved up plans to review guidelines for national personal data privacy protection laws and developing regulation of disseminating governance decisions.