North Carolina Chief Privacy Officer Cherie Givens, CIPP/US, said privacy and cybersecurity teams need to work more closely together in state governments, Government Technology reports. Speaking at the recent National Association of State Chief Information Officers conference, Givens said she is taking her experience developing privacy programs at federal agencies, including the U.S.
State legislatures across the U.S. have been busy so far in 2023. Four states added laws — more in a single year than the privacy community has seen to date — and there is still potential for more to join the mix. In the midst of reporting on state privacy developments, IAPP Staff Writer Joe Duball offers his take on the legislative boom, along with other notes from the state-tracking trail.Full Story
The California Privacy Protection Agency published potential California Privacy Rights Act regulations it will consider during its 15 May board meeting. The list of potential rules is broken down from easiest to hardest in terms of what it takes to establish a given regulation.
IAPP Managing Director, Washington, D.C., Cobun Zweifel-Keegan, CIPP/US, CIPM, offers his take on the latest privacy developments in the nation's capital and around the U.S., including a look at a clear "red wave" in comprehensive state privacy law as Republican-led legislatures add to the legislative network.Full Story
A view from Brussels: Updates on the EU AI Act, EU-U.S. Data Protection Framework
Privacy rights group NOYB published a decision by Austria's Data Protection Authority determining Clearview AI cannot process the biometric data of a complainant and must delete their existing personal data. The DPA did not issue a fine or order a ban of Clearview AI, but did order the company to appoint an EU representative. "The case of the complainant is likely the same for everyone else in Austria.
In an op-ed for The Drum, Data Synergies Principal Peter Leonard said Australia's privacy law reforms "would require fundamental changes in processes and practices of collection, use and disclosure of personal information across all business sectors," if implemented as proposed.
The U.S. Federal Trade Commission's 18 May open meeting agenda features consideration of a policy statement on biometric data collection and a Notice of Proposed Rulemaking to amend the Health Breach Notification Rule. The policy statement on biometrics will outline specific practices the commission will further examine under Section 5 of the FTC Act.
Israeli firm Rayzone Group was found to purchase cellular users real-time location data and browsing habits through automated auctions for surveillance purposes, Bloomberg reports. Rayzone purchases this location and browsing data, "feeds" it to a surveillance system called Echo and sells to governments to track individuals via their cellphones. Rayzone obtains data from advertising exchanges and companies that trade location and other mobile data.