The European Data Protection Board published its 2022 activity report. The board outlined its undertakings and results from last year, including stakeholder guidance reviews. Also included in the report for the first time is a digest of EU General Data Protection Regulation one-stop-shop case examples.
The Montana House of Representatives voted 54-43 on final approval of a bill to ban TikTok across the state, The Wall Street Journal reports. The first-of-its-kind state ban on TikTok still requires the signature of Gov. Greg Gianforte, R-Mont., who previously banned the app from government-issued devices and state universities. If signed, the bill takes effect 1 Jan.
In an op-ed for The South China Morning Post, Hong Kong Privacy Commissioner for Personal Data Ada Chung wrote the growing interplay between artificial intelligence and privacy should "be a signal for all stakeholders" to come together to create a "safe and healthy ecosystem." Chung discussed the use of personal data to power AI systems and how it "may not be collected fairly or on an informed basis" considering few disclosures from developers.
Ireland's Data Protection Commission published four guides for parents on children's data protection rights under the EU General Data Protection Regulation. The guides outline the basics of children's data protection rights, when parental consent may be needed for processing children's data, advice on how parents can protect their children's data, and limits to exercising children's data protection rights.
Italy's data protection authority, the Garante, fined a digital marketing services company 300,000 euros for allegedly illegally processing users' personal data for marketing purposes.
The U.S. Cybersecurity and Infrastructure Security Agency, the FBI, the National Security Agency and international partners published joint guidance calling on software manufacturers to implement secure-by-design and default principles into their products.
The Intercept reports federal contract documents show Georgia's Army National Guard will use phone location tracking to reach high school recruits. According to the documents, the guard will geofence 67 public high school campuses around the state and target phones identified within a one-mile boundary with recruitment advertisements, with plans to retarget ads during after-school hours.
Washington is poised to pass legislation that would implement substantive changes to consumer health data protections in the state, and potentially beyond. The consent-driven House Bill 1155, the My Health My Data Act, would grant consumers rights around the collection, sharing and sale of their health data, and perhaps most notably, establishes a private right of action for violations.
IAPP Managing Director, Washington, D.C., Cobun Zweifel-Keegan, CIPP/US, CIPM, offers his take on the latest privacy developments in the nation’s capital and around the U.S., including steps by the U.S. Department of Health and Human Services’ Office for Civil Rights to implement federal protections for the privacy of information about reproductive health within the Health Insurance Portability and Accountability Act’s Privacy Rule.Full Story
After her Instagram account was recently hacked, BigID Chief Privacy Officer Heather Federman, CIPP/US, was left with questions. "What if the hacker wasn’t even a real person, but was some form of artificial intelligence that knew me better than I knew myself?" she asked. Federman discusses her concerns around generative AI's potential to create fake virtual identities, the "powder keg" created by combining it with deepfake technology and, alternatively, how the tech can be used for good.Full Story