In a report to the United Nations General Assembly, Special Rapporteur on the Right to Privacy Ana Brian Nougrères said digital technologies that process individuals’ personal data “in an invasive and large-scale manner” are not meeting their privacy expectations.
In this week’s global legislative roundup, the California Privacy Protection Agency released updated draft regulations for the California Privacy Rights Act. The European Data Protection Board published updates to its guidance for data controllers identifying their lead supervisory authority. Australia introduced legislation to increase fines for data breaches. And, France’s data protection authority fined Clearview AI 20 million euros. (IAPP member exclusive.)Full Story
Political campaigns can “nano-target” voters with advertising to gauge their opinion on a specific issue and their likeliness to vote, The New York Times reports. For instance, in 2020, analytics firm PredictWise scored Republican voters using their cellphone location data to discern how much they stayed home during COVID-19 lockdown measures, which indicated they were a persuadable vote for Democrats.
The European Commission introduced the bloc's first approved EU General Data Protection Regulation certification system — Europrivacy.
In a letter to Meta CEO Mark Zuckerberg, U.S. Sen. Mark Warner, D-Virginia, raised concerns that Meta Pixel collects data from hospital websites, and the data is used to inform targeted advertisements, MediaPost reports. Warner claims personal health data was transmitted by Meta Pixel including medical conditions, physician details and medical appointment information.
The U.K. Information Commissioner's Office fined construction company Interserve Group 4.4 million GBP over alleged employee data protection issues. The ICO found insufficient security measures that left 113,000 Interserve employees exposed to a phishing scheme that affected contact information, national insurance numbers, and bank account information.
The proposed American Data Privacy and Protection Act is the closest U.S. Congress has been to passing comprehensive privacy legislation. While no small feat, the legislation is at a standstill as federal lawmakers renegotiate provisions and retain consensus views, particularly around preemption and preserving the California Consumer Privacy Act. Besides preemption, other less-talked about provisional roadblocks remain.
U.S. National Security Council spokesperson Adrienne Watson released a statement on a White House meeting concerning a national cybersecurity labeling program for Internet of Things devices. Members of the private sector, academic institutions and the U.S.
The European Data Protection Board published updates to its guidance for data controllers identifying their lead supervisory authority. Updates were specific to joint controllership, with the EDPB explaining dual controllers "cannot designate ... a common main establishment" in relation to their LSA. The updates are open for public comment through Dec. 2.Full Story
The U.K. Information Commissioner’s Office released guidance on direct marketing using electronic mail. It details what is needed to comply with the Privacy and Electronic Communications Regulations 2003, including what electronic mail marketing is and how to comply with rules on direct marketing.