IAPP Managing Director, Washington, D.C., Cobun Zweifel-Keegan, CIPP/US, CIPM, breaks down the latest privacy happenings from the nation’s capital, including thoughts on embedding inclusiveness into privacy-by-design practices. He also discusses the latest on the EU-U.S. Data Privacy Framework and the U.S. Federal Trade Commission's commercial surveillance and lax data security rulemaking initiative.Full Story
The Network Advertising Initiative discussed takeaways from the U.S. Federal Trade Commission’s staff report on dark patterns. By maximizing “transparency and consumer choice,” the NAI said members can avoid many of the dark patterns outlined in the report.
In a lawsuit filed against Google, Texas Attorney General Ken Paxton claimed the company collected citizens' facial and voice recognition data without consent in violation of a state consumer protection law, The New York Times reports. The law requires companies to notify consumers and obtain consent before collecting biometric information.
The Dutch data protection authority, Autoriteit Persoonsgegevens, said a draft bill on money laundering would “open the door to unprecedented mass surveillance.” Under the proposal, all bank transactions of Dutch account holders would be monitored by algorithms in one centralized database. “This represents a far-reaching breach of the protection and confidentiality of customer data. The proposed system essentially amounts to a banking dragnet,” the AP said.
"Voice biomarker" software that analyzes the way a person talks to detect mental health problems is increasingly being used by hospitals, insurance companies, doctors’ offices and more, Axios reports. Kintsugi CEO Grace Chang said the software can detect depression or anxiety with 80% accuracy and patient consent is obtained before the software is used.
The California Privacy Protection Agency Board canceled its open board meetings scheduled for Oct. 21-22. Reasons for the cancellation were not made public. The board was expected to discuss recently released modifications to the draft California Privacy Rights Act regulations. The board's Oct.
France's data protection authority, the Commission nationale de l'informatique et des libertés, issued a 20 million euro fine to Clearview AI for alleged breaches of the EU General Data Protection Regulation. The CNIL began an investigation into a complaint regarding Clearview's facial recognition database and data processing practices in May 2021. The regulator handed down a formal notice to remedy alleged violations in November 2021 that Clearview did not reply to.
The Wall Street Journal reports privacy professionals are cautiously optimistic about the EU-U.S. Data Privacy Framework, but are uneasy regarding potential court challenges expected against the agreement. Adaptive Biotechnologies Head of Privacy Alea Garbagnati, CIPP/US, said she wants to "let the turbulence settle down a bit" before beginning a self-certification program for the new data flow agreement.
The Office of the Australian Information Commissioner released its 2021-22 annual report, noting a 3% increase in privacy complaints and the completion of “a number of significant privacy Commissioner-initiated investigations” focusing on biometric data collection and facial recognition technology use. In 2021, the office received 2,544 privacy complaints, finalizing 2,203 and handled 10,931 privacy inquires, a 6% reduction compared to 2020-21.