FTC orders Amazon pay $30M for alleged Alexa, Ring privacy violations
Amazon is set to pay more than $30 million comprised of a civil penalty and consumer refunds to resolve two separate cases alleging privacy violations regarding its Alexa voice assistant service and Ring doorbell subsidiary.
Five years of GDPR: Experts forecast changes to come for landmark privacy law
The fifth anniversary of the European Union’s General Data Protection Regulation coming into force has highlighted the many successes of the legislation but also exposed areas where the law is still untested and unclear.
Record Meta fine brings wider GDPR ramifications for EU-U.S. data transfers
Meta’s latest punishment for breaching the European Union’s General Data Protection Regulation will have far-reaching ramifications for companies both in Europe and beyond.
Five years in, GDPR still a lightning rod for criticism
The General Data Protection Regulation risks losing credibility if enforcement is not harmonized and privacy by design is not at the heart of tech innovation, said EU officials during a summit marking the fifth anniversary of the legislation.
Surgeon general joins call to enhance children’s online privacy
The U.S. surgeon general issued a “call for urgent action” to policymakers about further limiting social media access for youth, along with enhancing online privacy protections for children.
e-Book: Navigating changing U.S. data privacy landscape
Businesses are watching five U.S. states where new or amended consumer privacy laws are set to take effect this year. Learn best practices for confronting compliance with multiple state data privacy laws.
Meta fined record $1.3B in GDPR data transfer ruling
The Irish Data Protection Commission announced a record penalty of €1.2 billion (U.S. $1.3 billion) against Meta regarding its transfers of user data from the European Union to the United States in violation of the General Data Protection Regulation.
FTC warns businesses to risk assess uses of biometric technologies
Businesses that make false or unsubstantiated claims regarding facial recognition and other biometric technologies could face enforcement from the Federal Trade Commission, the agency warned in a policy statement.
Experts: Austrian Post GDPR ruling offers clarity on damages compensation
A decision by Europe’s Supreme Court regarding Austria’s main postal service might make it easier for the bloc’s citizens to bring legal claims for privacy breaches—with potentially unlimited scope for damages.
French DPA fines Clearview AI $5.7M for noncompliance with previous order
France’s data protection authority last month fined facial recognition company Clearview AI €5.2 million (then-U.S. $5.7 million) for failing to comply with an October order to cease and desist from further violations of the General Data Protection Regulation.
Croatian DPA levies largest GDPR fine
The Croatian data protection authority handed down its largest penalty under the General Data Protection Regulation to date: a fine of nearly €2.3 million (U.S. $2.5 million) against debt collector B2 Kapital.
Facebook faces data monetization limits in third FTC order
Facebook violated a 2020 data privacy order that mandated enhanced privacy controls for users, the Federal Trade Commission alleged, recommending stricter controls be imposed on the social media giant.
Big Tech, ad industry bracing for Meta data transfer decision
Meta and other Big Tech firms will soon learn if they might be prevented from transferring the personal data of European citizens to the United States in the way they do now.
Indiana privacy bill signed into law; effective 2026
Indiana became the latest in a growing number of U.S. states with a comprehensive consumer data privacy law on the books.
ChatGPT back in Italy after user privacy updates
ChatGPT restored access for Italian users after changes to its privacy controls were welcomed by the country’s data protection authority.
Is ChatGPT the privacy problem? Or is GDPR?
Scrutiny into ChatGPT has reignited concerns the General Data Protection Regulation is either stifling innovations in technology or that the legislation is not flexible enough to keep pace with technological advances. Experts weigh in.
CPE Webcast: The art of data retention: Navigating the compliance trifecta
In this webinar, we will share key insights from a recent data retention survey and explore the strategies and best practices that information governance and privacy professionals can employ to effectively manage data retention.
‘Divergence is coming’: Experts cast doubt on EU adopting U.K. GDPR reforms
Despite suggestions the European Union could look to the United Kingdom when considering future changes to the General Data Protection Regulation, legal experts question the impact planned U.K. reforms to the privacy law will have on multinational businesses.
EDPB task force latest scrutinizing ChatGPT, AI accountability
The European Data Protection Board is the latest regulatory body assessing the applicability of ChatGPT amid skyrocketing data privacy concerns regarding the popular artificial intelligence platform.
How to avoid pitfalls of scaling business with generative AI
Generative AI has the potential to be as game-changing for business and society as the internet, social media, and mobile phones were. At the moment, however, the risks seem to outweigh the rewards.
As final CPRA rules trickle out, a reminder companies must ‘grow with the law’
If companies haven’t started the process of coming into compliance with the California’s sweeping new privacy law, they need to begin now.
Alleged fraudster cited privacy in duping JPMorgan into $175M merger
Charlie Javice and her startup Frank allegedly convinced the country’s largest bank to pay $175 million for what largely amounted to a list of fake college students. The apparent due diligence failures by JPMorgan Chase offer a cautionary tale to compliance professionals.
TikTok fined $15.9M for violations of U.K. GDPR
Social media platform TikTok was fined £12.7 million (U.S. $15.9 million) by the U.K. Information Commissioner’s Office for using the personal data of children without parental consent and other violations of data protection mandates.
ChatGPT exits Italy after GDPR violation warning
The Italian data protection authority shut down ChatGPT in the country, alleging the AI chatbot violates European Union privacy laws and has no controls to stop it interacting inappropriately with young children.
Iowa privacy bill signed into law; effective 2025
Iowa became the sixth U.S. state to pass comprehensive data protection legislation allowing residents control over how their personal information is accessed and shared.
CPE Webcast: Piecing together child privacy for organizations
With the Federal Trade Commission cracking down on violations of the Children’s Online Privacy Protection Act, evidenced by its $275 million fine against Epic Games, it’s clear child privacy and parental consent are hot topics in the world of enterprises.
Survey: Tech key to compliance in changing data privacy landscape
Respondents to a survey from Compliance Week and Exterro largely said they were confident their organizations are meeting regulatory requirements regarding data privacy despite evidence their data retention policies and procedures are outdated.
e-Book: Tech’s role in changing data privacy compliance landscape
When it comes to keeping up with data privacy regulation, organizations would be wise to adopt a more comprehensive technology solution to drive efficiency and minimize human error.
TikTok CEO to boast data security efforts in Congress testimony
The fate of popular social media app TikTok in the United States could hinge on the testimony of CEO Shou Zi Chew before the House Committee on Energy and Commerce.
CFPB eyeing data broker practices in planned rulemaking push
The Consumer Financial Protection Bureau is asking companies that “track and collect information on people’s personal lives” to provide information to the agency as it considers rulemaking under the Fair Credit Reporting Act.
U.K. moves forward with GDPR reform bill
The U.K. government formally introduced a bill to reform the country’s data privacy laws in a manner projected to save British businesses “billions.”
CFPB, NLRB to collaborate on monitoring employee surveillance
The Consumer Financial Protection Bureau and National Labor Relations Board pledged to share information regarding instances of improper employer use of surveillance tools and the sale of employees’ personal information.
U.K. push for GDPR reprimand transparency draws mixed reviews
The U.K. Information Commissioner’s Office began publishing the details of cases where organizations breached the General Data Protection Regulation but were not fined. Legal experts share their take on the initiative.
Ask a CCO: What matters most in federal privacy law?
Four senior compliance practitioners provide their opinions on what a federal privacy law in the United States should strive to accomplish.
Privacy Shield replacement on track, though hurdles remain
The agreement on a new framework for transatlantic data flows between the United States and European Union could be finalized this year. Whether it can stand legal scrutiny is the real question.
FTC proposes BetterHelp pay $7.8M for sharing health data
The Federal Trade Commission proposed requiring online counseling service BetterHelp to pay $7.8 million as part of a settlement addressing charges it shared clients’ personal health data with Facebook, Snapchat, and other third parties for advertising purposes.
Italian DPA fines Edison Energia $5.2M over GDPR lapses
The Italian data protection authority penalized electric utility company Edison Energia for multiple alleged violations of the General Data Protection Regulation regarding marketing communications and data processing transparency.
Ask a CCO: Most difficult element of data privacy compliance
Four senior compliance practitioners offer their take on the elements of data privacy compliance businesses can expect to be most difficult to confront.
Ask a CCO: Company investment in data privacy efforts
Four senior compliance practitioners discuss how their respective companies invest in compliance with varying data privacy requirements.
California ‘setting the tone’ for privacy push with CPRA updates
Changes to the California Consumer Privacy Act set to come over the course of 2023 strengthen the nation’s first comprehensive state privacy law to a benchmark no other states have yet to equal.
HHS creates new enforcement office for health privacy
The Department of Health and Human Services and its office responsible for enforcing health privacy reorganized so it can sharpen enforcement of cybersecurity and data breaches.
Ask a CCO: Roles in data privacy compliance efforts
Four senior compliance practitioners share their roles in ensuring data privacy compliance at their respective companies and the other departments that support their efforts.
Congress or FTC? What about SEC? Where U.S. federal privacy legislation efforts stand in 2023
As more state laws hit the books, businesses are more adamant than ever Congress needs to pass a federal data privacy law. If lawmakers don’t rise to the occasion, which government agency might?
Ruling in Experian GDPR case thrusts ‘legitimate interest’ into spotlight
Experian won a legal battle against the U.K. Information Commissioner’s Office after the data regulator ordered the credit reference agency to make “fundamental changes” over the way it handled personal data for direct marketing purposes or stop altogether.
Ask a CCO: Plan for complying with varied U.S. privacy laws
Four senior compliance practitioners detail steps their respective companies are taking to confront the expanding U.S. data privacy legislation landscape.
Best practices for navigating changing U.S. data privacy landscape
With five new or amended state laws set to hit the books in 2023, companies would be wise to ensure their data privacy compliance house is in order—and start preparing for the next wave of legislation.
ChatGPT comes with compliance caveats, experts warn
There are downsides to every new technology, and artificial intelligence and machine learning are no exception. Experts discussed the importance for compliance professionals to understand the risks of such tools at CW’s virtual Cyber Risk & Data Privacy Summit.
GDPR push for privacy by design still ‘a long way off’
Italy’s data protection authority banned U.S.-based AI chatbot creator Replika from processing the personal data of Italian users because of risks the service posed to minors and vulnerable people—the latest example of a tech company’s product running afoul of the GDPR.
CPPA seeking comment on cybersecurity audit, risk assessment rule adds
The California Privacy Protection Agency is seeking comment on privacy rules requiring certain large businesses to conduct annual cybersecurity audits and risk assessments if the state believes they are placing consumer data at risk.
Sens press telehealth firms on alleged sharing of patient data for ads
A bipartisan group of senators is leaning on three telehealth firms accused of tracking and sharing patients’ sensitive personal information with advertising platforms like Google and Facebook.