Data Privacy


Privacy Shield

Premium

Privacy by design a silver bullet for stemming AI risks?

2024-03-15T17:41:00+00:00By

The proliferation of artificial intelligence technologies—and their reliance on publicly available data—has reinforced the need for tech developers and the companies using their solutions to ensure privacy by design and by default is at the crux of any offering.

UniCredit

News Brief

​Italian DPA fines UniCredit $3M over data breach GDPR lapses

2024-03-11T15:54:00+00:00By

The Italian data protection authority announced a fine of €2.8 million (U.S. $3 million) against UniCredit for alleged violations of the General Data Protection Regulation regarding insufficient security measures the bank had in place during a cyberattack.

Data sharing

Premium

FTC ‘will not stand for’ misuse of browsing, location data

2024-03-07T22:33:00+00:00By

The Federal Trade Commission is amid a crackdown on businesses misusing browsing and location data that provide enough information to be used to identify nonconsenting consumers.

fti300x200

Webcast

CPE Webcast: Applying traditional TPRM security and data privacy practices in the digital space

2024-03-05T14:00:00+00:00Provided by

This webinar explores the compliance challenges posed by evolving privacy regulations and the recent explosion of class-action litigation arising from third-party advertising technology on websites.

White House

News Brief

Biden executive order to target commercial data broker activities

2024-02-28T20:36:00+00:00By

A new executive order seeks to put clamps on the sale of Americans’ personal data by data brokers and other companies to certain countries found to be of national security concern.

Avast

News Brief

Avast to pay $16.5M in FTC case over deceptive data selling

2024-02-22T22:14:00+00:00By

The Federal Trade Commission proposed Avast pay $16.5 million and be prohibited from selling any browser data to settle charges the software provider sold consumer information to third parties after promising it would not.

DoorDash

News Brief

DoorDash fined $375K in second public CCPA enforcement

2024-02-22T12:54:00+00:00By

Food delivery company DoorDash agreed to pay a $375,000 fine as part of a settlement announced by California Attorney General Rob Bonta addressing alleged violations of the California Consumer Privacy Act.

GDPR EU flag

Premium

Public consultation on GDPR opens door for changes

2024-02-20T14:24:00+00:00By

Feedback from a European Commission consultation on the six years of enforcement of the General Data Protection Regulation could result in tweaks to the rules and potential changes to the way data protection authorities enforce them.

Teamwork

Premium

LRN survey: Compliance programs shifting focus from bribery, corruption

2024-02-16T22:35:00+00:00By

Many ethics and compliance programs have refocused their efforts away from bribery and corruption and onto data security and privacy, complex government regulations, artificial intelligence security, and other contemporary challenges, a survey from LRN found.

Cloud Computing

Premium

Toeing the ‘fine line’ of cloud security compliance

2024-02-14T22:26:00+00:00By

When organizations move their data or operations to the cloud, the compliance team has their work cut out and then some, experts discussed at CW’s Cyber Risk & Data Privacy Summit.

Employee monitoring

Premium

The blurred lines of employee monitoring under GDPR

2024-02-09T20:03:00+00:00By

The French data regulator’s fine against an Amazon warehouse manager for violating employees’ rights to privacy in the workplace once again raises questions about what constitutes an overzealous approach to employee monitoring and why companies fail to recognize the signs.

Amazon warehouse

Premium

Examining precedent set by French DPA’s Amazon employee monitoring fine

2024-02-07T18:03:00+00:00By

The decision by France’s data regulator to fine an Amazon warehouse manager for breaches of the General Data Protection Regulation over the way it monitored employee productivity raises questions about the reach data protection authorities have over corporate conduct.

Google HQ

News Brief

Alphabet to pay shareholders $350M over Google+ privacy lapses

2024-02-07T18:00:00+00:00By

Alphabet, the parent company of technology giant Google, agreed to pay $350 million in a preliminary settlement with shareholders over alleged data privacy violations and materially false and misleading statements linked to now-defunct social media site Google+.

Data privacy

Premium

Compliance with growing number of U.S. privacy laws ‘a matter of culture change’

2024-02-07T14:00:00+00:00By

Different deadlines associated with the 13 U.S. state privacy laws currently on the books, including grace periods and enforcement dates, have proven challenging for compliance, experts discussed at CW’s Cyber Risk & Data Privacy Summit.

Uber

News Brief

Uber facing $11M fine over driver privacy rights violations

2024-02-05T19:38:00+00:00By

Ride-hailing company Uber Technologies was assessed a penalty of €10 million (U.S. $11 million) by the Dutch Data Protection Authority for alleged privacy rights violations regarding the handling of European drivers’ personal data.

Meta Platforms

Premium

Meta’s ‘pay or consent’ model to force GDPR to adapt?

2024-01-31T14:52:00+00:00By

Experts weigh in on Meta’s plans to charge EU users monthly if they do not want to be tracked for online advertising and what the ramifications of the model would mean for the future of the General Data Protection Regulation.

California flag

News Brief

Calif. AG launches sweep into streaming apps’ compliance with CCPA

2024-01-29T18:04:00+00:00By

California Attorney General Rob Bonta announced the launch of an investigative sweep targeting popular streaming apps and devices, alleging noncompliance with the California Consumer Privacy Act.

ICO

News Brief

ICO seeking input on generative AI to inform guidance

2024-01-25T21:38:00+00:00By

The U.K. Information Commissioner’s Office is seeking input from developers, users, and those interested in generative artificial intelligence to help inform policy and guidance regarding the technology.

Amazon trucks

News Brief

Amazon unit fined $35M under GDPR for employee productivity tracking

2024-01-24T03:50:00+00:00By

Amazon’s warehouse management arm in France was assessed a penalty of €32 million (U.S. $35 million) for violating the General Data Protection Regulation by excessively tracking the productivity of employees.

Microsoft

News Brief

GDPR-minded Microsoft offers cloud customers EU-based personal data storage

2024-01-12T18:41:00+00:00By

Microsoft announced an expansion to its European Union data storage efforts that would allow cloud customers to keep all personal data stored within the EU boundary.

Location data

News Brief

FTC bans Outlogic from selling sensitive location data in landmark action

2024-01-09T21:03:00+00:00By

Data broker Outlogic will be subject to the Federal Trade Commission’s first ban on the use, sale, or disclosure of sensitive location data as part of a proposed order announced by the agency.

California

Premium

CPPA preview: Cybersecurity audit regs nearing formal proposal

2024-01-09T20:16:00+00:00By

Companies with business in California could face tough new cybersecurity mandates under draft regulations that could be headed for formal rulemaking as soon as Friday.

Rite Aid building

Premium

Compliance lessons from Rite Aid facial recognition case

2024-01-04T20:11:00+00:00By

The Federal Trade Commission was clear in its recent enforcement action against Rite Aid regarding its expectations for companies using facial recognition technology or any biometric security or surveillance systems.

Facial recognition

Premium

Ethical compliance for facial recognition technology

2024-01-04T14:30:00+00:00By Manorama Kulkarni, CW guest columnist

The lack of clear regulations and guidelines for the ethical use of facial recognition technology further exacerbates concerns of discriminatory practices and potential infringements on human rights.

Child Privacy

News Brief

FTC seeking comment on proposed COPPA enhancements

2023-12-21T15:01:00+00:00By

The Federal Trade Commission issued a notice of proposed rulemaking to strengthen data security requirements and modernize certain aspects of the Children’s Online Privacy Protection Act Rule.

AI globe

Premium

Shades of GDPR? Experts assess AI Act as global standard

2023-12-20T16:00:00+00:00By

As the European Union’s AI Act sets its sights on 2026 to take full effect, experts are concerned other key jurisdictions might introduce divergent legislation that treats artificial intelligence use differently, thus making it difficult for companies to ensure compliance.

Rite Aid

News Brief

Rite Aid gets 5-year facial recognition use ban from FTC

2023-12-20T14:33:00+00:00By

Retail pharmacy chain Rite Aid agreed to a five-year ban on its use of facial recognition technology for surveillance purposes as part of a settlement with the Federal Trade Commission.

GDPR_gavel

Premium

Assessing impact of court ruling on GDPR strict liability

2023-12-15T18:25:00+00:00By

The idea companies can be held “strictly liable” for violations of the European Union’s privacy rules was shot down, following a judgment from Europe’s top court relating to a case involving German property company Deutsche Wohnen.

Binance

Premium

Top ethics and compliance failures of 2023

2023-12-14T15:00:00+00:00By

A virtual currency exchange that sought to mislead regulators, banks failing after ignoring obvious risks, and a manufacturer that sold millions of its products in violation of U.S. export controls are among those that make up CW’s list of the biggest ethics and compliance fails of 2023.

Data privacy

Premium

Experts: More privacy rules, enforcement expected in 2024

2023-12-14T11:30:00+00:00By

Businesses can prepare for a bumpy ride as the 2024 global landscape of data privacy and other related laws and regulations begins to take shape.

Germany privacy

News Brief

Deutsche Wohnen earns CJEU win in high-profile GDPR appeal

2023-12-05T21:29:00+00:00By

German property company Deutsche Wohnen’s court win regarding a penalty levied against it for alleged violations of the General Data Protection Regulation carries notable ramifications for enforcement of the EU privacy law.

Automation

Premium

Automated decision-making tech rules added to crowded CPPA agenda

2023-12-01T22:34:00+00:00By

The California Privacy Protection Agency drafted its rules to apply the rights allowed to residents under the California Consumer Privacy Act to automated decision-making technology used by businesses.

Phone apps vector

Premium

Compliance officers share lack of faith in off-channel comms monitoring policies

2023-11-30T16:00:00+00:00By

Addressing employee use of off-channel communications for conducting business was clearly on the minds of compliance officers who responded to our “Inside the Mind of the CCO” survey, but their confidence in their related policies and procedures was surprisingly weak.

COVID-Prep

News Brief

Medical center to pay $80K for Covid-19 patient info shared with media

2023-11-21T17:43:00+00:00By

Saint Joseph’s Medical Center agreed to pay $80,000 as part of a settlement with the Department of Health and Human Services’ Office for Civil Rights for potential violations of the Health Insurance Portability and Accountability Act.

NatWest building

Premium

Experts: ICO apology to ex-CEO does not absolve NatWest of GDPR liability

2023-11-16T15:54:00+00:00By

Just because Alison Rose received a public apology from the U.K. Information Commissioner’s Office regarding the suggestion she might have violated the General Data Protection Regulation doesn’t mean NatWest could avoid sanction.

ItalyFee

News Brief

Axpo Italia fined $10.5M in GDPR case over data processing

2023-11-10T15:13:00+00:00By

Axpo Italia, a producer and trader of renewable energy products, was penalized under the General Data Protection Regulation by the Italian data protection authority for processing inaccurate and outdated personal data of customers.

exterro300x200

Webcast

CPE Webcast: Privacy 201: Moving from concepts to implementation

2023-11-09T14:00:00+00:00Provided by

In a world where privacy regulations are in constant flux, it’s essential to transition from mere concepts and sporadic projects to build a robust, adaptable, and sustainable privacy program.

Agreement

Premium

The value of sales and compliance allyship

2023-11-02T15:00:00+00:00By Al Raymond, CW guest columnist

“Every compliance activity is a sales activity,” writes Al Raymond, privacy compliance officer at ZoomInfo, regarding his team’s approach to demonstrate to sales how a strong control environment can be a competitive advantage.

Health data

News Brief

Medical management company to pay $100K in landmark HHS ransomware case

2023-11-01T22:10:00+00:00By

Doctors’ Management Service agreed to pay $100,000 in settling the first ransomware agreement under the Health Insurance Portability and Accountability Act reached by the Department of Health and Human Services’ Office for Civil Rights.

Pilar Caballero, Vice President, Chief Compliance Officer and Chief Privacy Officer, Ryder Systems

Podcast

Digital Transformation of Compliance podcast: Ryder CCO Pilar Caballero

2023-10-31T16:00:00+00:00By

In this episode of the Digital Transformation of Compliance podcast series, Pilar Caballero, chief compliance officer and chief privacy officer at Ryder, discusses her company’s process for vetting privacy concerns regarding use of new technologies.

NatWest

News Brief

FCA flags potential regulatory breaches at NatWest regarding Farage scandal

2023-10-27T17:17:00+01:00By

An independent review into how NatWest handled the closure of politician Nigel Farage’s Coutts account uncovered potential regulatory breaches by the bank that are on the radar of the U.K. Financial Conduct Authority.

CFPB

News Brief

CFPB eyes open banking with financial data rights rule proposal

2023-10-19T18:59:00+01:00By

The Consumer Financial Protection Bureau is moving forward its plan to give consumers more control over their personal financial data as part of a new rule proposal.

onetrust 2022 300x200

Webcast

CPE Webcast: TPRM privacy compliance: 10 best practices when working with third parties

2023-10-17T14:00:00+01:00Provided by

Businesses are facing an increasing amount of pressure to protect their customers’ data and demonstrate privacy compliance. At the same time, for most modern organizations, more data is flowing to third parties than ever before.

Cybersecurity network

Premium

Modern-day enterprises: How to prepare for and prove network compliance

2023-10-17T13:46:00+01:00By Matt Honea, CW guest columnist

The need to prove network compliance is intensifying as lawmakers introduce new privacy legislation and organizations update their contractual security requirements for third-party vendors.

Croatia

News Brief

EOS Matrix battles back against Croatian DPA in $5.8M GDPR case

2023-10-13T14:39:00+01:00By

Debt collector EOS Matrix said it will challenge a General Data Protection Regulation penalty levied against it by the Croatian data protection authority after finding the data in question in the case does not match the data in its database.

Online Database

Premium

Expert: How data hoarding increases businesses’ cyber risks

2023-10-11T20:21:00+01:00By

Holding on to data for longer than necessary creates vulnerabilities for businesses by giving cyberattackers more avenues to access an organization’s computer systems.

Safe bank

Premium

Bank privacy processes questioned after U.K. ‘debanking’ scandal

2023-09-21T19:05:00+01:00By

The furor over NatWest Group’s decision to monitor and close the account of right-wing Brexit campaigner Nigel Farage—and then disclose the details to a journalist—has raised questions regarding whether other banks employ the same means to get rid of undesirable customers.

CCPA

Premium

CPPA eyeing broad scope in early discussions around data risk assessments

2023-09-15T20:11:00+01:00By

Draft risk assessment regulations under the California Consumer Privacy Act are designed to prohibit businesses from handling consumer data if uncontrolled risks—to the security and privacy of the consumer, the public, or the business—outweigh the benefits.

TikTok building

News Brief

TikTok fined $368M in children’s privacy GDPR ruling

2023-09-15T17:50:00+01:00By

The Irish Data Protection Commission announced a penalty of €345 million (U.S. $368 million) against popular social media company TikTok over alleged violations of the General Data Protection Regulation during a five-month period in 2020.

Google

News Brief

Google to pay $93M in California location data settlement

2023-09-15T16:51:00+01:00By

Google agreed to pay $93 million as part of a settlement with the state of California regarding its location data privacy practices. The agreement is separate from a related $391.5 million settlement Google previously reached with a coalition of other states.