Data Privacy

Amazon Alexa

News Brief

FTC orders Amazon pay $30M for alleged Alexa, Ring privacy violations


Amazon is set to pay more than $30 million comprised of a civil penalty and consumer refunds to resolve two separate cases alleging privacy violations regarding its Alexa voice assistant service and Ring doorbell subsidiary.

GDPR gears


Five years of GDPR: Experts forecast changes to come for landmark privacy law


The fifth anniversary of the European Union’s General Data Protection Regulation coming into force has highlighted the many successes of the legislation but also exposed areas where the law is still untested and unclear.

Meta building


Record Meta fine brings wider GDPR ramifications for EU-U.S. data transfers


Meta’s latest punishment for breaching the European Union’s General Data Protection Regulation will have far-reaching ramifications for companies both in Europe and beyond.



Five years in, GDPR still a lightning rod for criticism


The General Data Protection Regulation risks losing credibility if enforcement is not harmonized and privacy by design is not at the heart of tech innovation, said EU officials during a summit marking the fifth anniversary of the legislation.

Social media

News Brief

Surgeon general joins call to enhance children’s online privacy


The U.S. surgeon general issued a “call for urgent action” to policymakers about further limiting social media access for youth, along with enhancing online privacy protections for children.

onetrust thumbnail


e-Book: Navigating changing U.S. data privacy landscape

2023-05-24T04:39:00+01:00Provided by

Businesses are watching five U.S. states where new or amended consumer privacy laws are set to take effect this year. Learn best practices for confronting compliance with multiple state data privacy laws.

Facebook Ireland

News Brief

Meta fined record $1.3B in GDPR data transfer ruling


The Irish Data Protection Commission announced a record penalty of €1.2 billion (U.S. $1.3 billion) against Meta regarding its transfers of user data from the European Union to the United States in violation of the General Data Protection Regulation.


News Brief

FTC warns businesses to risk assess uses of biometric technologies


Businesses that make false or unsubstantiated claims regarding facial recognition and other biometric technologies could face enforcement from the Federal Trade Commission, the agency warned in a policy statement.

Austrian Post


Experts: Austrian Post GDPR ruling offers clarity on damages compensation


A decision by Europe’s Supreme Court regarding Austria’s main postal service might make it easier for the bloc’s citizens to bring legal claims for privacy breaches—with potentially unlimited scope for damages.

Clearview AI

News Brief

French DPA fines Clearview AI $5.7M for noncompliance with previous order


France’s data protection authority last month fined facial recognition company Clearview AI €5.2 million (then-U.S. $5.7 million) for failing to comply with an October order to cease and desist from further violations of the General Data Protection Regulation.


News Brief

Croatian DPA levies largest GDPR fine


The Croatian data protection authority handed down its largest penalty under the General Data Protection Regulation to date: a fine of nearly €2.3 million (U.S. $2.5 million) against debt collector B2 Kapital.


News Brief

Facebook faces data monetization limits in third FTC order


Facebook violated a 2020 data privacy order that mandated enhanced privacy controls for users, the Federal Trade Commission alleged, recommending stricter controls be imposed on the social media giant.

Meta building


Big Tech, ad industry bracing for Meta data transfer decision


Meta and other Big Tech firms will soon learn if they might be prevented from transferring the personal data of European citizens to the United States in the way they do now.


News Brief

Indiana privacy bill signed into law; effective 2026


Indiana became the latest in a growing number of U.S. states with a comprehensive consumer data privacy law on the books.


News Brief

​ChatGPT back in Italy after user privacy updates


ChatGPT restored access for Italian users after changes to its privacy controls were welcomed by the country’s data protection authority.

ChatGPT logo


Is ChatGPT the privacy problem? Or is GDPR?


Scrutiny into ChatGPT has reignited concerns the General Data Protection Regulation is either stifling innovations in technology or that the legislation is not flexible enough to keep pace with technological advances. Experts weigh in.



CPE Webcast: The art of data retention: Navigating the compliance trifecta

2023-04-25T14:00:00+01:00Provided by

In this webinar, we will share key insights from a recent data retention survey and explore the strategies and best practices that information governance and privacy professionals can employ to effectively manage data retention.

GDPR EU flag


‘Divergence is coming’: Experts cast doubt on EU adopting U.K. GDPR reforms


Despite suggestions the European Union could look to the United Kingdom when considering future changes to the General Data Protection Regulation, legal experts question the impact planned U.K. reforms to the privacy law will have on multinational businesses.

ChatGPT logo

News Brief

EDPB task force latest scrutinizing ChatGPT, AI accountability


The European Data Protection Board is the latest regulatory body assessing the applicability of ChatGPT amid skyrocketing data privacy concerns regarding the popular artificial intelligence platform.



How to avoid pitfalls of scaling business with generative AI


Generative AI has the potential to be as game-changing for business and society as the internet, social media, and mobile phones were. At the moment, however, the risks seem to outweigh the rewards.

California AG


As final CPRA rules trickle out, a reminder companies must ‘grow with the law’


If companies haven’t started the process of coming into compliance with the California’s sweeping new privacy law, they need to begin now.



Alleged fraudster cited privacy in duping JPMorgan into $175M merger


Charlie Javice and her startup Frank allegedly convinced the country’s largest bank to pay $175 million for what largely amounted to a list of fake college students. The apparent due diligence failures by JPMorgan Chase offer a cautionary tale to compliance professionals.


News Brief

TikTok fined $15.9M for violations of U.K. GDPR


Social media platform TikTok was fined £12.7 million (U.S. $15.9 million) by the U.K. Information Commissioner’s Office for using the personal data of children without parental consent and other violations of data protection mandates.


News Brief

ChatGPT exits Italy after GDPR violation warning


The Italian data protection authority shut down ChatGPT in the country, alleging the AI chatbot violates European Union privacy laws and has no controls to stop it interacting inappropriately with young children.

Iowa State Capitol

News Brief

Iowa privacy bill signed into law; effective 2025


Iowa became the sixth U.S. state to pass comprehensive data protection legislation allowing residents control over how their personal information is accessed and shared.



CPE Webcast: Piecing together child privacy for organizations

2023-03-28T14:00:00+01:00Provided by

With the Federal Trade Commission cracking down on violations of the Children’s Online Privacy Protection Act, evidenced by its $275 million fine against Epic Games, it’s clear child privacy and parental consent are hot topics in the world of enterprises.

Data lock


Survey: Tech key to compliance in changing data privacy landscape


Respondents to a survey from Compliance Week and Exterro largely said they were confident their organizations are meeting regulatory requirements regarding data privacy despite evidence their data retention policies and procedures are outdated.

exterro thumbnail 2023


e-Book: Tech’s role in changing data privacy compliance landscape

2023-03-24T06:44:00+00:00Provided by

When it comes to keeping up with data privacy regulation, organizations would be wise to adopt a more comprehensive technology solution to drive efficiency and minimize human error.


News Brief

TikTok CEO to boast data security efforts in Congress testimony


The fate of popular social media app TikTok in the United States could hinge on the testimony of CEO Shou Zi Chew before the House Committee on Energy and Commerce.


News Brief

CFPB eyeing data broker practices in planned rulemaking push


The Consumer Financial Protection Bureau is asking companies that “track and collect information on people’s personal lives” to provide information to the agency as it considers rulemaking under the Fair Credit Reporting Act.

London cityscape

News Brief

U.K. moves forward with GDPR reform bill


The U.K. government formally introduced a bill to reform the country’s data privacy laws in a manner projected to save British businesses “billions.”

Employee monitoring

News Brief

CFPB, NLRB to collaborate on monitoring employee surveillance


The Consumer Financial Protection Bureau and National Labor Relations Board pledged to share information regarding instances of improper employer use of surveillance tools and the sale of employees’ personal information.

Virgin Media


U.K. push for GDPR reprimand transparency draws mixed reviews


The U.K. Information Commissioner’s Office began publishing the details of cases where organizations breached the General Data Protection Regulation but were not fined. Legal experts share their take on the initiative.

ask cco 3x2 20235


Ask a CCO: What matters most in federal privacy law?

2023-03-03T14:00:00+00:00By Compliance Week

Four senior compliance practitioners provide their opinions on what a federal privacy law in the United States should strive to accomplish.

EU US privacy


Privacy Shield replacement on track, though hurdles remain


The agreement on a new framework for transatlantic data flows between the United States and European Union could be finalized this year. Whether it can stand legal scrutiny is the real question.

FTC building

News Brief

FTC proposes BetterHelp pay $7.8M for sharing health data


The Federal Trade Commission proposed requiring online counseling service BetterHelp to pay $7.8 million as part of a settlement addressing charges it shared clients’ personal health data with Facebook, Snapchat, and other third parties for advertising purposes.

Energy company

News Brief

Italian DPA fines Edison Energia $5.2M over GDPR lapses


The Italian data protection authority penalized electric utility company Edison Energia for multiple alleged violations of the General Data Protection Regulation regarding marketing communications and data processing transparency.

ask cco 3x2 20234


Ask a CCO: Most difficult element of data privacy compliance

2023-03-02T14:00:00+00:00By Compliance Week

Four senior compliance practitioners offer their take on the elements of data privacy compliance businesses can expect to be most difficult to confront.

ask cco 3x2 20233


Ask a CCO: Company investment in data privacy efforts

2023-03-01T14:00:00+00:00By Compliance Week

Four senior compliance practitioners discuss how their respective companies invest in compliance with varying data privacy requirements.



California ‘setting the tone’ for privacy push with CPRA updates


Changes to the California Consumer Privacy Act set to come over the course of 2023 strengthen the nation’s first comprehensive state privacy law to a benchmark no other states have yet to equal.

HHS building

News Brief

HHS creates new enforcement office for health privacy


The Department of Health and Human Services and its office responsible for enforcing health privacy reorganized so it can sharpen enforcement of cybersecurity and data breaches.

ask cco 3x2 20232


Ask a CCO: Roles in data privacy compliance efforts

2023-02-28T14:00:00+00:00By Compliance Week

Four senior compliance practitioners share their roles in ensuring data privacy compliance at their respective companies and the other departments that support their efforts.



Congress or FTC? What about SEC? Where U.S. federal privacy legislation efforts stand in 2023


As more state laws hit the books, businesses are more adamant than ever Congress needs to pass a federal data privacy law. If lawmakers don’t rise to the occasion, which government agency might?

Experian sign


Ruling in Experian GDPR case thrusts ‘legitimate interest’ into spotlight


Experian won a legal battle against the U.K. Information Commissioner’s Office after the data regulator ordered the credit reference agency to make “fundamental changes” over the way it handled personal data for direct marketing purposes or stop altogether.

ask cco 3x2 2023


Ask a CCO: Plan for complying with varied U.S. privacy laws

2023-02-27T14:00:00+00:00By Compliance Week

Four senior compliance practitioners detail steps their respective companies are taking to confront the expanding U.S. data privacy legislation landscape.

U.S. privacy


Best practices for navigating changing U.S. data privacy landscape


With five new or amended state laws set to hit the books in 2023, companies would be wise to ensure their data privacy compliance house is in order—and start preparing for the next wave of legislation.



ChatGPT comes with compliance caveats, experts warn


There are downsides to every new technology, and artificial intelligence and machine learning are no exception. Experts discussed the importance for compliance professionals to understand the risks of such tools at CW’s virtual Cyber Risk & Data Privacy Summit.



GDPR push for privacy by design still ‘a long way off’


Italy’s data protection authority banned U.S.-based AI chatbot creator Replika from processing the personal data of Italian users because of risks the service posed to minors and vulnerable people—the latest example of a tech company’s product running afoul of the GDPR.

California flag

News Brief

CPPA seeking comment on cybersecurity audit, risk assessment rule adds


The California Privacy Protection Agency is seeking comment on privacy rules requiring certain large businesses to conduct annual cybersecurity audits and risk assessments if the state believes they are placing consumer data at risk.

Health records

News Brief

Sens press telehealth firms on alleged sharing of patient data for ads


A bipartisan group of senators is leaning on three telehealth firms accused of tracking and sharing patients’ sensitive personal information with advertising platforms like Google and Facebook.