General Privacy & Data Security News & Developments

The Commission Nationale de l’Informatique et des Libertés, the French Data Protection Agency, has issued a 150M Euro fine against Google and a 60M Euro fine against Facebook/Meta for cookie consent violations.

Here are some key takeaways, and their US relevance:

  • It must be as easy to refuse cookies as it is to accept them.

Who refused the cookies in the cookie jar?

The Commission Nationale de l’Informatique et des Libertés (CNIL) has sent new orders for cookie compliance to 30 additional companies, bringing the total to 90.

The sectors affected include: public institutions, higher education, clothing, transportation, retail and distance selling.

Some key issues:

  • automatic embedding of cookies before

U.S. Congresswomen Anna Eshoo (D-California) and Zoe Lofgren (D-California) have reintroduced House Resolution 6027 for the Online Privacy Act of 2021.

Some of the bill’s key differentiators from CCPA, CDPA and CPA:

  • limitations on the disclosure of personal information to third parties that are not subject to the Act/jurisdiction of the US (Counter-Schrems II) (Section

What does the U.K. Information Commissioner’s Office have to say about what it takes for adtech initiatives to be compliant with data protection?

“There is an opportunity for market participants to move towards developing solutions that incorporate key considerations of data protection compliance. They should also place the interests, rights and freedoms of individuals at

Helen Dixon, Ireland’s Data Protection Commissioner, gave the keynote speech during the closing session of the International Association of Privacy Professionals’ Data Protection Congress in Brussels.

Here are a few of the key takeaways.

  • No jurisdiction has all the answers to the challenges posed by the complex digital environment. We need to learn.
  • Ubiquitous is

I had the pleasure of speaking during the Restaurant Technology Network Town Hall about a variety of privacy issues confronting restaurants and food delivery apps, including CCPA, CPRA, CDPA and CPA.

Here are some of my key points:

  • If you are using biometrics for food ordering, payment or authentication , it is best to pause

U.S. Representative Cathy McMorris Rodgers, the Republican leader of the House Energy and Commerce Committee, and U.S. Representative Gus Bilirakis, the Republican leader for the Consumer Protection and Commerce Subcommittee, have submitted the “Control Our Data Act” bill.

Here are some key points:

  • Required privacy disclosure, which also needs to include a summary
  • Required notice