A complaint by public interest organization “NOYB” against media streaming services shines a spotlight on the GDPR’s right of “data subject access.”
While some aspects are GDPR-specific, much of the complaint provides insight into how to properly structure your access request process under the California Consumer Privacy Act (CCPA).
“A loose coalition of privacy-minded digital rights groups and policymakers is crafting a strategy to rein in facial recognition technology in cities across the country. ”
“Three cities thus far have banned government use of the technology: San Francisco, Somerville, a suburb of Boston, and now Oakland. Using facial recognition bans in those cities as
“Of the 24 states that considered data privacy legislation this year, only Illinois, Maine and Nevada enacted new laws.”
“Despite enthusiasm for more privacy rules by legislators and their constituents, many states found themselves bogged down this year in both the details of high tech operations and industry complaints.”
“In Connecticut, Hawaii, Louisiana, North Dakota
New Turkish data protection law (TDPL) requires controllers to register their data processing inventory with the Turkish data protection authority.
“Although the information [required in the Turkish data inventory portal, called VERBIS], is similar to the GDPR Article 30 data processing ledger, such records may not be directly applicable because VERBIS is based on categories
I know where you are and I saw what you did.
A proposed bill would make it illegal for cellphone companies and mobile app developers to share location data gathered while a customer’s mobile device is within the five boroughs of New York City.
The bill would restrict cellphone companies and mobile apps from sharing
The $5 billion fine levied against Facebook by the Federal Trade Commission is certainly headline news, but it also contains detailed requirements for privacy and information security governance and accountability that all companies can learn from and implement.
In most of the world, anonymous data are not considered personal data — the information can be shared and sold without violating privacy laws. Market researchers are willing to pay brokers for a huge array of data, from dating preferences to political leanings, household purchases to streaming favorites.
But this anonymous information may not be
“Some of Ireland’s best known heritage sites – such as Kilmainham Gaol, Dublin Castle and Muckross House – have been ordered to remove visitor books due to concerns they breach EU privacy and data protection rules.
The Office of Public Works (OPW) believes the books, in which visitors leave brief remarks along with their names
Analytics cookies in the crossfire.
Different approaches set forth in the CNIL Guidance and in the ICO cookie guidance.
CNIL – Set list of terms to qualify for an exemption from the need to obtain consent.
ICO – This is a non-essential cookie and consent is needed … BUT … unlikely to prioritize enforcement of
It’s high time for privacy regulation?
The information and privacy commissioner of Saskatchewan, Canada, is proposing cannabis dispensaries be subject to the Health Information Protection Act (HIPA).
“The recommendation suggests that under HIPA — which regulates collection, storage, use and disclosure of personal health information and access to personal health information — the term ‘trustee’