“Whenever we make a call, go to work, search the web, pay with our credit card, we generate data. While de-identification might have worked in the past, it doesn’t really scale to the type of large-scale datasets being collected today.”

It turns out that ” four random points (i.e. time and location where a person

The U.S. Federal Trade Commission (FTC) has entered into a settlement agreement with a company that claims on its website that it is EU U.S. Privacy Shield certified, when in fact, it had only started the process and stopped midway.

The FTC also sent warning letters to:

  • 13 companies that falsely claimed they participate in

A New York Times review of 150 website privacy notices argues there is still work to be done to make privacy disclosures say what the law requires and be an effective tool for the user.

“The vast majority of…privacy policies exceed college reading level… That means a significant chunk of the data collection economy is

The Swedish Data Protection Authority has initiated an inquiry into how song streaming provider Spotify handles data access requests.

The questions posed in the inquiry can be useful to companies in structuring their procedures for responding to access requests under the General Data Protection Regulation and/or the California Consumer Privacy Act (especially re: profiling and

The Federal Trade Commission (FTC) has entered into a settlement with a provider of management software for car dealerships that held personal information, including SSN’s and payroll information, in cleartext, holding its practices to be in violation of the FTC Act’s prohibition against unfair practices and GLBA’s Safeguards Rule, which requires financial institutions to develop,

Red Card! The Spanish Data Protection Authority has issued LaLiga a 250,000 EUR fine for using its mobile app to detect bars illegally broadcasting soccer matches, without duly disclosing this data processing activity in violation of GDPR.

When installing the application and receiving user approval, LaLiga remotely activated the microphone of any user’s mobile phone

The U.S. Congress is considering increased enforcement powers for the Federal Trade Commission (FTC), reports Bloomberg’s Sara Merken

“House and Senate lawmakers are weighing whether to give the FTC broad or targeted new rulemaking authority, and more resources, to enforce privacy and data security obligations. They also are discussing whether federal legislation should override state

To sue or not to sue (for privacy violations), that is the question.

“Lawmakers negotiating a national privacy bill are clashing over whether to allow consumers to sue companies … over privacy violations — in what’s shaping up to be another potential roadblock to bipartisan legislation. Republicans and Democrats are split over whether to include

When dealing with data subject access requests (DSAR) under GDPR:
  1. Take your time and think about the response.
  2. Document and audit your response process.

These are the key takeaways from a panel at the recent International Association of Privacy Professionals privacy summit in Washington DC.

Take the time and communicate:
  • Reading over the inquiries thoroughly

Some basics about how the California Consumer Privacy Act applies to selling children’s personal information:

  • Businesses subject to CCPA cannot sell the personal information of consumers who are 16 years old or younger without prior authorization.
  • If the minor is less than 13 years old, the businesses must obtain authorization from a parent or guardian.