Google's Privacy Sandbox project has been touted as the end of tracking cookies and creepy cross-site following, but it is facing regulatory trouble as the UK ICO has expressed concerns about a collection of "loopholes" that could be used to personally identify and track internet users.
Data Protection
Certain types of personal data are very valuable to criminals, and can be very damaging to an individual or business if it falls into the wrong hands. As the world becomes more digital and more connected, more of this sort of data is generated and passed between various sources on a regular basis.
Government regulations and supervisory authorities aren’t just about keeping irresponsible parties in line. They also provide vital security guidance to every type of organization that handles sensitive personal, business or government information.
Data protection regulations also ensure that the end user has a transparent view of and a say in the processing of personal data. These safeguards play a significant role in everything from the preservation of civil rights to ensuring that democratic institutions function properly.
Some types of personal data are clear candidates for regulation: medical records, banking information, national ID numbers and so on. But some of these regulations also cover items that might seem relatively innocuous at first glance: home addresses, email addresses, website profile information and so on. For example, the European Union General Data Protection Regulation (GDPR) has stipulations about anything that is unique to an individual to include phone numbers and social media accounts. People have varying levels of privacy preference with these items, but they are often protected by regulation because they can be used for targeted scams and attempts at identity theft.
Given that regulations often take the size and customer count of businesses into consideration in terms of penalties and the scope of protection of personal data, compliance is particularly important for enterprise-scale organizations. You do not necessarily have to have an active business presence in a country or region; simply storing data on or moving it through servers there may subject you to their data protection rules.
The International Data Transfer Agreement tools are meant to reflect the changes made to the UK's own version of the GDPR, and could be available in late March.
Privacy advocate groups allege that UK Test and Trace rushed the process and did not conduct the necessary data protection impact assessment that the GDPR requires for collection of personal data on this sort of scale.
Recent DataGrail report shows one-third of enterprises spent more than $1 million on GDPR cost, not taking into account the opportunity cost of lost employees’ hours spent in meeting compliance.
Any leader handling data in this ever-evolving landscape must understand how to categorize data to better protect their organizations and customers when working in challenging and emerging markets.
The US Chamber of Commerce stands in opposition to the passage of a federal privacy law citing its priority over individual state law and its guarantee of rights to class action lawsuits as dealbreakers.
US consumer finance watchdog appears to have data brokers in its crosshairs, announcing that it is developing a new rules proposal for the industry. CFPB specifically noted a focus on the impact of AI and announced that an outline of proposals will be released sometime in September.
The US Senate is now evaluating ad exchanges as a potential threat to national security. The concern stems from digital ad auctions conducted in foreign countries.
Group of top Democrats in the U.S. Senate have introduced the COPRA digital privacy act to offer U.S. consumers the same types of data privacy protections as the European GDPR.
With the widespread availability of hardware-based Confidential Computing in the public cloud, organizations can now lock down workloads, and implement and enforce cross-border data transfer requirements with a data lock, a type of governance built directly into the data.










