While the proposed EU privacy law changes seem almost entirely like concessions to big tech desires at first glance, the European Commission is selling them as removement of onerous restrictions on smaller businesses. Critics such as noyb are calling this a "side-show" meant to pass changes that are instead really tailored to the tech industry.
Data Protection
Certain types of personal data are very valuable to criminals, and can be very damaging to an individual or business if it falls into the wrong hands. As the world becomes more digital and more connected, more of this sort of data is generated and passed between various sources on a regular basis.
Government regulations and supervisory authorities aren’t just about keeping irresponsible parties in line. They also provide vital security guidance to every type of organization that handles sensitive personal, business or government information.
Data protection regulations also ensure that the end user has a transparent view of and a say in the processing of personal data. These safeguards play a significant role in everything from the preservation of civil rights to ensuring that democratic institutions function properly.
Some types of personal data are clear candidates for regulation: medical records, banking information, national ID numbers and so on. But some of these regulations also cover items that might seem relatively innocuous at first glance: home addresses, email addresses, website profile information and so on. For example, the European Union General Data Protection Regulation (GDPR) has stipulations about anything that is unique to an individual to include phone numbers and social media accounts. People have varying levels of privacy preference with these items, but they are often protected by regulation because they can be used for targeted scams and attempts at identity theft.
Given that regulations often take the size and customer count of businesses into consideration in terms of penalties and the scope of protection of personal data, compliance is particularly important for enterprise-scale organizations. You do not necessarily have to have an active business presence in a country or region; simply storing data on or moving it through servers there may subject you to their data protection rules.
Underage Instagram users were opting to ignore privacy settings and work around them by opening business accounts, leading to a GDPR fine of €405 Million by the Irish DPC.
With July 1 CCPA enforcement deadline fast approaching, have organizations taken the necessary steps to achieve compliance and remain compliant in the future?
Without serious privacy reform and a federal law in the US, it may not be possible to draft a Privacy Shield framework that survives another round in the EU court system.
Indonesia boasts one of the fastest growing economies in South East Asia. However, rapid growth has not been followed by robust development on the regulatory side, particularly in the case of specific rules regarding personal data protection. Authors Zacky Zainal Husein and Andin Aditya Rahman argue that clear definitions are paramount in setting the tone of any regulations, including Indonesia’s upcoming personal data protection rules. The article discusses how “personal data” is defined in the draft rules and the potential implications of sectoral regulation.
Data protection, data privacy, and cyber security are top-of-mind concerns, especially for fast growing startups. But what if you could turn your data protection practices into a competitive advantage that helps you close more deals?
The suit represents millions of Texas residents that have used Google services since 2015. The state requires that consent be collected from biometric data subjects to use their faces or voices.
The noyb privacy complaint notes that Pinterest has invoked the "legitimate interest" exception to user consent for ad tracking, one of a small handful of such exceptions provided for by the GDPR. The problem for the company is that Meta has already tried this tack and failed.
New study suggests that many websites are navigating around GDPR by tailoring the design of their cookie consent tools and using dark patterns to provide a misleading veneer of a consent agreement.
TikTok has already faced several actions involving the privacy and security of children, who have always been one of the biggest demographic groups on the platform. A new FTC investigation has raised the issue again.









