fbpx

Download free GDPR compliance checklist!

Tag Archives for " US "

LAPD Bans Use Of Commercial Facial Recognition

The Los Angeles Police Department has banned the use of commercial facial recognition systems.

The LAPD, the third-largest police department in the United States, issued a moratorium on the use of third-party facial recognition software on Nov. 13

News showed that its officers were using Clearview AI, a facial recognition platform that has taken data from Facebook and other social media platforms.

Source: LAPD Bans Use Of Commercial Facial Recognition

Microsoft promises to challenge all government requests for customer data

Microsoft has vowed to challenge all requests that any government or security agency makes to access its customers’ data, and will even compensate firms where it’s forced to legally grant access.

The firm will challenge every government request for public sector or enterprise customer data, from any government, where there’s a lawful basis for doing so. Where customer data is handed to authorities in violation of GDPR, Microsoft will provide financial compensation to affected customers, it has said.

Source: Microsoft promises to challenge all government requests for customer data | IT PRO

DHS Plans to Start Collecting Eye Scans and DNA

US Department of Homeland Security is planning to collect unprecedented levels of biometric information from immigration applicants and their sponsors — including U.S. citizens.

While some types of applicants have long been required to submit photographs and fingerprints, a rule currently under consideration would require practically everyone applying for any kind of status, or detained by immigration enforcement agents, to provide iris scans, voiceprints and palmprints, and, in some cases, DNA samples. A tangled web of defense and surveillance contractors, which operate with little public oversight, have already begun to build the infrastructure that would be needed to store these records.

Source: DHS Plans to Start Collecting Eye Scans and DNA

DEA Pursues Vast Expansion of Patient Surveillance

The Drug Enforcement Administration (DEA) is looking to expand its anti-diversion surveillance infrastructure by being able to search and analyze myriad patient behaviors for the vast majority of controlled and scheduled drug prescriptions—all accompanied by a rapid process for legally unveiling personally identifying information.

In early September, the agency requested proposals for the creation of software capable of searching at least 85 percent of all US residents’ controlled-substance prescriptions for certain patient behaviors, as well as prescriber and pharmacist practices.

Source: DEA Pursues Vast Expansion of Patient Surveillance

Forensic Genealogy Cracks Cold Cases Amid Privacy Concerns

Millions of people will unwrap at-home ancestry testing kits this holiday season and eagerly swab their cheeks and mail in the saliva, hoping their DNA will unlock clues about their heritage or reveal long-lost relatives.

The tests, which can cost as little as $59, offer entertainment and a chance to uncover family secrets. But with law enforcement increasingly mining the DNA databases to solve cold cases, as in the arrest last week of a Lehigh County man suspected in the 1969 murder of a San Diego woman, experts say consumers should think about their privacy when they hand over their DNA.

Source: Forensic Genealogy Cracks Cold Cases Amid Privacy Concerns | Pennsylvania News | US News

Defining data protection standards could be a hot topic in state legislation in 2021

Some states could follow the New York Shield Act’s lead and set clearer regulatory expectations for reasonable cybersecurity. Election security legislation likely not on the agenda.

According to the National Conference of State Legislatures, at least 38 states, along with Washington, DC, and Puerto Rico introduced or considered more than 280 bills or resolutions that deal significantly with cybersecurity as of September 2020. Setting aside privacy and some grid security funding issues, there are two categories of cybersecurity legislative issues at the state level to watch during 2021. The first and most important is spelling out more clearly what organizations need to meet security and privacy regulations. The second is whether states will pick up election security legislation left over from the 2020 sessions.

Source: Defining data protection standards could be a hot topic in state legislation in 2021 | CSO Online

How the U.S. Military Buys Location Data from Ordinary Apps

A Muslim prayer app with over 98 million downloads is one of the apps connected to a wide-ranging supply chain that sends ordinary people’s personal data to brokers, contractors, and the military.

The U.S. military is buying the granular movement data of people around the world, harvested from innocuous-seeming apps, Motherboard has learned. The most popular app among a group Motherboard analyzed connected to this sort of data sale is a Muslim prayer and Quran app that has more than 98 million downloads worldwide. Others include a Muslim dating app, a popular Craigslist app, an app for following storms, and a “level” app that can be used to help, for example, install shelves in a bedroom.

Source: How the U.S. Military Buys Location Data from Ordinary Apps

How the NYPD gets people’s personal data with no oversight

The NYPD has used tens of thousands of questionable subpoenas over the last decade to intimidate private companies into handing over the personal information of cops and civilians alike — all with no oversight from the city or the courts.

While most of the subpoenas are believed to target cops, some have also gone after journalists in an attempt to uncover their sources — and the four orders obtained by The Post reveal they can be sweeping in nature, potentially creating a trove of personal data on cops and those in their orbit.

Source: How the NYPD gets people’s personal data with no oversight

California ballot initiative passes, significantly altering the California Consumer Privacy Act

The California Privacy Rights Act (CPRA) makes significant changes to the California Consumer Privacy Act (CCPA), which was originally passed by the California legislature in 2018. However, the CPRA does not take effect until January 1, 2023, giving businesses a bit more than two years to prepare.

The CPRA adds new obligations on both businesses and service providers, adds some important new definitions, and creates new liability risks, while clarifying some operationally difficult aspects of the CCPA. Importantly, it also mandates the creation of a new agency to enforce privacy violations, which should increase enforcement. Finally, the CPRA limits the ability of the legislature to amend the law.

Source: US: As expected, California ballot initiative passes, significantly altering the California Consumer Privacy Act

European Data Protection Board Issues Schrems II Recommendations

Following the Court of Justice of the European Union’s (“CJEU”) decision in Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems on 16 July 2020 (Schrems II), the European Data Protection Board (EDPB) on 11 November 2020 issued its anticipated recommendations describing how controllers and processors transferring personal data outside the European Economic Area (EEA) may comply with the Schrems II ruling.

The EDPB on November 11 issued two sets of recommendations. The first set of recommendations covers the assessment and supplementary measures data exporters may need to adopt to ensure compliance with the EU level of personal data protection (“Supplementary Measures Recommendations”). The second set of recommendations lays down the elements to be used to examine whether surveillance measures allowing access to personal data by public authorities in a third country can be regarded as a justifiable interference with the level of data protection guaranteed in principle by the EU (“European Essential Guarantees Recommendations”).

These recommendations are applicable immediately but are open for public consultation until November 30.

Source: European Data Protection Board Issues Schrems II Recommendations

1 2 3 69
>