fbpx

Download free GDPR compliance checklist!

Tag Archives for " US "

A key part of surveillance reform is now in jeopardy.

Seven years after the Snowden revelations, there’s a real chance for changes that will bolster oversight and provide some much-needed accountability.

The Senate version of the USA FREEDOM Reauthorization Act expands the role of amici curiae who can help protect the rights of those under surveillance.

Source: A key part of surveillance reform is now in jeopardy.

ACLU sues Clearview AI over alleged privacy violations

The ACLU has sued Clearview AI for allegedly violating Illinois privacy law through its face recognition-based surveillance technology.

The lawsuit was filed in an Illinois state court and won’t have a direct impact on Clearview AI’s business elsewhere. It could still deal a significant blow if it leads to a statewide ban, however, and might prompt other states to take action.

Source: ACLU sues Clearview AI over alleged privacy violations | Engadget

Equifax agrees to spend over $30 million to settle claims over 2017 data breach

Equifax has agreed to a proposed class action settlement with financial institutions over its 2017 data breach that affected roughly 147 million people in the U.S.

The company will pay up to $5.5 million for class members and commit to spending at least $25 million on data security measures over a two-year period under the proposed deal, according to the unopposed motion for preliminary approval of the settlement.

Source: IN BRIEF: Equifax agrees to settle financial institutions’ claims over 2017 data breach – Reuters

Two Bills Introduced to Restrict Microtargeting of Political Ads

Members of Congress have introduced two bills to restrict the microtargeting of online political advertisements.

The Banning Microtargeted Political Ads Act, sponsored by Rep. Anna Eshoo (CA-18), would prohibit online platforms from targeting ads at users on the basis of their personal data. The Protecting Democracy from Disinformation Act would restrict microtargeting of political ads based on demographic characteristics and personal data collected online.

Source: Two Bills Introduced to Restrict Microtargeting of Political Ads

California Privacy Compliance Obligations May Soon Change Under CPRA Ballot Initiative

The California Privacy Rights Act (CPRA) is progressing through California’s elections process for inclusion on the November 2020 ballot. Businesses may want to begin considering how their data privacy obligations in California may change if voters enact CPRA.

The CPRA is a ballot measure created by Californians for Consumer Privacy. It would significantly amend the CCPA. Substantive provisions of the CPRA would become effective on January 1, 2023.

Source: California Privacy Compliance Obligations May Soon Change Under CPRA Ballot Initiative

Democrats introduce bill to protect data collected in coronavirus pandemic

Democratic lawmakers from both chambers yesterday introduced legislation to place limits on how tech companies and public health agencies use smartphones and other digital tools to track the spread of the coronavirus.

The bill would apply to a recent flood of Silicon Valley technologies coming to market amid the pandemic. The bill would require Americans to consent to participate in these efforts, and it would prohibit any data collected to address the health crisis from being used for other purposes such as advertising.

Source: The Technology 202: Democrats introduce bill to protect data collected in coronavirus pandemic – The Washington Post

Questions remain over whether data collected by Covidsafe app could be accessed by US law enforcement

The federal government has reassured the public that Covidsafe data held by Amazon will not be able to be accessed by US law enforcement, but a parliamentary committee is currently investigating separate legislation that would pave the way for US law enforcement to access data held in Australia.

The defence minister, Marise Payne, argued that because the Covidsafe legislation makes “any transfer of data to any country outside Australia … a criminal offence under the provisions of the bill”, US law enforcement would not be able to get the Covidsafe data.

However, the telecommunications legislation amendment (international production orders) bill 2020 would, if passed, make it possible for Australia to facilitate agreements with other nations so that Australian law enforcement agencies could access data held in those countries and vice versa. It has been developed with the US Cloud Act in mind.

Source: Questions remain over whether data collected by Covidsafe app could be accessed by US law enforcement | Law (Australia) | The Guardian

Google’s Coronavirus Test Sites May Be Scooping Up People’s Sensitive Information

In the two months since Verily rolled out the testing sites in California, advocates and lawmakers have been warning the Alphabet subsidiary may not be in compliance with California’s strict new privacy law that requires companies to give detailed, clear information to consumers on what kind of information it’s collecting.

Mary Stone Ross, an Oakland-based consumer privacy expert, said Verily is not complying with the letter of the law because it does not list on its website every category of personal information it collects from users, referencing the exact language used in the law.

More broadly problematic is the fact that there seems to be little oversight of the company. For example, the California privacy law passed in January is not going to be fully enforced until July.

Source: Google’s Coronavirus Test Sites May Be Scooping Up People’s Sensitive Information – VICE

Washington, D.C. Adds Security Requirements in New Data Breach Notification Law

Washington, D.C. amended its data breach notification law (D.C. Act 23-268) on March 26, 2020, expanding the definition of personal information covered by the law and requiring businesses collecting data from D.C. residents to implement “reasonable security safeguards.”

Because D.C. law already provides a private right of action for violations of the data breach law, the updates will enable lawsuits in the event that an entity fails to meet the “reasonable security” standard—though recovery is limited to actual damages.

Source: Washington, D.C. Adds Security Requirements in New Data Breach Notification Law | Privacy & Security Law Blog | Davis Wright Tremaine

Zoom Agrees to Step Up Security After New York Probe

New York state’s top prosecutor announces that the company Zoom would improve security measures, after flaws were detected as the video conferencing platform soared in popularity amid the coronavirus pandemic.

The agreement wraps an investigation launched in March by New York Attorney General Letitia James into vulnerabilities in the California-based company’s software. In a statement, James said Zoom would institute new security measures for the millions of users using the platform, including enhanced privacy controls.

Source: Zoom Agrees to Step Up Security After New York Probe | SecurityWeek.Com

1 2 3 57
>