fbpx

Free tools and resources for Data Protection Officers!

Category Archives for "Other"

Company Will Pay $30 Million to Settle FTC Charges it Used Deceptive Lead Generators

An Illinois-based operator of several post-secondary schools will pay $30 million to settle Federal Trade Commission charges that the operator used sales leads from lead generators that falsely told consumers they were affiliated with the U.S. military, and that used other unlawful tactics to generate leads.

In addition to falsely representing that its schools were affiliated with or recommended by the military, CEC’s lead generators also induced consumers to submit their information under the guise of providing job or benefits assistance.

“You can’t skirt the law by outsourcing illegal conduct to your service providers,” said Andrew Smith, Director of the FTC’s Bureau of Consumer Protection. “This case demonstrates that the FTC will seek to hold advertisers liable for the deceptive or illegal practices of their affiliates, publishers, or other lead generators. We expect companies purchasing leads to implement strong vendor management programs and stay on the right side of the law.”

Source: Operator of Colorado Technical University and American InterContinental University Will Pay $30 Million to Settle FTC Charges it Used Deceptive Lead Generators to Market its Schools | Federal Trade Commission

Commission urges member states to allocate resources to DPAs

In July, the European Commission urged European countries to allocate sufficient human, financial and technical resources to national data protection authorities.

That’s because the introduction of the EU General Data Protection Regulation has placed an increased burden on already-stretched authorities.

Full article: Commission urges member states to allocate resources to DPAs

Businesses race to keep data flowing under a no-deal Brexit

Brexit might mean the United Kingdom is no longer a member of the European Union, but that does not mean it will escape the long arm of the bloc’s data protection.

Alternative arrangements include implementing binding corporate rules or signing contracts that include EU-approved clauses. The latter option of implementing standard contractual clauses is for now the simplest way to go, especially for most small and medium-sized enterprises. However, for large organisations, they can be costly to implement.

Full article: Businesses race to keep data flowing under a no-deal Brexit, Europe News & Top Stories – The Straits Times

IAB Europe issues updated GDPR-compliancy protocol

IAB Europe and the IAB Tech Lab have released the second iteration of the Transparency and Consent Framework (TCF), a guide to help digital advertisers comply with the market’s General Data Protection Regulation (GDPR).

The policy updates come after the groups put version 2.0 of the standard up for public comment in April, accepting submissions for 30 days. A steering group of 10 national IAB chapters and 55 companies drafted the current version of the policy.

Source: IAB Europe issues updated GDPR-compliancy protocol | The Drum

ISO publishes privacy information management standard

The new ISO standards will help businesses meet such requirements, whatever jurisdiction they work in.

ISO/IEC 27701Security techniques — Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management  Requirements and guidelines, specifies the requirements for establishing, implementing, maintaining and continually improving a privacy-specific information security management system. In other words, a management system for protecting personal data (PIMS).

Formerly referred to as ISO/IEC 27552 during its development, it builds on ISO/IEC 27001Information Technology – Security techniques – Information security management systems – Requirements, providing the necessary extra requirements when it comes to privacy.

Source: ISO – Tackling privacy information management head on: first International Standard just published

Most EU cookie ‘consent’ notices are meaningless or manipulative

New research into how European consumers interact with the cookie consent mechanisms which have proliferated since a major update to the bloc’s online privacy rules last year casts an unflattering light on widespread manipulation of a system that’s supposed to protect consumer rights.

The study, which looked at how consumers interact with different designs of cookie pop-ups and how various design choices can nudge and influence people’s privacy choices, also suggests consumers are suffering a degree of confusion about how cookies function, as well as being generally mistrustful of the term ‘cookie’ itself.

The researchers conclude that if consent to drop cookies was being collected in a way that’s compliant with the EU’s existing privacy laws only a tiny fraction of consumers would agree to be tracked.

Source: Most EU cookie ‘consent’ notices are meaningless or manipulative, study finds | TechCrunch

AT&T, T-Mobile, Sprint, Verizon Blasted For Data Privacy Policies

A U.S. senator Wyden is giving the four telecommunications companies until Sept. 4 to outline how they plan to better protect customer data privacy.

Wyden said that current rules that are in place that surround data retention are not enough, and that the telecom companies have been able to skirt them. The Federal Communications Commission (FCC) requires carriers to keep records of toll calls for 18 months, for instance – but Wyden alleges that firms retain records “for much longer.”

Source: AT&T, T-Mobile, Sprint, Verizon Blasted For Data Privacy Policies | Threatpost

Irish Data Protection Commission looking at Instagram data scraping

The Irish Data Protection Commission, a key EU data regulator, wants to know whether EU subjects were affected by the Instagram data scraping.

Marketing firm Hyp3r has been scraping millions of users’ public data from the Facebook-owned photo-sharing app — tracking people’s locations, saving their Stories posts (which are supposed to disappear after 24 hours), and gathering other information about them.

Source: Irish Data Protection Commission looking at Instagram, hyp3r data scraping – Business Insider

IAB Europe refuses to answer Irish Data Protection Commission

IAB Europe refuses to answer questions from Irish Data Protection Commission arising from formal GDPR complaint by Brave’s Dr Ryan against IAB Europe’s “forced consent” and consent walls.

The Irish Data Protection Commission informed Dr Johnny Ryan of Brave, the private web browser, that IAB Europe has ignored its questions concerning his GDPR complaint against IAB Europe’s unlawful cookie wall.

Source: IAB Europe refuses to answer Irish Data Protection Commission

Instagram data privacy enabled location tracking of millions of users

Instagram allowed a trusted advertising partner to harvest huge swathes of user data to create detailed files on account holders’ physical locations and personal bios, news reports reveal.

The information was put together by Hyp3r, in contradiction of Instagram rules and without the popular photo-imagery app’s knowledge. This week, Facebook-owned Instagram instructed Hyp3r to stop the practice, confirming that it was in violation of data privacy rules.

Source: Instagram data privacy enabled location tracking of millions of users – PrivSec Report

>