Skip to main content
Please wait...

 

Hello Friends,

The draft Colorado Privacy Act rules retain the hallmarks of what makes the Colorado Privacy Act rules unique but contain some notable revisions and clarifications.

Enjoy reading!

 

Privacy Enforcement

Voodoo to pay 3 Million Euros over alleged Nonconsensual User Tracking

France's data protection authority, the Commission Nationale de l'informatique et des libertés, issued a 3 million euro fine to mobile application developer Voodoo over alleged nonconsensual user tracking. The CNIL's investigation found the company applies a technical identifier that processes the information linked to the browsing habits for advertising purposes when a Voodoo app is downloaded from Apple's App Store. Voodoo allegedly applies the tracker despite user opt-outs via its consent mechanism.

Read More

WhatsApp to pay 5.5 Million Euros to Irish DPC, fissure with EDPB continues

Ireland's Data Protection Commission completed its inquiry into Meta platform’s WhatsApp and fined the company 5.5 million euros related to forced user consent for the processing of their data. The DPC said the fine was significantly less than recent fines issued to Facebook and Instagram because WhatsApp was fined 225 million euros in 2021. However, the DPC decision did not resolve its ongoing jurisdictional fight with the European Data Protection Board related to the EDPB's ability to mandate the scope of a member state's data protection inquiry.

Read More

 

Data Breach

Password Manager Parent Company breached Using Previously Stolen Credentials

Hackers stole customers' encrypted data during a November 2022 security breach of GoTo, the parent company of password manager LastPass. The breach was a direct result of an August 2022 breach, in which an unauthorized party accessed a shared GoTo-LastPass cloud storage service. In November, hackers used the stolen data to access unencrypted customer files.

Read More

Cyberattack of UK Sportswear Company exposes Data of 10M Customers

10 million customers of U.K. sportswear chain JD Sports had their data exposed in a cyberattack. The breach reportedly affected online sales data from 2018-2020, including personally identifiable information. JD Sports representatives said they were contacting affected customers, working with leading cyber-security experts and talking with the U.K. Information Commissioner’s Office to respond to the breach.

Read More

 

Privacy in Spotlight

New Claims allege more Twitter Privacy Issues

U.S. Congress obtained a whistleblower complaint alleging additional privacy and data security issues at Twitter before and shortly after Elon Musk's takeover. The unnamed whistleblower claimed approximately 4,000 Twitter employees had access to administrative settings that allowed a full takeover of any private account without user consent.

Read More

Online Pharmacies share Sensitive Data with Third Parties

Some online pharmacies selling abortion pills are using tracking technology that shares sensitive data with third parties, which could potentially lead to prosecution from law enforcement. Web trackers, including a Google Analytics tool, were found on at least nine of 11 sites selling the pills. Data shared through the trackers include web addresses visited, items clicked on, search terms, and location and device information, as well as a unique identifier linked to a user's browser.

Read More

 

Regulations

Attorney General releases Latest Revisions to Colorado Privacy Act Draft Rules

The Colorado attorney general's office released the second set of revisions to the Colorado Privacy Act draft regulations. Changes from the last revisions released in January include tweaks to business requirements for privacy notices, universal opt-out mechanisms, and honoring consumer rights and opt-out requests. With rules for universal opt-out mechanisms, the updates work to create more interoperability between U.S. comprehensive state privacy laws. Colorado's privacy law is effective July 1.

Read More

2023 Canada Private-Sector Privacy Law Reform: Keeping Track of Moving Parts

Canada is strengthening provincial and federal laws for privacy. Not only the authorities are being given more power, but also more stringent compliance requirements are being placed on corporations including EU GDPR-level, multimillion-dollar fines, and enhancing individual rights.

Read More

Privacy By Design to become an ISO Standard Next Month

The International Organization for Standardization will adopt ISO 31700 on privacy by design. The new standard will not be a conformance standard when it first comes online. It features 30 requirements and guidance on privacy-by-design principles for effectuating consumer rights, relevant roles and authorities, privacy control designs, and more.

Read More