Regulators should apply “extra scrutiny to menstruation apps because they may process and collect highly sensitive health data that requires additional protections and safety measures,” Privacy International (PI) said Tuesday in a report on the privacy of period-tracking apps.
Using consent to preserve privacy has pros and cons, said panelists at the Privacy + Security Forum Spring Academy Wednesday. However, ensuring that consent is gained effectively and truthfully is one of the best ways to safeguard information, they added.
A California Assembly committee cleared a surveillance pricing bill Tuesday that would prohibit companies from using personal data to set customized prices for consumers.
The California Privacy Protection Agency (CPPA) dressed down national menswear retailer Todd Snyder with a $345,178 fine Tuesday for alleged violations of the California Consumer Privacy Act (CCPA). Closely following CPPA action last March against Honda, the Todd Snyder case is more than an enforcement action. It also “highlights a trend by this agency of looking beyond surface compliance with the CCPA,” Wiley privacy attorney Joan Stewart told us. The agency’s board adopted the enforcement decision May 1.
Oracle Health was sued for allegedly sharing the private health information of two patients with Google via the corporation’s marketing systems without patient knowledge or consent. Filed last week, the class-action lawsuit argued Oracle violated the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.
Two amicus briefs were filed in the U.S. Supreme Court on Friday in support of the NBA in a Video Privacy Protection Act case, including one from the NFL and the other a joint amicus brief from the National Retail Federation (NRF) and Interactive Advertising Bureau (IAB). The briefs asked the Supreme Court to grant cert in NBA v. Salazar and reverse the 2nd U.S. Circuit Court of Appeals' ruling.
Comments are due June 2 on revised draft rules for the California Privacy Protection Agency’s rulemaking on automated decision-making technology (ADMT), risk assessments, cybersecurity, insurance and other rule changes, the CPPA decided Thursday.
The CPPA is pushing ahead with a rulemaking to implement a mechanism where consumers can request to delete their personal data, Executive Director Tom Kemp told the CPPA board at a livestreamed Thursday meeting. The agency announced last week that comments in the proceeding are due June 10 and there will also be a hearing that day (see 2504250012).
California Privacy Protection Agency Chairperson Jennifer Urban raised concerns Thursday about the extent of recent changes to draft rules on automated decision-making technology (ADMT), cybersecurity and other issues. “We’ve really cut to the bone, in terms of what is in line with the statute's requirements for the regulations we need to do, and in terms of the relative value to businesses and the relative value to the people … whose personal information is at stake,” she said at a livestreamed CPPA board meeting Thursday. Staff said the new draft reduced potential business costs in the first year by nearly two-thirds.
Microsoft supports regulatory efforts to simplify compliance with privacy laws globally, said Cari Benn, the company’s associate general counsel-privacy, accessibility and regulatory affairs, in an interview last week at the IAPP Global Privacy Summit. Meanwhile, as Microsoft embraces AI, it's striving to apply privacy principles to the emerging technology.