Updated Cookie Guidelines served by Luxembourg’s DPA
Luxembourg’s National Commission for Data Protection (CNPD) has updated and published its guidelines on cookies and other trackers that will assist websites and apps in adhering to the law. Included in the updated guidelines on the CNPD’s comment on essential and non-essential cookies. The guideline also states the notion of dark patterns in relation to obtaining user consent and examples of good practices.
Senators Pushing the Protective Sensitive Personal Data Act
The Protective Sensitive Personal Data Act aims to expand the oversight authority of the U.S. Department of Treasury’s Committee on Foreign Investment on sensitive personal data. The legislation wants to secure data that includes: genetic test results, health conditions, insurance applications, financial hardship data, security clearance information, geolocation data, private emails, data for generating government identification, and credit report information. U.S. Senators Rubio (R-Fla.), and Raphael Warnock (D-Ga), introduced this legislation.
Sources: IAPP, Senator Marco Rubio
DATA Privacy Act gets revival from U.S. Senator
The Digital Accountability and Transparency to Advance Privacy Act got its reintroduction from U.S. Sen. Catherine Cortez Masto (D-Nev). Proposed last 2019, the comprehensive bill includes:
- Data rights.
- A data protection officer requirement.
- A required opt-out process with an opt-in consent plan for sensitive data collection.
The bill will not preempt state privacy laws and has no private right of action.
Sources: IAPP, Senator Catherine Cortez Masto
Lack of User Consent leads to Technical Breach
Huq, a British location data firm, disclosed two “technical breaches” caused by third-party applications due to the lack of user consent ahead of collecting location data.“Huq data is used anonymously. Nevertheless, consent is a vital pillar of data collection and must be taken seriously. We strive to ensure consent is explicitly sought by all our app partners. If there is a breach, we always act swiftly,” according to Chief Executive Conrad Poulson. Kaibits Software, one of the developers of the third-party apps, acknowledged the “problems with permissions” and says it has been settled. A second app developer has not responded yet.
Facebook Ordered to Give Compensation in South Korea
South Korea’s Data Protection Authority (DPA) has sanctioned Facebook’s parent company Meta Platforms to pay compensation to users for breach of consent. Facebook needs to compensate 181 users that requested for damages, paying them $256.70 each. In November 2020, South Korea’s DPA issued a fine of 6.7 billion won to Facebook for sharing personal data of 3.3 million users in the country to third parties with no consent. With over 10,000 third-party apps accessing the data.
Sources: IAPP, Sambad English
$17.6 Million Settlement for Insurance Breaches in Illinois
The $17.6 million proposed settlement from Kemper Insurance has been approved by the Illinois federal court. Kemper Insurance had two data breaches in December 2020 and March 2021 that possibly jeopardized 6.1 million personal data. Included are names, addresses, Social Security numbers, driver’s license numbers, and other personal information in the breach.
Sources: IAPP, Insurance Journal