Advocacy groups ask Pelosi to pass ADPPA
Advocacy groups sent a letter to US House Speaker Nancy Pelosi, D-Calif., asking her to consider and pass the American Data Privacy and Protection Act (ADPPA). The letter praised the inclusion of civil rights protection for consumers in the US. It showed relief that the preemption provisions are better than existing state privacy laws, such as the California Privacy Rights Act (CCPA). The ADPPA got into resistance from California lawmakers concerned it may undermine their state privacy law. Pelosi says she is engaged in addressing California’s concerns with a bipartisan bill allowing US consumers cross-sector data privacy protections.
Initial CPPA enforcement penalizes cosmetics giant Sephora
Last Aug. 24, California Attorney General Rob Bonta announced a $1.2 million fine for cosmetics giant Sephora. The company is the first to be publicly penalized for California Consumer Privacy Act (CCPA) violations, and it will also be required to comply with specific terms. Allegedly Sephora failed to a “Do Not Sell My Personal Information” link the CCPA requires; was unable to provide a notice of the sale of personal information for the customers. The company also failed to provide two or more methods to opt-out of such sales and did not process requests to opt-out via user-enabled Global Privacy Controls (GPC). A 30-day right to cure notice was given to Sephora, but it failed to correct the issues, which resulted in the enforcement action.
Facebook will settle a federal lawsuit for allowing third-parties access to user data
Facebook has, in principle, agreed to settle a lawsuit in the San Francisco federal court for allowing third parties to access private user data. Among the third parties is Cambridge Analytica, a former U.K. political consulting firm. The parties have made a 60-day request to work out the settlement, but the settlement terms have not been disclosed.
New Zealand seeking to expand data collection notification rules
The Ministry of Justice of New Zealand is seeking public consultation for Possible amendments to data collection notification provisions under the Privacy Act 2020. The ministry is exploring amendments covering “when an agency collects their personal information indirectly through a third party” to boost transparency. The amendments proposed are established to make New Zealand up-to-date with privacy laws and include a specific note to support cross-border data flows. The deadline for public consultation is on Sept. 30.