A little privacy: week of July 16
July 23, 2021
GLOBAL PRIVACY CONTROL BACKED BY CA ATTORNEY GENERAL
The California Office of the Attorney General made an update to its California Consumer Privacy Act (CCPA) FAQs to clarify that the GPC, a user-enabled global privacy control available on certain browsers “must be honored by covered businesses as a valid consumer request to stop the sale of personal information”.
The Ohio House of Representatives introduced legislation to enact the Ohio Personal Privacy Act. The Act would impose certain notice requirements and grant user rights to access, delete, and opt out of the sale of personal data collected about them, would require businesses to pass opt-out requests to downstream processors and third parties, and would impose certain contractual requirements between businesses and their processors. The Act would be strictly enforced by the Ohio Attorney General and would create an affirmative defense if businesses comply with a written privacy program reasonably conforming to the National Institute of Standards and Technology (NIST) privacy framework.
italian dpa publishes new cookie guidelines
The Italian Data Protection Authority published new guidelines for cookies and other tracking tools, giving companies until January 10, 2022 to comply. Among other requirements, the new guidelines require that the cookie consent banner include both “accept” and “reject” buttons, granular choices, and the ability for users to edit their tracking preferences at any time. The guidelines prohibit requesting consent again for 6 months after the initial request. They also allow placing first-party analytics cookies without consent but only allow third-party analytics cookies without consent in certain circumstances.
The EU Parliament Committee on Civil Liberties, Justice and Home Affairs (LIBE) adopted proposals to add certain digital privacy rights to the Digital Services Act (DSA), pending legislation previously focused on illegal content such as hate speech. The new proposals, as reported by Reuters, would, among other things, create a right to use and pay for digital services anonymously, whenever reasonably feasible, and phase out behavioral and personalized advertising for non-commercial and political advertising. The proposals would need to be agreed to by two additional committees and would likely come into force next year.
The EDPB adopted an urgent binding decision rejecting the Hamburg DPA‘s request to ban processing of WhatsApp user data by Facebook IE for their own purposes. Instead, the EDPB requested that the Ireland Supervisory Authority carry out a statutory investigation to determine whether the processing activities are taking place, whether there is a proper legal basis under GDPR to do so, and whether Facebook IE is acting as a processor or joint controller with respect to that processing.
The UK Centre for Data Ethics and Innovation (CDEI) published a PETs Adoption Guide, an interactive tool designed to aid decision-making around the use of privacy enhancing technologies in data-driven projects. The guide poses a series of questions in a flowchart format to help companies enable safe, private and trustworthy use of data that is appropriate for their use case.
Latest Blog Posts
It’s not just GDPR and CCPA anymore. Data protection...
California's new Consumer Privacy Interactive Tool lets consumers notify...
CA attorney general reinforces requirements to honor GPC. Ohio...
Latest White Papers
This guide covers everything you need to know about...
Keep in touch
Sign up for our newsletter to keep up with the latest privacy and media news.