Send us a text

Leading privacy experts discuss why trust-based compliance is no longer enough and how product-driven privacy is the key to scalable compliance.

Here's what the Keynote covers:

🔹 Why teams can no longer rely on trust-based privacy mechanisms

🔹 How product privacy management enables evidence-based privacy and compliance at scale

🔹 Lessons from HP & Grindr on moving to evidence-based privacy

🔹 Privado.ai’s roadmap and vision for product privacy management

Huge thanks to Aaron Weller, Kelly Peterson, Vaibhav Antil, Prashant Mahajan for 

Send us a text

Privacy Corner Newsletter: February 13, 2025

🔹 EU’s AI Act Guidelines Clarify Compliance Risks – 
The European Commission releases two sets of AI Act guidelines, breaking down the definition of AI systems and outlining nine prohibited AI practices, including emotional manipulation and biometric categorization.

🔹 UK’s Secret Demand for Apple’s Encrypted Data – 
The UK government issues a confidential order under the Investigatory Powers Act, demanding Apple create a backdoor for accessing encrypted iCloud data, sparking concerns over user privacy and global implications.

🔹 Amazon Faces First Lawsuit Under Washington’s Health Data Law – 
A class action lawsuit accuses Amazon of collecting precise geolocation data and Mobile Advertising IDs via its SDK without consent, violating the My Health My Data Act’s strict health data protections.

Send us a text

Privacy Corner Newsletter: Jan 30, 2025
By Robert Bateman and Privado.ai

In this edition:

▶ UK Court Ruling: Invalid Consent in Gambling Case
A UK gambling firm unlawfully tracked users for marketing, despite their supposed consent. The court ruled that consent must be informed, freely given, and valid, emphasizing the importance of assessing users’ ability to provide meaningful agreement—especially in vulnerable groups.

▶ Google’s RTB System Accused of Sharing Data with China & Russia
A new complaint alleges that Google’s real-time bidding (RTB) system transmits sensitive user data to foreign entities, including those in China and Russia. The case claims these transfers violate US privacy laws and pose national security risks.

▶ New York Enacts Strict Health Privacy Law (NYHIPA)
The New York Health Information Privacy Act (NYHIPA) expands protections far beyond HIPAA, covering any organization processing health data linked to NY residents. This law applies to fitness apps, wearables, and non-HIPAA-regulated entities, making compliance a pressing concern for businesses handling health data.

▶ Privado.ai’s Bridge 2025: A Technical Privacy Summit – Happening Next Week!
The must-attend event for privacy and security leaders! On Feb 5-6, 2025, join industry experts to explore how to bridge the gap between privacy laws and engineering solutions. Expect deep dives into privacy code scanning, automated data flow mapping, and compliance best practices.

Send us a text

Privacy Corner Newsletter: Jan 16, 2025

In this edition:

▶ European Commission must pay damages for Facebook Login feature violation

▶ Texas sues Allstate under new privacy law for illegal data collection

▶ CJEU rules gender data collection not lawful for personalization under ‘contract’ basis

Send us a text

Privacy Corner Newsletter: January 2, 2025

In this edition:

▶ OpenAI faces penalties for GDPR breaches linked to ChatGPT, including transparency failures and inadequate age verification.

▶ California Privacy Protection Agency settles with two more data brokers
PayDae and The Data Group fined for failing to register under California’s Delete Act, with further enforcement anticipated.

▶ Google will permit device fingerprinting starting February 16, 2025, despite ICO objections.

Before we wrap up…

Privado.ai is thrilled to announce Bridge 2025: A Technical Privacy Summit, happening virtually from February 5-6, 2025.

👇 Discover actionable solutions that connect privacy laws to practical engineering strategies, including:
- Unlocking privacy ROI
- Navigating adtech compliance challenges
- Designing privacy-first engineering frameworks

Mark your calendars and join the privacy engineering revolution here:
https://www.privado.ai/bridge-privacy-summit

Send us a text

Privacy Corner Newsletter: December 19, 2024

In this edition:

The Irish DPA fines Meta €251 million over a 2018 data breach, the Dutch DPA fines Netflix €4.75 million for transparency failings, and the French DPA cracks down on non-compliant cookie banners.

▶ Irish DPA fines Meta €251 million over 2018 data breach
The fine follows a breach affecting 29 million Facebook accounts. The DPC found violations of GDPR’s data protection by design, breach reporting obligations, and more.

▶ Dutch DPA fines Netflix €4.75 million for transparency failures
Netflix failed to disclose adequate privacy information, leading to a fine for GDPR violations regarding transparency, data retention, and international data transfers.

▶ French DPA issues cookie banner crackdown
Website operators have one month to comply with stricter cookie consent rules, addressing dark patterns and ensuring an equal choice between accepting and rejecting cookies.

Send us a text

Privacy Corner Newsletter: Dec 5, 2024

In this edition:

The FTC proposes orders targeting sensitive data misuse, Australia bans kids from social media, and noyb gains new powers for collective GDPR actions.

▶ FTC targets sensitive location data misuse in proposed orders:
Gravy Analytics and Mobilewalla face sanctions for selling sensitive location data, including segments like “New Parents” and “LGBTQ+ Community.”

▶ Australia bans kids from social media and reforms privacy laws:
New laws require stricter age verification, ban accounts for under-16s, and introduce a tort for serious privacy invasions.

▶ Noyb gains rights to bring GDPR “class actions” across the EU:
Now recognized as a “qualified entity,” noyb can enforce collective claims and injunctions against GDPR violations.

Send us a text

Privacy Corner Newsletter: November 21, 2024

▶ German Court Opens the Door to Mass Data Breach Lawsuits:

Germany’s Federal Court rules that "loss of control" over personal data qualifies for damages under GDPR Article 82—no proof of distress or financial loss required.

▶ Meta’s ‘Unskippable Ads’ Solution Gains EDPB Attention

Meta launches a free tier with ads using minimal data and unskippable formats in response to EU demands.

▶ Cyber Resilience Act Imposes New Rules on Digital Products

The EU’s Cyber Resilience Act sets strict cybersecurity and data protection requirements for most digital products, with significant penalties for non-compliance starting 2027.

#Privado #ThePrivacyCorner #GDPR #EDPB #CyberAct #EU

Send us a text

Privacy Corner Newsletter: November 7, 2024

In this edition, we dive into the latest updates on GDPR fines, data broker enforcement, and the EU-US Data Privacy Framework review:

▶ Ireland fines LinkedIn €310 million, six years after a complaint—with full EDPB support:
The Irish DPC issues a €310 million fine against LinkedIn for GDPR violations, marking a significant shift in enforcement under new leadership.

▶ California prepares for a data broker enforcement sweep:
The California Privacy Protection Agency targets non-compliant data brokers, enforcing new registration and deletion requirements under the Delete Act.

▶ The EDPB reviews the first year of the EU-US Data Privacy Framework:
The EDPB’s first-year review of the EU-US DPF highlights both successes and areas for improvement in the data-sharing framework.

#privado #privacycodescanning #compliance #privacyengineering #gdpr #cpra #ccpa #mhmda #dataprivacy #compliance #softwarecodescanning

Send us a text

Privacy Corner Newsletter: October 24, 2024

This week, we dive into the UK’s resurrected data reform bill, ePrivacy Directive guidelines, and a new complaint against Pinterest. 

▶ Back from the Dead: Comparing the UK’s New and Old Data Reform Bills

The UK has introduced a new Data (Use and Access) Bill (DUAB), which incorporates several proposals from the previously scrapped Data Protection and Digital Information Bill (DPDIB). The DUAB revives and reshapes key provisions, such as legitimate interests and cookie consent exemptions, while dropping several controversial aspects from its predecessor.

How might these changes in UK legislation affect your organization's data compliance strategy?

▶ EDPB Finalizes ePrivacy Directive Guidelines: Fingerprinting, SDKs, and APIs Firmly in Scope

The European Data Protection Board (EDPB) has published its final guidelines clarifying how the ePrivacy Directive applies to modern tracking technologies. Developers and privacy professionals should note that the Directive covers not just cookies but newer methods like device fingerprinting and SDKs—tightening consent requirements across digital platforms.

Are your tracking technologies compliant with the latest ePrivacy Directive guidelines?

▶ Pinterest Hit by noyb Complaint: Cookies and the Right to Data Recipient Information

A complaint has been filed by privacy group noyb against Pinterest, alleging insufficient disclosure about the sharing of users' personal data. The case could set a new precedent on the amount of detail required in responses to data subject access requests, especially regarding which third parties receive personal data.

Could your data subject access request processes withstand a similar challenge?