Possible New York regulations aimed at protecting kids against addictive feeds raise significant privacy concerns, tech industry and consumer privacy groups agreed in comments reviewed Tuesday by Privacy Daily. The groups weighed in Monday on a Sept. 15 NPRM from the state attorney general's office to implement the Stop Addictive Feeds Exploitation (SAFE) for Kids Act.
Data Minimization
Data minimization is a core privacy principle requiring organizations to limit the personal data they collect, process and retain to only what is necessary for a specific purpose. Maryland’s data privacy law sets one of the nation’s strictest standards mandating that companies collect only the minimum data needed and prohibiting use beyond that stated purpose. The approach has drawn attention from other states with several exploring similar provisions to curb overcollection and reduce the risks of misuse, breaches and noncompliance.
An Indiana Data Consumer Bill of Rights released last week by Attorney General Todd Rokita (R) informs state residents about privacy rights that they will have under the comprehensive privacy law, which takes effect Jan. 1.
Industry and consumer advocates have weighed in on nearly 20 kids privacy and safety bills set for a subcommittee hearing Tuesday in the House Commerce Committee (see 2511250080). In written testimony posted over the weekend, some witnesses additionally warned the lawmakers against inadvertently weakening privacy protections in an effort to promote online safety.
Massachusetts took another step toward the possible passage of a comprehensive privacy bill. The House side of the state legislature’s Advanced IT Committee advanced a new version (H-4746) of the proposed Massachusetts Consumer Data Privacy Act on Monday.
The European Data Protection Supervisor (EDPS) published guidance Tuesday to help EU institutions, bodies, agencies and offices that act as data controllers to identify and mitigate data protection risks arising from AI systems.
CHICAGO -- Keeping up with compliance is critical as the field of privacy evolves, in-house lawyers at two companies told the Association of National Advertisers ad law conference this week.
Data breaches can “haunt businesses for years,” they're "rarely one-and-done,” said Bricker Graydon lawyer Nancy Magoteaux in a blog post Thursday.
CHICAGO -- States’ comprehensive privacy laws are not “dead letters” or “paper tigers,” Perkins Coie privacy attorney Meredith Halama said during a panel at the Association of National Advertisers ad law conference. “We see real, active enforcement, particularly in California.”
The Consumer Financial Protection Bureau should retain consumer privacy protections in Section 1033 of the Dodd-Frank Act and continue guarding against third-party financial data abuse, consumer groups told the CFPB in comments due Tuesday (see 2508210038).
Florida’s privacy lawsuit last week against Roku surprised some data-protection experts, since the state’s Digital Bill of Rights frequently carries an asterisk in lists of the 20 state comprehensive privacy laws -- if it’s included at all. In the aftermath, however, some privacy experts told Privacy Daily that they’re still not ready to add Florida to the list.