More:

• The CPPA was established as part of the California Privacy Rights Act (CPRA), which was passed in Nov. 2020.
• The CPPA cited Soltani as the "architect" of the CPRA and the 2018 California Consumer Privacy Act.
• California Gov. Gavin Newsom appointed two members of the CPPA's five-person board.
• The remaining three were selected by the state attorney general, senate rules committee, and speaker of the assembly.

More:

• The agency has called on Congress to protect health and location data not covered by HIPAA.
• The FTC could modify rules related to the Children's Online Privacy Protection Act (COPPA) which critics have said are outdated.
• It wants to allocate additional resources to ensure technology firms are adhering to COPPA.
• More firepower for the FTC: last month, House Democrats said they wanted to give the agency $1B to create a division dedicated to protecting data privacy.
• Republicans don't want to give the FTC additional funds until Congress approves new privacy laws.

More:

• One possible reason for the high amount is that GDPR investigations can take time, and many of the cases are related to probes that began when the law went into effect in 2018.
• Luxembourg issued over $867M worth of fines from 11 separate cases, the most of any country.
• Ireland was second with nearly $262M worth of fines, followed by Italy with over $58M.
• Tech giants are the biggest violators: Amazon received the largest fine of $867M, followed by WhatsApp ($262M), and Google ($58M).
• Spain had 296 cases in the first nine months of 2021, the most of any country.

More:

• "One or two" consent management firms were temporarily suspended for not complying with the IAB Europe's user interface guidelines.
• Privacy advocates have said consent notice banners and pop-ups are insufficient methods to obtain "meaningful consent"
• Last month, data protection regulators for the G7 said most websites fail to obtain "meaningful consent" and rely on "dark patterns," where users are manipulated into giving consent.

More:

• The company said over 85% of the 3.1 million payment and virtual cards that were compromised were either "invalid or expired."
• Neiman Marcus is working with law enforcement and cybersecurity firm Mandiant to investigate the breach.
• While the breach occurred last year, Neiman Marcus only became aware in September.
• Its subsidiaries Bergdorf Goodman and Horchow, weren't affected.

More:

• Employees said that customer service tickets contain sensitive information such as names, bank statements, and credit card numbers.
• Vice notes that adult entertainment performers are at a greater risk than others due to the negative perception many people have about their profession.
• Vice adds that OnlyFans' customers could be blackmailed if their personal information is leaked.

More:

• Over 90% of ad impressions in Australia occurred on a Google-owned platform.
• The ACCC attributed Google's dominance to its unrivaled access to data and the ability to integrate across all of its platforms.
• U.K. regulators expressed similar concerns in a report published in July 2020.

• Republicans and tax groups have expressed privacy concerns over a plan by the Democrats and President Biden that would force banks to report all inflows and outflows over an undetermined amount to the IRS.
• Johnny Ryan, a senior fellow at the Irish Council for Civil Liberties, says the country's Data Protection Commission must be reformed after a recent report found the agency hadn't resolved 98% of outstanding GDPR cases.
• Daniel Barber of TechCrunch called for global data privacy standards and says companies should minimize the amount of user information they collect.
• An Illinois judge tentatively approved a $92M settlement against TikTok after it was accused of violating the state's Biometric Information Privacy Act.
• A new privacy law that prohibits "doxxing" was approved by Hong Kong's legislature.