More:

• The ANPD plans to draft rules for small and medium-sized businesses, enforcement and calculation of fines, notification of data breaches, data protection impact assessments, and data protection officers.
• The ANPD was set up in December 2018 to implement LGPD.
• The Brazilian Supreme Court is considering a case that could define what the LGPD's right to be forgotten means. 

More from the Entrust survey:

• 43% said they do not carefully review the terms and conditions before downloading a new app.
• 83% said they are comfortable with using or storing biometric data with apps and services.
• 64% said their concern or awareness about data privacy has increased over the past 12 months.

More:

• Graham Doyle, the deputy commissioner at the DPC, admitted that the IT system was "dated" but noted that new core parts of the system will be rolled out in the second quarter of 2021. 
• Under the GDPR one-stop-shop model national regulators handle GDPR implementation for companies with their main headquarters within their national boundaries.
• However, the one-stop-shop model is being challenged. As we reported last month, the Belgian regulator took action against Facebook over its use of cookies, even though Facebook's main European headquarters is in Ireland.

More:

• In its submission, Facebook argued that a global privacy framework is needed to avoid splintering privacy protections into many different national rules. 
• In its submission, Snap urged the government to draw on the strengths and lessons learned with the GDPR in Europe.
• The Attorney General has received more than 100 comments from companies, privacy groups, and other organizations as it considers revisions to the Privacy Act.

More from Cuomo:

• The proposal would require companies that collect data on a large number of New Yorkers to disclose the purposes of the collection and only collect what is needed for those purposes.
• Cuomo's proposal would also protect sensitive categories of personal data including health, biometric, and location data.
• It would also create strong enforcement mechanisms to hold companies accountable for the illegal use of consumer data.

More:

• Clearview AI scrapes photos from the internet, uses algorithms to search those photos, and sells its service to law enforcement, including the Royal Canadian Mounted Police.  
• The Canadian agencies that investigated Clearview AI's practices included the Office of the Privacy Commissioner of Canada, the Commission d'accès à l'information du Québec, the Office of the Information and Privacy Commissioner for British Columbia, and the Office of the Information and Privacy Commissioner of Alberta.
• In response to the ruling, Clearview AI has stopped offering its facial recognition services to Canadian clients and collecting images of individuals in Canada, and it deleted previously collected images and biometric facial arrays of individuals in Canada.
• Last year, Clearview AI agreed to stop selling its facial recognition service to private companies. 

More from DHS:

• AppCensus is the first of six startups to get a phase 1 award under DHS's Silicon Valley Innovation Program (SVIP) Emerging Needs: COVID-19 Response & Future Mitigation solicitation.
• With the funding, AppCensus will adapt its platform to develop an on-demand, automated mobile-app testing system for publicly available Android and iOS contact tracing apps.
• AppCensus will also provide a free public microsite with results of the digital contact tracing app security and privacy testing.

• The Virginia legislature is expected to approve this week the Virginia Consumer Data Protection Act, which has similar provisions to the California Consumer Privacy Act.
• The Electronic Frontier Foundation is urging President Biden to abandon efforts by the previous administration to require a law-enforcement backdoor in encryption products.
• Security researchers are alleging that Facebook Messenger and Instagram collected and used data from link previews in a way that violated the EU's ePrivacy Directive.
• An IRS lawsuit against James Harper could have implications for the privacy rights of cryptocurrency users.
• Here's a useful resource for privacy practitioners—Danielle Keats Citron and Daniel J. Solove on more clearly defining privacy harms.
• WireWheel, an Arlington, Va.-based data privacy startup, has raised $19.3M in venture funding led by ForgePoint Capital.
• LiveRamp has agreed to acquire DataFleets, a startup that uses the cloud to securely merge and analyze data while protecting privacy, for $68M.