|
|
 |
No one should have to live in fear that their conversations with their doctor [...] might be used to target or track them...
- Melanie Fontes Rainer, Office for Civil Rights
|
|
|
Welcome to Snippets! The Biden administration was busy this week—passing the bill that could ban TikTok if ByteDance doesn't divest within a year and updating HIPAA's enforcement rules to better protect the health data of women seeking legal abortions.
Plus, Colorado updated their privacy law to include neural data, the Mozilla Foundation gave dating apps a failing grade on privacy again, the UK's data regulator raised serious concerns with Google's Privacy Sandbox, and more.
|
|
|
|
|
TikTok ban bill passed
|
 |
|
Cath Virginia / The Verge | Photo from Getty Images
|
A bill that would ban TikTok in the US, if China-based parent company ByteDance doesn't divest the app within a year, was signed by President Biden as part of a larger foreign aid package.
|
- The bill gives ByteDance a nine-month initial period to divest TikTok, extendable by another three months with substantial progress towards a sale.
- Political maneuvering in Congress facilitated the bill's passage, including combining it with foreign aid measures and extending the divestment timeline from six to twelve months.
- TikTok has confirmed it will contest the law in court, amid lingering uncertainties about China's willingness to allow the sale of TikTok's lucrative algorithm.
|
|
|
|
|
|
|
🎪 Join Transcend at the 2024 RSA Conference!
|
|
This year, Transcend is excited to be exhibiting, offering live demos, joining the Microsoft for Startups activation, and of course, learning more about how best to solve privacy and security professionals' greatest challenges!
Check out our recent guide to learn where to find us, plus how to grab some goodies to take home.
|
|
|
|
|
|
|
|
Biden moves to restrict access to abortion records
|
 |
|
Photo: Saul Loeb/AFP via Getty Images
|
On Monday, the Biden Administration tightened Federal rules around health data in an effort to grant stronger privacy protections to women seeking abortions in states where the procedure is legal.
|
- Under the new rules, health providers are prohibited from disclosing protected health data related to reproductive care to state officials.
- Nineteen state attorneys general objected to this mandate last year, claiming it undercuts state authority by transferring the right to determine the legality of the abortion to providers and insurers.
- The rule will still not protect patients seeking care in states where abortion is banned, unless they meet the often narrow exceptions granted by that state.
|
|
|
|
|
|
|
|
Colorado’s privacy law modified to include neural data
|
 |
|
Winni Wintermeyer for The New York Times
|
As brain activity monitoring becomes increasingly common in services like meditation apps and certain treatments for depression, Colorado has modified the state's privacy law to protect this type of data.
|
- Passed by a resounding majority, the bill expands the definition of sensitive data to include neural information generated by the brain, spinal cord, and nervous system.
- Neural data will now have the same protections as biometric data under the Colorado Privacy Act, which gives consumers the right to delete, correct, and opt out of the sale or sharing of their data for targeted advertising.
- Experts note the law’s somewhat limited scope, as it only applies to use of neural data for identification purposes—not covering other purposes like decoding thoughts, feelings, and emotions.
|
|
|
|
|
|
|
|
- How AI is forcing change in corporate boardrooms.
- Biden signs Section 702 reauthorization after near-lapse.
- Privacy suits citing wiretapping violations are on the rise.
- Digital ad kiosks in downtown Seattle raise privacy concerns.
- Dutch DPA asks government to stop using Facebook.
|
|
|
|
|
|
Privacy not included for dating apps, again
|
 |
|
|
Dating apps were labeled 'Privacy Not Included' once again following the Mozilla Foundation’s second analysis and review—this time with the asterisk that privacy has actually gotten worse in dating apps since the initial study in 2021.
|
- Of the 25 apps Mozilla studied, 22 were found to misuse sensitive data like religion, sexuality, location, and biometrics—often selling this data to third parties.
- 52% of the apps failed to meet Mozilla’s Minimum Security Standards and many have been hit by massive data breaches.
- AI integrations have only exacerbated the problem, which is reflected by the FTC’s 2022 complaint against OkCupid for using user images to train facial recognition software without consent.
|
|
|
|
|
|
|
|
ICO raises red flags for Google’s Privacy Sandbox
|
 |
|
|
The UK's Information Commissioner’s Office (ICO) has raised significant concerns about Google's Privacy Sandbox, highlighting privacy gaps within the proposed alternative to third-party cookies.
|
- The ICO discovered loopholes in Google’s Privacy Sandbox that could be exploited for user tracking, contradicting the initiative's goal of curbing online tracking while maintaining internet openness.
- The ICO is urging Google to strengthen privacy protections in Privacy Sandbox and has shared its concerns with the Competition and Markets Authority (CMA).
- Amid ongoing scrutiny over its dominant market position, Google reaffirmed its commitment to collaborating with regulators to find a balance between user privacy and digital ecosystem sustainability.
|
|
|
|
|
|
|
Key insights from Cerebral's $7M FTC settlement 💸
|
|
Non-compliant consent management is at the heart of many of the FTC’s recent enforcement actions—and it’s no wonder.
The idea is simple in theory: honor consumer consent preferences across all your digital properties. But in practice, complexities abound, leading to significant challenges for companies in this space.
Read our latest guide to learn consent management best practices, plus key compliance strategies for telehealth providers.
|
|
|
|
|
|
|
|
|
Snippets is delivered to your inbox every Thursday morning by Transcend. We're the platform that helps companies put privacy on autopilot by making it easy to encode privacy across an entire tech stack. Learn more.
|
|
|
|
You received this email because you subscribed to Snippets. Did someone forward this email to you? Head over to Transcend to get your very own free subscription! Curated in San Francisco by Transcend.
|
|
