|
|
"[I]ndividuals from all walks of life have no assurance that their information will receive the protection that federal law affords."
— Joint lawsuit againist the U.S. Treasury
|
|
|
Happy Thursday, and welcome back to Snippets đź‘‹ Here's what's been happening at the intersection of privacy and tech:
- AI chatbot DeepSeek's data collection practices and ties to China are fueling a frenzy of privacy concerns and regulatory action.
- Union groups are suing the US Treasury after the Department of Government Efficiency (DOGE) gained access to the payment system.
- Texas emerges as a leading enforcer of privacy laws following several high-profile cases, including one against Allstate Insurance.
- And so much more!
|
|
|
|
|
DeepSeek downloads soar despite privacy concerns
|
 |
|
|
DeepSeek, a Chinese AI chatbot, has become the most downloaded free app in the US, sparking privacy concerns (and a flurry of regulatory action) over the app's data collection practices.
|
- DeepSeek collects in-depth user data, including profile info, chat history, and keystroke patterns, all of which is stored on servers in China—raising concerns about government access.
- The app's use of biometric data, like keystroke patterns, could also expose users to identity theft and fraud, as biometric data cannot be reset or revoked.
- DeepSeek shares user information with third parties like Baidu and Volces, and its data is subject to potential misuse or exploitation, as cyberattacks increasingly targeting AI platforms.
- The app’s privacy policy also raises significant questions around data security, especially as user information could be accessed by the Chinese government.
|
|
|
|
|
|
|
Understand the latest US state privacy laws in seconds âś…
|
|
Nineteen US states have enacted comprehensive data privacy laws, imposing new obligations on companies that collect, process, or store consumer data, while also granting new data rights to state residents.
Stay up-to-date with the latest using the Transcend US State Privacy Law Tracker—a skimmable, searchable spreadsheet that breaks down the key differences across all 19 state privacy laws.
|
|
|
|
|
|
|
|
Coalition sues Treasury for DOGE access to payment system
|
 |
|
Alex Milan Tracy/Sipa USA via AP Images
|
Unions filed a joint lawsuit meant to prevent Elon Musk’s Department of Government Efficiency (DOGE) from gaining access to the Treasury Department’s payment system, citing an immediate and ongoing privacy breach that could affect millions of Americans.
|
- The Treasury’s Bureau of the Fiscal Service (BFS) processes over one billion US government transactions annually and has a massive cache of personal and financial data, including Social Security numbers and bank account information.
- The lawsuit emphasizes that the public did not consent to disclosing this personal data and that DOGE’s access violates the Privacy Act of 1974, as well as certain IRS statutes on taxpayer information.
- The plaintiffs also allege that Trump-appointed Treasury Secretary Scott Bessent bypassed key procedures, such as a public notice and comment period, when granting DOGE access to the data.
|
|
|
|
|
|
|
|
Texas emerges as a leading privacy enforcer
|
 |
|
|
Texas Attorney General Ken Paxton’s aggressive actions against companies allegedly violating the state’s privacy law has positioned his office as a leading privacy enforcer.
|
- Paxton’s recent lawsuit against Allstate, which accuses the insurer of collecting, selling, and profiting from geolocation and behavioral data of 45 million Americans without consent or disclosure, has only bolstered this reputation.
- The Allstate suit follows several other notable enforcement efforts, including the creation of a specialized enforcement team, the initiation of multiple investigations, and a slew of notifications to offending businesses.
- This move towards strict enforcement is setting new precedents for corporate accountability in Texas, requiring businesses to update privacy policies, obtain consent to process sensitive data, and honor opt-out requests.
|
|
|
|
|
|
|
|
- Microsoft is scrapping its privacy protection VPN.
- Google officially launches Gemini 2.0.
- Australia’s privacy commissioner warns about "digital doppelgangers."
- Meta’s new content moderation policy opens the door for hate speech.
- More details emerge on Google’s new user choice prompt.
|
|
|
|
|
|
Trump’s PCLOB shake-up threatens EU-US data transfers
|
 |
|
|
President Trump’s removal of all Democratic members from the Privacy and Civil Liberties Oversight Board (PCLOB) may disrupt the stability of EU-US data transfers.
|
- Trump fired the Democratic members of PCLOB in January, halting the board's work until replacements are appointed—a move that could potentially lead to the reinstatement of data transfer barriers between the two regions.
- One part of the PCLOB’s remit is ensuring US compliance with EU privacy standards, and its weakened effectiveness could lead to new legal challenges, especially from privacy advocates like Max Schrems.
- The tech industry’s alignment with Trump and his administration has only added complexity, as it raises the possibility of a repeal of Biden’s executive order affirming the 2023 EU-US data framework.
|
|
|
|
|
|
|
|
EU regulatory scrutiny intensifies despite drop in record fines
|
 |
|
|
In 2024, EU regulators issued fines totalling €1.2 billion ($1.26 billion) for privacy violations under the General Data Protection Regulation (GDPR), according to the GDPR Fines and Data Breach Survey by law firm DLA Piper.
|
- The Irish Data Protection Commission has led enforcement since the GDPR’s implementation, accounting for €3.5 billion ($3.7 billion) of the total fines issued since May 2018.
- Though 2024 recorded a 33% decrease in fines, the drop doesn’t represent a change in enforcement outlook—as the figure is largely skewed by Meta’s record-breaking €1.2 billion fine in 2023.
- The UK emerged as an outlier, issuing few fines in the last year—a reflection of Information Commissioner John Edwards’ stance that fines do little more than add to the bureaucracy.
|
|
|
|
|
|
|
IDC Spotlight: Unlocking the value of data through consent and preference management
|
|
In a recent IDC Spotlight, Ryan O’ Leary, Research Director at IDC, explores how changes in regulations and technology have created new challenges for companies trying to accurately manage consumer consent and preferences.
O’Leary notes that when a modern approach is taken the benefits are significant and delivered to teams across the business—from marketers building personalized campaigns to engineering teams seeking to simplify internal infrastructure and tooling.
|
|
|
|
|
|
|
|
|
Snippets is delivered to your inbox every Thursday morning by Transcend. We're the platform that helps companies put privacy on autopilot by making it easy to encode privacy across an entire tech stack. Learn more.
|
|
|
|
You received this email because you subscribed to Snippets. Did someone forward this email to you? Head over to Transcend to get your very own free subscription! Curated in San Francisco by Transcend.
|
|
|
|
|
|
