|
|
 |
Cybercriminals are likely gaining access to compromised US and foreign government email addresses."
— An FBI advisory warns against false emergency police data access requests.
|
|
Welcome to this week's Snippets, and as the dust settles on the U.S. election we look at the implications for U.S. privacy policy and regulation, plus movement on California's DELETE Act, and more.
P.S: Snippets is on an extended Thanksgiving vacation for the next two weeks, but we'll be back with your weekly roundup of privacy news and developments in December.
And one last thing—don't miss our livestream next Friday November 22, as we unpack the impact of the Trump administration on U.S. privacy, and what's ahead on the state front. Register now.
|
|
|
|
|
How does a second Trump term impact privacy regulation?
|
 |
|
|
Donald Trump’s election to a second presidential term has prompted a shift in the American privacy outlook. The effects could be seen in the undoing of some Presidential actions taken under the Biden Administration, changes to regulatory agency purview, and a new philosophy on AI governance and a potential federal privacy law.
|
- Trump has promised to revoke the Biden Administration’s executive order on AI. But the changes are more likely to reflect his political stance rather than to be a sweeping overhaul.
- Policy priorities will become clear after nominations for key roles in the White House and the Executive Office of the President. But the bipartisan support for cross-border data transfers and restrictions on adversarial nations suggest digital trade won’t be overhauled.
- Watch this space: changes to agency leadership, including the Consumer Financial Protection Bureau (CFPB), may impact policy. That could include the open-banking rule, which currently faces stiff resistance from the private sector.
- The FTC could be particularly hindered by opposition to several proposed rules, including commercial surveillance, AI controls, and social media regulation.
|
|
|
|
|
|
|
What's next for U.S. privacy under Trump?
|
|
With a Republican trifecta in DC, and with states starting to signal what's on their 2025 agenda, we're convening a special livestream to dig into what privacy teams across disciplines can expect in the coming year.
|
|
|
|
|
|
|
|
CPPA to investigate broker compliance with DELETE Act
|
 |
|
|
The California Privacy Protection Agency’s (CPPA) Enforcement Division has launched an investigation into data brokers to take action against those who are non-compliant with the DELETE Act.
Under the law, data brokers are required to register with the CPPA and pay an annual fee.
|
- Registered brokers are also required to report the number and time to process consumer deletion requests, disclose if they gather minor, reproductive health and geolocation data, and provide a link on their website informing consumers of their privacy rights.
- Businesses in violation will be required to cough up $200 per day, with Michael Macko, CPPA’s head of enforcement, saying that the fines would increase with each passing day.
|
|
|
|
|
|
|
|
FBI warns against false emergency police requests for customer data
|
 |
|
|
The FBI has issued a warning to US-based companies against hackers posing as government entities and requesting emergency data requests. In a public notice, the agency said that the data they obtain is then often used to harass individuals and commit financial fraud.
|
- Emergency data requests help law enforcement agencies identify the source of threats that endanger individuals, but have been misused in recent years – a trend the FBI said has seen an uptick since August.
- Requests typically require a subpoena for basic information, such as account credentials, contact and location information. For more sensitive information like private files and correspondence, a search warrant issued by a US court is needed.
- But, court warrants are exempt in the event of emergencies, a privilege that criminals have taken advantage of to issue fraudulent legal demands, using compromised police and foreign government email accounts.
|
|
|
|
|
|
|
|
- The Biden administration to support controversial UN cybercrime convention.
- iPhones may have become harder for police and thieves to unlock.
- How network traffic analysis can strengthen privacy compliance.
- Siri, is my smart speaker listening to everything I say?
|
|
|
|
|
|
Google updates Customer Match policy to improve user privacy
|
 |
|
|
Google is instituting stronger privacy guardrails around its Customer Match feature, and has warned advertisers to drop their sense of entitlement and play by the rules.
|
- In response to mounting privacy regulations worldwide, Google has strengthened its own practices on how it allows advertisers to use personal data for targeting.
- Under the new rules, advertisers cannot use email addresses without obtaining and keeping record of user consent and cannot target minors and users who have opted out of targeting.
- Non-compliance can lead to an account suspension, with a warning issued seven days prior to such action, and to penalties being imposed on campaign performance.
|
|
|
|
|
|
|
|
CMA demands updated Privacy Sandbox commitment
|
 |
|
|
In its latest quarterly report on the Privacy Sandbox, the Competition and Markets Authority (CMA)—the UK’s competition regulator—has directed Google to update its Sandbox implementation commitments, owing to lingering antitrust concerns.
|
- While the new user choice mechanism restores power to the users, the CMA is concerned that advertisers may have to rely heavily on the Privacy Sandbox to target users who decline cookies, a sentiment almost unanimously echoed by publishers.
- The user choice mechanism itself is still under scrutiny for privacy issues by the UK’s Information Commissioner’s Office (ICO), which has been disappointed with the U-turn on third-party cookie deprecation.
- The issue adds to a pile of existing objections, including to Topics API, which the industry worries may not matter as much to Google, given the troves of first-party data that it owns.
|
|
|
|
|
|
|
Field CPO Ron De Jesus sits down with Max Schrems
|
|
In the second installment of this two-part episode of Transcend Field Trips, Ron De Jesus continues his conversation with Max Schrems—Austrian activist, lawyer, and author and Honorary Chair of noyb. They discuss the fragmented enforcement of privacy rights across Europe and the US, government and commercial surveillance, and the differences in how data protection is approached in both regions. They also discussed Max’s position on "pay-or-okay" data tracking, dark patterns, and the inconsistent regulation of privacy practices.
|
|
|
|
|
|
|
|
|
Snippets is delivered to your inbox every Thursday morning by Transcend. We're the platform that helps companies put privacy on autopilot by making it easy to encode privacy across an entire tech stack. Learn more.
|
|
|
|
You received this email because you subscribed to Snippets. Did someone forward this email to you? Head over to Transcend to get your very own free subscription Curated in San Francisco by Transcend.
|
|
|
|
|
|
