|
|
 |
Social media companies have a responsibility to avoid presenting choices to users, especially children, in an unfair manner…
- Anu Talus, chair of the European Data Protection Board
|
|
Welcome to Snippets—Google's landmark antitrust trial is officially underway, and the role of data in the company's search engine monopoly is one of the case's key questions 🌐
Plus, privacy law in California had a big week. SB 362, otherwise known as The Delete Act, passed both houses and is now waiting on the governor's signature, and a judge blocked the California Age-Appropriate Design Code Act on grounds it may violate the constitution.
TikTok received a $368 million fine for violating GDPR, Microsoft experienced a significant data breach, and the FTC released a statement urging businesses to ensure clear separation between their ads and other online content.
|
|
|
|
|
Google's monopoly trial zeroes in on data
|
 |
|
Michael A. McCoy for The New York Times
|
As U.S. et al. v. Google, the modern era’s first internet monopoly trial, moves through its first week, a key question has emerged—is Google’s market dominance the result of anticompetitive behavior or advanced technical innovation?
|
- The role, use, and power of data has taken center stage, as lawyers from both sides make their case.
- According to the Justice Department, Google pressured companies like Apple, Samsung, and Mozilla into preferential partnerships—helping the search engine amass huge quantities of data, while limiting data flow to competitors.
- Google’s lawyers argue the company gained and retained its market position through aggressive technical innovation, winning partner contracts due to higher quality search results and consumer benefits like lower cost smartphones.
- The trial is set to last for 10 weeks, with evidence that includes emails between senior Google executives and testimony from computer scientists and a Verizon executive.
|
|
|
|
|
|
|
Join hundreds of your peers in the Privacy Pulse community
|
|
Privacy Pulse is an invite-only community where privacy professionals can crowdsource solutions to their biggest challenges, share or find a new role, and expand their professional network.
To make sure our community is valuable, thriving, and safe, we ask that everyone submit a brief application to join. All applications will be reviewed within 24 hours.
|
|
|
|
|
|
|
|
CA’s Delete Act takes aim at data brokers
|
 |
|
Tayfun Coskun/Anadolu Agency via Getty Images
|
The Delete Act, a “one stop shop” meant to help consumers delete personal data held by data brokers and limit future collection and sale, has passed both houses of California’s state legislature.
|
- If signed by Governor Gavin Newsom, the Delete Act would compel the California Privacy Protection Agency (CPPA) to set up a website where individuals can request that data brokers delete all their personal data and opt-out of future data collection.
- Lawmakers have compared the bill’s requirements to the Federal Trade Commission's “do not call” list for telemarketers.
- Though California already regulates data brokers, the Delete Act would require greater transparency from these organizations, as well as give the state stronger enforcement mechanisms.
|
|
|
|
|
|
|
|
TikTok receives $369M fine from Irish DPC
|
 |
|
AP Photo/Matt Slocum, File
|
TikTok was fined $368 million by European regulators for failing to protect children's privacy, marking the first time the app has been penalized under Europe's General Data Protection Regulation (GDPR).
|
- The fine was imposed by Ireland’s Data Protection Commission, which found that TikTok's sign-up process for teens led to public accounts by default—posing a risk to kids under 13.
- The regulator also argued the "family pairing" feature wasn't strict enough, allowing adults to enable direct messaging for 16 and 17 year olds without consent.
- TikTok disagreed with the court’s decision in a public statement, citing privacy setting changes made before the investigation began.
- Outside of this ruling, TikTok is also involved in a separate investigation regarding whether the company's transfer of users’ personal information to China complies with GDPR.
|
|
|
|
|
|
|
|
- An FTC statement urges a clear separation between businesses' online ads and content.
- Apple's iOS 17 sports enhanced security features, including advanced Lockdown Mode for Apple Watch and encrypted passkey sharing.
- BNSF Railway opted to settle a biometric privacy lawsuit after a judge annulled a $228 million verdict.
- Andrew Keen interviews Kashmir Hill about her recent book "Your Face Belongs to Us."
- Hunter Biden sues the IRS claiming agents unlawfully disclosed his tax details.
|
|
|
|
|
|
Microsoft's AI unit exposes sensitive data
|
 |
|
Getty Images
|
Microsoft's AI researchers inadvertently exposed tens of terabytes of sensitive data, including private keys and passwords, while sharing open-source training data on GitHub.
|
- Cloud security startup Wiz discovered the vulnerability, noting it was due to an overly permissive shared access signature (SAS) token in the Azure Storage URL.
- The exposed data included 38 terabytes of sensitive information, including backups of two employees' computers, passwords, and over 30,000 internal Microsoft Teams messages.
- In response, Microsoft revoked the misconfigured SAS token and expanded GitHub’s secret spanning service to monitor all public open-source code changes for plaintext exposure of credentials.
|
|
|
|
|
|
|
|
Judge blocks California's child online safety law
|
 |
|
Tayfun Coskun / Anadolu Agency via Getty Images
|
A federal judge has blocked the California Age-Appropriate Design Code Act (CAADCA), a law aimed at implementing stronger data safeguards for minors online, stating it may violate the First Amendment.
|
- Judge Beth Freeman granted a preliminary injunction to tech industry group NetChoice, indicating the law's provisions may not pass constitutional scrutiny.
- Freeman took issue with several of the law’s provisions, including the requirement for sites to estimate visitors' ages, which could involve invasive technology like face scans.
- The judge also argued the law's alternative option, applying data collection standards for minors to all users, may inhibit free speech by overstepping the law’s intent.
|
|
|
|
|
|
|
Trade your legacy privacy platform for Transcend
|
|
Seen by many as lacking true automation and offering minimal support, we've heard legacy privacy platforms lead to time consuming manual workflows and implementations that drag on for months.
Read this guide to learn how gaps in legacy privacy platforms may leave your company vulnerable, why automated full-stack consent is key to compliance, and how a Fortune 500 company implemented Transcend Consent in just three weeks.
|
|
|
|
|
|
|
|
|
Snippets is delivered to your inbox every Thursday morning by Transcend. We're the platform that helps companies put privacy on autopilot by making it easy to encode privacy across an entire tech stack. Learn more.
|
|
|
|
You received this email because you subscribed to Snippets. Did someone forward this email to you? Head over to Transcend to get your very own free subscription! Curated in San Francisco by Transcend.
|
|
|
|
|
|
