Tag archives: Privacy

NT Analyzer: Does your app track users that opted-out of tracking?

Photo of Steve Roosa (US)Photo of Daniel Rosenzweig (US)By NRF Digital Team, Steve Roosa (US) and Daniel Rosenzweig (US) on Posted in NT Analyzer Blog Series
NT AnalyzerA transparency-focused privacy software company confirms that some apps are continuing to transmit data despite some users having opted-out of “tracking.” The study tested 10 popular apps and discovered that some continue to track even though those users have “ask[ed] app not to track” when presented with the ATT pop-up. Read Steve Roosa and Daniel … Continue reading

Navigating Virginia’s new privacy law

Photo of Steve Roosa (US)Photo of Daniel Rosenzweig (US)By Steve Roosa (US) and Daniel Rosenzweig (US) on Posted in NT Analyzer Blog Series
NT Analyzer blog series, cookieVirginia recently enacted its own data protection/privacy law and like its European and Californian predecessors, the technical piece is key. Like the GDPR and CCPA, the Consumer Data Protection Act (“CDPA”), which goes into effect on January 1, 2023, broadly defines “personal data” as “any information that is linked or reasonably linkable to an identified … Continue reading

Virginia’s new Consumer Data Protection Act

Photo of David Kessler (US)Photo of Susan Ross (US)By David Kessler (US) and Susan Ross (US) on Posted in Compliance and risk management
On March 2, 2021, the Governor of the Commonwealth of Virginia signed into law the Consumer Data Protection Act, which contains many elements of California’s Consumer Privacy Act (CCPA) and Europe’s General Data Protection Regulation (GDPR). The new law goes into effect on January 1, 2023. But first, you need to determine whether the law … Continue reading

US banking regulators propose a rule for 36-hour notice of breach

Photo of David Kessler (US)Photo of Susan Ross (US)By David Kessler (US) and Susan Ross (US) on Posted in Data breach
US banking regulators propose a rule for 36-hour notice of breachOn December 18, 2020, the US Department of the Treasury (Office of the Comptroller of the Currency), Federal Reserve and Federal Deposit Insurance Corporation (FDIC) jointly announced a 53-page proposed rule that would require banks to notify their regulators within 36 hours of a “computer-security incident” that rises to the level of a “notification incident.” … Continue reading

NT Analyzer Webinar: Solving Apple’s new app privacy requirement

By NRF Digital Team on Posted in Cybersecurity, NT Analyzer Blog Series, Vendor management and transactions
Solving Apple's New App Privacy RequirementPlease join us for an NT Analyzer Webinar, Solving Apple’s new app privacy requirement. Head of NRF Digital Analytics and Technology Assessment Platform for the US Steven Roosa and Associate Dan Rosenzweig as they walk through the upcoming Apple requirements, and showcase the NT Analyzer Apple dashboard solution.… Continue reading

Germany’s Federal Supreme Court provisionally confirms Facebook’s use of personal data is alleged abuse of dominant market position

Photo of Christoph Ritzer (DE)Photo of Tim SchaperBy Christoph Ritzer (DE) and Tim Schaper on Posted in Cybersecurity
Facebook’s extensive collection of user-related data must be put on hold in Germany for the time being following a decision of Germany’s Federal Supreme Court on June 23, 2020. In summary proceedings, the Federal Supreme Court overturned an earlier order of the Higher Regional Court of Düsseldorf that – pending the outcome of an appeal … Continue reading

Mic Drop: California AG releases long-awaited CCPA Rulemaking

Photo of David Kessler (US)Photo of Jeewon Kim Serrato (US)Photo of Susan Ross (US)Photo of Anna Rudawski (US)Photo of Max Kellogg (US)By David Kessler (US), Jeewon Kim Serrato (US), Susan Ross (US), Anna Rudawski (US) and Max Kellogg (US) on Posted in CCPA, Compliance and risk management
Data Protection Report - digital privacy, CCPA and cybersecurityOn October 10, 2019, with just weeks to go until the law goes into effect, the California Attorney General released the long-awaited draft regulations for the California Consumer Privacy Act (CCPA). The proposed rules shed light on how the California AG is interpreting and will be enforcing key sections of the CCPA.  In the press … Continue reading

Turkey’s data protection legislation on data controller registry to impact data controllers outside of Turkey

Photo of Ekin Inal (TR)By Ekin Inal (TR) on Posted in Regulatory response
Norton Rose Fulbright - Data Protection Report blogObligations Turkey’s data protection legislation (TDPL) requires data controllers to notify the Turkish DPA of their processing activities. Unless exempt from the requirement, all data controllers (individuals and legal entities) who process personal data in Turkey must be registered with the Turkish DPA’s Register of Data Controllers Information System (VERBİS), prior to processing any personal … Continue reading

One-Month Countdown to Pass CCPA Amendments Begins

Photo of Jeewon Kim Serrato (US)Photo of Susan Ross (US)By Jeewon Kim Serrato (US) and Susan Ross (US) on Posted in CCPA, Compliance and risk management, Enforcement
Data Protection Report - Norton Rose FulbrightOn August 12, the California legislature returns after its summer recess. Starting with the Senate Appropriations Committee Hearing today, the legislature will now have approximately a month to continue the markups and send California Consumer Privacy Act (CCPA) amendments to the Governor’s desk for signature before the September 13 deadline.  As previously reported, any amendment … Continue reading

New CNIL €400,000 fine for data security breaches and non-compliance with data retention period under the GDPR

Photo of Nadège Martin (FR)Photo of Nilofar Moini Shabestari (FR)By Nadège Martin (FR) and Nilofar Moini Shabestari (FR) on Posted in Data breach, Enforcement
Data Protection Report - Norton Rose FulbrightFollowing the now famous €50m fine imposed on Google LLC in January 2019,[1] the French Data Protection Authority (the CNIL) published a decision taken on 28 May 2019[2] imposing a fine of €400,000 on SERGIC, a company specialised in real estate development, purchase, sale, rental and property management.… Continue reading

NT Analyzer Blog Series: Why So Many Cookie Policies Are Broken, Part I – HTML5 LocalStorage

Photo of Steve Roosa (US)By Steve Roosa (US) on Posted in Compliance and risk management, Data breach, NT Analyzer Blog Series
NT Analyzer blog series, cookieCookies Are One Piece of a Larger Puzzle There has been an odd preoccupation with cookies for some time now—to the exclusion of other forms of browser tracking, some of which are much more flexible and more robust in their data collection capabilities than cookies.  Despite this fact, these other, non-cookie tracking technologies are often … Continue reading

ICO’s draft Age Appropriate Design Code could seriously impact processing of under 18’s personal data

Photo of Fiona Bundy-Clarke (UK)By Fiona Bundy-Clarke (UK) on Posted in Regulatory response
Data Protection Report - digital privacy, CCPA and cybersecurityOn 15 April 2019, the ICO opened a public consultation on a draft code of practice titled Age Appropriate Design (the “Code”).  The Code will remain open for public consultation until 31 May 2019. The consultation document is described as a “code of practice for online services likely to be accessed by children.”  However, its … Continue reading

Parenting support club Bounty fined in ‘unprecedented’ data breach

Photo of Lara White (UK)By Lara White (UK) on Posted in Enforcement
Norton Rose Fulbright - Data Protection Report blogOn 12 April, the Information Commissioners Office (ICO) fined Bounty, a pregnancy and parent support club, £400,000 for illegally sharing personal data belonging to more than 14 million people. As the contravention took place just before the General Data Protection Regulation (GDPR) came into force, the fine was issued under the Data Protection Act 1998 … Continue reading
LexBlog