The auto-complete function is not prohibited by GDPR, says the Danish data protection authority. The search function suggested certain search suggestions automatically including the complainant’s name.  The purpose of the function was to offer a better service to citizens. The municipality also stated that when a user performs a search only the entered keyword is stored in the search engine.  All keywords are stored as simple text strings, so it is basically impossible for the…

“Regulators ordered China’s app developers and third-party service providers to halt illegal collection and use of personal data in a sweep targeting some of the country’s largest apps,” reports TechNode.com. “The latest crackdown signals the government’s determination to clean up unauthorized data collection from any and every company violating data privacy laws, particularly bigger players.” “The platforms have until Nov. 10 to carry out self-inspections and make changes.” Authorities will take action against non-compliant apps…

In a complaint, the Federal Trade Commission alleges that between January 2017 and October 2018, RagingWire Data Centers, Inc. claimed in its online privacy policy that the company participated in the Privacy Shield framework and complied with the program’s requirements, even though it had allowed its certification to lapse in January 2018. The Department of Commerce warned Raging Wire twice to either remove the claims or take steps to recertify its participation in the Privacy…

Information and Privacy Ombudspersons and Commissioners from across Canada are urging their governments to modernize access to information and privacy laws some of which have not been updated in 35 years. Their joint resolution calls for: a legislative framework to ensure the responsible development and use of artificial intelligence and machine learning technologies all public and private sector entities engaged in handling personal information to be subject to privacy laws enforcement powers, such as legislating…

Democratic U.S. Reps. Anna Eshoo and Zoe Lofgren have announced the Online Privacy Act, a proposal that would create a federal enforcement agency to protect privacy rights. “The bill proposes the creation of the Digital Privacy Agency (DPA) that would have the power to enforce privacy rights for users and make sure companies follow the law. The independent agency would be funded for up to 1,600 employees and could impose damages up to the same…

The Information Commissioner of the Isle of Man has issued guidance on “accountability” under GDPR. Key takeaways: You need to develop, embed and maintain a culture of data protection in your processing activities, with compliance demonstrably supported from the top. All processing of personal data should be subject to overview, governance and demonstrable compliance. Key components: Effective data protection policies and procedures, in particular regarding security arrangements Records of processing activities Ongoing review and testing…

Do the draft CCPA Regulations make a big difference in compliance costs where it comes to privacy notices? Standardized Regulatory Impact Assessment (SRIA) of the economic impact of the draft CCPA Regulations says – maybe not. The SRIA issued together with the draft regs does not see any incremental economic impact to the regulations’ provisions on privacy notices, stating that the proposed requirements are what businesses would likely do anyway. “Because notification requirements are required…