If your social media profile is public … do you really have an expectation of privacy in the information it contains? The United States’ Ninth Circuit Court of Appeals says … maybe not. In an interim decision in the HiQ vs LinkedIn case, on the permissibility of web-scraping public profiles, the court analyzed the privacy of public social media profiles. It upheld a lower court ruling  denying LinkedIn an injunction seeking to block HiQ’s access…

Some new guidance on obtaining consent under GDPR from Denmark: silence or a pre-ticked box are not enough a signature or an action can be enough it must be as easy to revoke as it is to give it That and other principles are included in the new detailed guidance on consent under GDPR from the Data Protection Authority of Denmark. Read my detailed analysis.…

To sell or to “disclose for a business purpose.” That is the CCPA question. “When asked, most companies state honestly they do not ‘sell’ customer data, but the CCPA defines the term in a surprisingly broad way that sweeps in any arrangement involving an exchange of value (‘consideration’) between the business and a third party or another business for the personal information. The definition of sale may expansively apply to disclosures to vendors that process…

Include de-identified personal information in your CCPA data mapping. “De-identification as a process can be quite complicated to execute with precision to ensure the privacy risk is completely eradicated. The old complications present in this process expand under the CCPA, as the dimensions of what is protected has expanded. Most privacy programs will require modification to accommodate the imposed requirements pertaining to California residents, such as protecting data inferences.” “Beyond the PI elements listed, companies…

The FTC is stepping up privacy enforcement – reports Bloomberg Law‘s Sara Merken. “The Federal Trade Commission is issuing specific data security requirements to companies as part of agency settlements, policing businesses more aggressively than before, attorneys and former staff said.” “Mandates in related consent orders, such as directing senior officers to provide annual compliance certifications to the FTC, go father than previous requirements and will likely reappear in future orders in settlements with other…

Click to accept – not always good enough, says the New Zealand Privacy Commissioner. Companies need to be fully transparent about their data processing practices and take steps to ensure that this is conveyed to the individuals. In the case of a “clicked consent,” the Commissioner will also check: Why the company believes that click actually conveys an authority to undertake the action. What research was done to establish the number of people who read…

Passports and biometric data would be included in the types of personal information covered by California’s data breach notification law, under a bill that passed the state Senate and is headed to Gov. Gavin Newsom. A.B. 1130 by Assemblyman Marc Levine (D) would also add taxpayer and military identification numbers, and other unique government identification numbers to the law, which has been in place since 2002.” ” California would join twelve other states that already…