IAPP IAPP News – Page 9 – CyberSecurity Confabulation

CPPA, data broker reach settlement on ban through 2028

Posted 2 weeks ago by IAPP IAPP News

The California Privacy Protection Agency announced data broker Background Alert will cease operations through 2028 to settle Delete Act claims. The CPPA alleged noncompliance with data broker registration requirements while Background Alert "amassed billions of public records, drew inferences from those records to identify people who 'may somehow be associated with' a searched-for individual, and identified patterns to generate profiles about consumers." A breach of settlement terms may result in a USD50,000 fine.
Full story

First case on PIPL’s extraterritorial scope highlights key compliance priorities

Posted 2 weeks ago by IAPP IAPP News

A 2024 case emanating from the Guangzhou Internet Court represents the single example of the extraterritorial scope of China's Personal Information Protection Law, Tiang & Partners Partner Chiang Ling Li writes. The case involved a France-based international hotel group transferring the personal data of a Chinese citizen to a third party outside China without their consent, after which the hotel group was required to apologize and take other remedies. Ling Li said the case highlights "key compliance priorities for foreign companies doing business with or in China."
Full story

EDPB releases CSC work plan, report on information system statistics

Posted 2 weeks ago by IAPP IAPP News

The European Data Protection Board released the 2025-26 work program for the Coordinated Supervision Committee, with a focus on borders and migration, police and judicial cooperation, and a digital single market. It also published its annual report on the Schengen Information System Statistics for 2023.
Full story

Switzerland’s DPA releases English version of third-party cookie guide

Posted 2 weeks ago by IAPP IAPP News

Switzerland's Federal Data Protection and Information Commission released an English version of its guide on how to use cookies to process data. The guidelines aimed to show website operators and application providers how the agency will use federal and case law to carry out enforcement.
Full story

Netherlands’ DPA outlines regulatory approach

Posted 2 weeks ago by IAPP IAPP News

The Netherlands' data protection authority, the Autoriteit Persoonsgegevens, released its supervisory strategy for the upcoming years. The AP aims to conduct itself as a "social director," which will focus on harmful situations and choose the most effective way to intervene in them while keeping its fundamental values at the forefront.
Full story

How DPAs are trying to keep up with AI advances

Posted 2 weeks ago by IAPP IAPP News

The cascade of interest surrounding Chinese AI chatbot DeepSeek shows the challenges facing data protection authorities as they try to keep up with the fast-moving industry. IAPP Staff Writer Caitlin Andrews explores the various methods DPAs use to monitor the market as well as how media and consumer groups will continue to play an outsized role in alerting potential privacy problems.
Full story

US senator pushes for enforcement against tech companies’ use of personal data

Posted 2 weeks ago by IAPP IAPP News

U.S. Sen. Josh Hawley, R-Mo., said technology companies need to be held accountable for their use of individuals' personal data, NPR reports. Hawley said the government "should give every single American the right to go to court and to sue these companies when they violate our property rights, when they take (data) from us without our consent and without any form of compensation."
Full story

European Parliament releases report on legal conflicts between GDPR, AI Act

Posted 2 weeks ago by IAPP IAPP News

European Parliament's Research Service produced a report examining areas of legal conflict between the EU General Data Protection Regulation and the AI Act. The report noted one of the objectives of the AI Act is to mitigate discrimination and bias when using high-risk AI systems, but to accomplish this, "special categories of personal data" need to be processed based on a set of requirements to avoid discrimination. The executive summary states, however, "The GDPR â€¦ seems more restrictive in that respect" and claims additional reforms may be necessary.
Full story

Canada’s OPC to investigate X’s AI model training claims

Posted 2 weeks ago by IAPP IAPP News

According to a letter to New Democrat MP Brian Masse reviewed by CTV News, Privacy Commissioner of Canada Philippe Dufresne said his office will open an investigation into the social platform X regarding its alleged collection, use and disclosure of personal data to train an AI model. Masse had sought to see if X's practices place Canadians' "personal information in jeopardy," according to a letter he sent to Dufresne requesting the inquiry.
Full story

CJEU rules controllers must produce logic behind ADMT determinations

Posted 2 weeks ago by IAPP IAPP News

The Court of Justice of the European Union rendered a preliminary judgment in favor of requiring controllers to provide a data subject with the "procedure and principles" used by an automated decision-making tool. An Austrian court previously ruled the automated credit check of a mobile provider customer conducted by Dun & Bradstreet violated the EU General Data Protection Regulation when it failed to provide the customer with the "logic involved" in making its determination.
Full story