Blog + News
Privacy News Roundup – February 16, 2022
United States News
Incentives programs violate the California Consumer Privacy Act (CCPA)
The California Attorney General sent notices to major corporations in the retail and food services industries alleging the operation of their loyalty programs violated the CCPA.
The CCPA requires businesses to provide a notice to customers before they opt in to incentives such as discounts, free items, and rewards in exchange for personal information. The notice must clearly describe the material terms of the program.
Minnesota Congressman urges Secretary of Education to update student privacy laws
Congressman Emmer (R-MN) sent a letter to the Secretary of Education asking the Department of Education what their approach is to modernize student data privacy.
The letter asks the department to address their awareness of student data being shared with vendors and whether parents and students are able to opt-out of information sharing. With the rise of online learning, the current FERPA law does not cover the modern state of students’ data protection.
US Treasury reconsidering use of biometric technology to access tax records
The U.S. Treasury is looking for alternatives to facial-recognition for online taxpayer verification after privacy concerns were raised.
This comes after the IRS announced in November 2021 that it would transition to identity verification using ID.me technology for accessing online services for tax records. The technology would require the user to take a selfie to create an ID.me profile account to be used for facial recognition.
Indiana edges closer to passing a consumer privacy law
SB 358, mirrored after Virginia’s Consumer Data Protection Act, was advanced by Indiana’s Senate Commerce and Technology Committee with a favorable recommendation, edging Indiana closer to being the next state to pass a consumer privacy law.
The new bill also includes a definition of "child" covering minors 13 and under, the ability to use de-identified data, and no retroactivity for violations that took place before the bill’s effective date of January 1, 2024.
Two claims in a class action against Google are dismissed by US federal judge
In Anibal Rodrigues, et al. v. Google LLC, a proposed class action against Google, two claims for breach of contract were dismissed in the US Northern District of California.
The plaintiff turned off Google’s “Web & App Activity” (WAA) feature, but Google continued to collect her data. However, the judge held that such an expectation is not enough to cause a contract. The case centers around Google’s WAA feature which allows users to control whether data related to their Google activity can be saved in their Google account.
NIST releases guidelines for conducting assessments of security and privacy controls
INDIVIDUAL ARTICLE DISCLAIMER: