After a list of modifications passed the California congress this past week, the state’s consumer data privacy law is now stronger and more specific than ever. In other data privacy legislative news, the state of New Mexico is suing Google over a potential violation of children’s privacy law. Read on for this week’s data privacy recap.
CCPA Updated with Modifications
The California Consumer Privacy Act (CCPA) was reportedly updated with some pretty exciting modifications this week. While the legislation was enacted on January 1, the California Congress is still working to strengthen the bill. One key modification, for example, clarifies the definition of “personal information.” If a data point can be linked to a consumer or household, it fits the classification. In addition, some more details have been added in regards to submitting data download and deletion requests. We also have more details on how businesses must make present the opt-out feature on their sites. The law now specifies that “… a business shall not utilize a method that is designed with the purpose or substantial effect of subverting or impairing a consumer’s decision to opt-out.” These additions, along with several others, ought to be encouraged and appreciated. They’re all important stepping stones on the road to making the CCPA completely effective.
New Mexico Sues Google Over Children’s Data Privacy
Alleging that Google improperly gathers students’ personal data and tracks their online behavior, the state of New Mexico is suing the company in a federal case. This information includes physical location, search terms, voice recordings, browsing history, and other personal information. Many of these students use the G Suite for Education, which offers its calendar, docs, and email products for school purposes. The ways in which these products inherently collect data, however, runs the risk of violating the Children’s Online Privacy Protection Act (COPPA). This federal regulation requires providers to get verifiable parental consent before collecting data of users younger than 13. “Tracking student data without parental consent is not only illegal, it is dangerous, and my office will hold any company accountable who compromises the safety of New Mexican children,” said New Mexico Attorney General Hector Balderas.
MGM Hack Exposes Data of 10 Million
A massive data breach hit MGM Resorts this week, affecting more than 10 Million past guests. News of the hack came this past website, after a post surfaced on the website ZDNet. According to the post, breached data included full names, birthdates, addresses, email addresses and phone numbers. Fortunately, financial records weren’t exposed in the security lapse. “We are confident that no financial, payment card or password data was involved in this matter. MGM Resorts promptly notified guests potentially impacted by this incident in accordance with applicable state laws,” a spokesperson said. Interestingly enough, however, celebrities like Twitter CEO Jack Dorsey and pop star Justin Bieber were included on the list. As were members of the Department of Homeland Security, the Justice Department, the FBI and the Transportation Security Administration.
Google Users in UK to Lose EU Data Protection
In an alarming update this week, Google announced plans to move its British users’ accounts out of the control of European Union privacy regulators. They’d like to house this user information in the United States’ jurisdiction instead, effectively evading the strict GDPR regulations. The decision essentially strips protection from tens of millions and puts it within easier reach of British law enforcement. This data was formerly housed in Ireland, but since Ireland decided to stay in the EU, the country remains under the jurisdiction of the GDPR. The United States currently has among the weakest privacy protections of any major country, lacking a national form of privacy legislation. In the coming months, other large U.S. tech companies will have to make similar choices. Despite the potentially harmful optics of this kind of maneuver, many companies may follow suit to avoid compliance.
…
What do you think was the most important data story of the week? Reach out to us on social media and let us know.