Category: News

Posted on

Brazilian DPA Enacts Regulation on the Setting and Application of Administrative Penalties Under the Brazilian General Data Protection Law

includes the methodology for calculating fines and determining other administrative penalties under the LGPD, such as public disclosure of the infringement and suspension of data processing activities..

Fines can be up to 2% of the annual turnover of the data controller or processor, limited to BRL 50 million per infringement. (approx. 8.8 mEUR)

https://www.huntonprivacyblog.com/2023/03/23/brazilian-dpa-enacts-regulation-on-the-setting-and-application-of-administrative-penalties-under-the-brazilian-general-data-protection-law/

full report at
https://www.bmalaw.com.br/en-US/conteudo/protecao-de-dados-tecnologia-e-negocios-digitais/special-report-regulation-on-the-setting-and-application-of-administrative-penalties-under-the-lgpd

Posted on

Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations – Initial public draft of NIST AI 100-2 (2003 edition)

The initial public draft of NIST AI 100-2 (2003 edition), Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations, is now available for public comment.
https://csrc.nist.gov/publications/detail/white-paper/2023/03/08/adversarial-machine-learning-taxonomy-and-terminology/draft

NIST is specifically interested in comments on and recommendations for the following topics:

  • What are the latest attacks that threaten the existing landscape of AI models?
  • What are the latest mitigations that are likely to withstand the test of time?
  • What are the latest trends in AI technologies that promise to transform the industry/society? What potential vulnerabilities do they come with? What promising mitigations may be developed for them?
  • Is there new terminology that needs standardization?
Posted on

FTC/GoodRX – Latest FTC Health Privacy Case Sheds Light on Agency Health Privacy Approaches

https://www.bakerdatacounsel.com/ftc/latest-ftc-health-privacy-case-sheds-light-agency-health-privacy-approaches/

HBNR

“The complaint also alleges that until early 2020, GoodRx did not have “sufficient or formal compliance programs for reviewing and approving all data sharing requests or third-party tracking tool integrations. It also had no policies or procedures for notifying users of breaches of their personal and health information.”

Posted on

EDPB adopts final report of outcome of the cookie banner task force

“[..] the EDPB adopted a report on the work undertaken by the Cookie Banner Task Force, which was established in September 2021 to coordinate the response to complaints concerning cookie banners filed with several EEA DPAs by NGO NOYB. The Task Force aimed to promote cooperation, information sharing and best practices between the DPAs, which was instrumental in ensuring a consistent approach to cookie banners across the EEA. In the report, the DPAs agreed upon a common denominator in their interpretation of the applicable provisions of the ePrivacy Directive and of the GDPR, on issues such as reject buttons, pre-ticked boxes, banner design, or withdraw icons.”

Topics covered

  • No Reject button on the first layer
  • Pre-ticked boxes
  • Deceptive “Link Design”
  • Deceptive button colors and Deceptive button contrast
  • Legitimate interest claimed, list of purposes
  • Inaccurately classified “essential” cookies
  • No withdraw icon

from EDPB announcement at https://edpb.europa.eu/news/news/2023/edpb-determines-privacy-recommendations-use-cloud-services-public-sector-adopts_en

CNIL statement (in English): https://www.cnil.fr/en/edpb-adopts-final-report-outcome-cookie-banner-task-force

Cookie Banner Task force Report: https://edpb.europa.eu/system/files/2023-01/edpb_20230118_report_cookie_banner_taskforce_en.pdf