HIGHLIGHTS OF THIS ISSUE
- The privacy law tsunami
- 89% of ed-tech companies are doing what?
- Who's watering down privacy policies?
- I'll have a coffee, bagel, and a side of broken trust
The draft of the American Data Privacy and Protection Act (ADPPA) was recently released publicly, and has been described as “a tsunami that may yet make GDPR seem like a storm in a teacup.” Although it is not yet clear how likely it is that this act will be enacted into law, the release of this draft legislation is a promising step. Read the IAPP’s analysis on the ADPPA here.
In a recent analysis of distance learning apps, The Human Rights Watch found that over 89% of education apps and websites sent data gathered on children’s online behavior to ad-technology companies. The findings indicate that educational apps “frequently play fast and loose with children’s privacy and security in the pursuit of profit.” Read more about this brewing story and what The Human Rights Watch is suggesting as potential solutions here.
From the New York Times, read how “Nations are accelerating efforts to control data produced within their perimeters, disrupting the flow of what has become a kind of digital currency.” Over 50 nations have increased efforts to control the data produced by their citizens, and this trend is predicted to increase significantly in the near future.
With the influx of state-level data privacy laws across the country, it’s becoming increasingly clear that big tech companies are influencing data privacy legislation. From hiring lobbyists across the country, to drafting language that’s used in legislation, big tech’s fingerprints are all over privacy laws. Check out Tech Industry Groups Are Watering Down Attempts at Privacy Regulation, One State at a Time for more information.
Tim Hortons, beloved Canadian coffee shop, is in hot water after violating “Canadian privacy rules by tracking its customers’ movements with its mobile app even when the app wasn’t in use”. The original intent was to use this illegally collected data for marketing purposes, but that project was shelved in 2020. And yet, the data collection didn’t stop until the Canadian government took action on June 1st, 2022. Now, Tim Hortons plans to follow government directives on next steps to remediate this misstep. Learn more about the story here.
Many companies use MuleSoft Gateway to integrate and manage the data flows between various services, including SaaS applications, cloud infrastructure, and databases. And sometimes these data flows include sensitive customer data: PII, PCI, and PHI. With the new Skyflow Connector, companies can now use Skyflow’s Data Privacy Vault to ensure the privacy and security of sensitive data, and meet regulatory compliance standards, while accelerating time to market.
If you’re storing sensitive user data, you’re right to be concerned about the potential for compliance and security risks. One method to secure sensitive data is tokenization. Check out this blog to learn what every engineer should know about tokenization – what it is, how and when to use it to protect data privacy, the use cases it enables, and more.
Stay up to date on all things data privacy with these upcoming events.
Webinar: A Privacy Professional's Guide to the Modern Data Privacy Stack: June 22, 10 am PT, Online. Register today!
PEPR 2022: June 23-24, Online.
AWS Summit: July 12-13, New York, NY.
Traction Conference: August 10-11, Vancouver, BC.
fintech_devcon: August 23-25, Denver, CO.
WE'RE GROWING, COME JOIN US!
Are you passionate about tackling the ever-growing data privacy problem? So are we. Check out our open roles, and if they aren't a fit for you, please share with your network!