What Businesses Can Learn From WhatsApp’s Privacy Policy Uproar

What Businesses Can Learn From WhatsApp’s Privacy Policy Uproar

In the few short days since its unveiling, WhatsApp’s updated Privacy Policy has provoked widespread backlash, including a request from the Indian government to withdraw the changes entirely. In short, the change describes how users’ data – including device type, general location, and language – would be shared with Facebook, which acquired WhatsApp back in 2014 and appears keen to use the platform for future data-driven e-commerce initiatives. A handful of in-depth recaps explain the changes in greater detail, like this overview from Gizmodo. However, one of the most concerning impacts of this development is not so much a particular policy change but rather the trend it illustrates: for users in the United States and other countries lacking strong privacy …

A CPRA Note from our CEO

A CPRA Note from our CEO

What a year 2020 has been, for the world at large and for the field of data privacy specifically.  US businesses that previously hadn’t thought too hard about the ways they collect and process data will have found the last 10 months felt somewhere between “whirlwind” and “tornado”. There was the introduction of the California Consumer Privacy Act (CCPA) on January 1st. Then, around mid-March, global lockdown, work from home, and a million little disruptions to data management practices. In summer, EU-US data flows were thrown into chaos.  And finally this morning, Californians and businesses at large wake up to the passage of Proposition 24, the California Privacy Rights Act. It’s a brand new privacy law less than a year …

The Story Behind CPRA: Less Than a Year After the Introduction of the CCPA, Why is California Voting on Another Privacy Law?

The Story Behind CPRA: Less Than a Year After the Introduction of the CCPA, Why is California Voting on Another Privacy Law?

Back in 2018, California lawmakers hurried to pass the CCPA, a new regulation about privacy and data compliance. This year, Californian voters faced another privacy-related choice on the ballot. So, why is there a new law on the table so soon after implementation of a similar one? The story behind California’s new data privacy law is about human optimism, philosophical battles over the right to privacy, tech companies determined to operate within grey areas, and of course, plenty of confusing acronyms.  On November 3rd, 2020, California voters decided to vote CPRA into law. It will go into effect in January 2023 (with a lookback provision starting in 2022) and have major data compliance implications for all companies that do business …

5 Key Updates to Get from CCPA to CPRA Compliance

5 Key Updates to Get from CCPA to CPRA Compliance

Last year, the California legislature passed the CCPA – the California Consumer Privacy Act – into law. Its goal is to protect consumers whose data is collected and processed by businesses and other organizations during the course of their internet activity. In the last year, it wasn’t just Californians who experienced the impact of the new California data privacy laws. All companies nationwide with California customers in their data systems had to rapidly bring their data privacy practices up to the law’s standards.   But now, there’s a whole new law on the table. The CPRA, or California Privacy Rights Act, expands on the CCPA by introducing additional detailed requirements for businesses that process consumer data and creating a whole new …

The Senate’s Talking Privacy Laws Again…But Is Anything Different?

The Senate’s Talking Privacy Laws Again…But Is Anything Different?

If you want to take the privacy pulse of the nation, there are few better venues than a Senate Commerce Committee hearing in which to do so. Yesterday, the Committee that will be the source of a federal US privacy law – if there ever is one! – convened a hearing called “Revisiting the Need for Federal Data Privacy Legislation.” It’s fair to say they had an all-star cast of privacy experts as witnesses: Julie Brill, Former Commissioner, Federal Trade Commission William Kovacic, Former Chairman and Commissioner, Federal Trade Commission Jon Leibowitz, Former Chairman and Commissioner, Federal Trade Commission Maureen Ohlhausen, Former Commissioner and Acting Chairman, Federal Trade Commission Mr. Xavier Becerra, Attorney General, State of California   Pretty impressive! …

Did The EU Just Pull The Rug Out From Data-Driven Businesses? Here’s What You Need To Know.

Did The EU Just Pull The Rug Out From Data-Driven Businesses? Here’s What You Need To Know.

“The rug.” That’s how privacy activist Max Schrems began a tweet reacting to yesterday’s news that the Irish Data Protection Commission will act to stop Facebook from sending European citizens’ data overseas to the United States. Schrems, the individual most responsible for this development, was accurate to characterize this as a rug being pulled out from under the feet of the world’s biggest social network. But in truth, this is the opening gambit of a new data privacy chapter that could take years to unfold. Why Are EU Regulators Acting Now? Some background context: EU citizens’ data is protected by the provisions of the General Data Protection Regulation (GDPR). It’s a law that affords far greater privacy protections to European …

Here’s why a cookie consent manager won’t get you CCPA-compliant.

Here’s why a cookie consent manager won’t get you CCPA-compliant.

It’s a wild time in the world of data privacy. With the California Consumer Privacy Act becoming eligible for legal enforcement on July 1, companies all over the US are rushing to get compliant with the country’s first truly far-reaching privacy law. When a marketplace is full of urgency, it can be hard to separate truth from fiction. I’m writing to put paid to one of the more pervasive myths I’ve seen out on the front lines of CCPA compliance: the idea that you can adhere to the CCPA’s “Do Not Sell My Personal Information” requirement using just a cookie consent tool. You can’t. If you could, it wouldn’t be called a cookie consent tool. Here’s what I mean: Data …

What the Schrems II decision means for the future of data privacy… and your business

What the Schrems II decision means for the future of data privacy… and your business

There are two things businesses everywhere like: certainty and harmonization. The Schrems II ruling in the Court of Justice of the European Union (CJEU) strikes a blow on both of these counts with respect to the vast (and hugely valuable) transfer of user data from the EU to the United States.  By ruling that one of the two main legal protections for user data transferred to the US – the so called “Privacy Shield” – doesn’t sufficiently guarantee respect for fundamental data rights, the CJEU’s decision poses a clear and immediate threat to businesses that rely on Privacy Shield to facilitate data flows. That’s 5,378, including some of the biggest tech companies in the world.  It’s notable that while Privacy …

What FB’s “Limited Data Use” means for your marketing team’s CCPA compliance efforts

What FB’s “Limited Data Use” means for your marketing team’s CCPA compliance efforts

It’s been a long time since Facebook was on the receiving end of good press – heavy is the head that wears the social media crown. A quick win, in my view, would be to openly and proactively assist its many advertisers trying to comply with the California Consumer Privacy Act (CCPA).  The CCPA is the first major data privacy regulation in the US and a GDPR-lite for residents of California. But it’s quickly become a de facto standard for the entire United States, and many of tech’s leading lights have gone ahead and rolled out CCPA-level privacy protection for consumers all over the country.  So how does this relate to Facebook? The rollout of its Limited Data Use (LDU) …

CPRA Will Be On The Ballot. Here’s What It Means.

CPRA Will Be On The Ballot. Here’s What It Means.

I confess that the California Secretary of State’s announcement today, which affirmed the CPRA (or “CCPA 2.0”) will be put to public vote this coming November, and take effect as soon as next year, caught me by surprise. When debate over its eligibility for inclusion arose, I expected legislators might angle to slow the tide of regulatory advance for California, and, in effect, for businesses across the country. And I would understand that aim. I’ve seen very clearly the colossal strain that CCPA compliance efforts have placed on teams of all sizes. Ethyca’s technology can certainly alleviate large parts of it, but even key stakeholders among our clients have had to work hard to achieve the organizational buy-in and culture …