Omer Tene’s Post

The trend in #US is accelerating toward a enforceable systemic ‘user affirmative consent’ legal basis requirement ‘by purpose of use’ for companies to rely on , pretty much similar to European #GDPR framework. Clearly #California has its influence across US States #privacy #laws shaping framework. While #Ad #targeting is already falling under such requirement #Europeans and specifically #Irish #Data #Protection #authority in particular have made clear to #Meta #Platforms that legitimate interest cannot be used on their apps for AI training purposes data collection 👋 and processing 👍. But another legal basis shall be choosen. Is affirmative consent going to be ok for Meta ? Can the company afford it ? Will it mean, in a broader context, that if affirmative consent becomes a default legal basis for personal data collection and processing by companies in Europe that companies will starve for lack of data absent such proovable verifiable persistent user affirmative consent? Actually not. It only implies that companies need to put up a consent lifecycle management transparency framework to push onto the user for their agreement not because of compliance rationale but because of opportunistic business rationale. Companies can partner with users. Users will be receptive. But the conversation need to start. And it cannot be limited to Europe. Digital is global by nature. We designed ErnieApp | Your Privacy Knowledge Manager app to offer such mobile friendly always on transparency consent framework and conversational channel and we invite businesses to give it a look. Surprisingly our users show that the more the consent transparency framework to command and control persistent affirmative consent is easy to use and understand the highest the chances to grant affirmative consent and for long duration. Same behavior on #cookies. If you wish a longer cookie tracking lifecycle don’t try to convince regulators to norm it but rather build an incentive based system directly with end users to motivate them . #users #trandparency #datagovernance #datarights

Great summary of the latest CPPA enforcement actions.

Succinct synopsis on CCPA enforcement #3 - this time focused on children's privacy and SDK's. With increasing enforcements and 19 state laws passed, it's time to review your #dataprivacy practices. Privageo's single day roadmap will get you well underway. Give us a call!

It’s inherently unfair to trick people into making an unfavorable choice - whether it’s paying more than necessary for a product, remaining subscribed to a recurring payment, or providing personal data that they would rather keep private. Yet “dark patterns” - manipulative or deceptive interfaces, notices, and designs—are common across the internet’s cookie banners, checkout processes, and settings menus. But for the past few years, regulators have been particularly vocal about why implementing dark patterns could be illegal in certain contexts. And legislators are increasingly keen to prohibit dark patterns via primary law. 👉 Discover what dark patterns are and the latest regulatory developments surrounding them in our latest blog https://bit.ly/4cL2Kdj #DarkPatterns #DeceptiveDesigns #ConsumerProtection #UserExperience #LegalCompliance #DigitalEthics #TechRegulation #OnlineSafety #DataPrivacy

Pursuit of app-iness: the legal considerations of SDKs. By Andrew F. "Mobile apps that fail to uphold adequate data practices have been a recurring concern dating back at least to 2014 when whistleblower Edward Snowden revealed the popular gaming app Angry Birds and others like it engaged in the surreptitious collection and disclosure of personal information. A decade later, issues over leaky apps have come to a head in the wake of increased scrutiny over one long-used tool: the software development kit. SDKs are bundles of code embedded within an app that allow the developer to provide specific functionality. Instead of developing code for an app function — such as login, authentication, analytics or crash reporting — from scratch, a developer can license a collection of software libraries, application programming interfaces, documentation, utilities and/or sample code offered by a prebuilt SDK. In recent years, the U.S. Federal Trade Commission drew attention to SDKs and similar tracking technologies through its settlements with SDK providers InMobi, X-Mode Social and InMarket Media and apps GoodRx, Premom and, more recently, Monument and Cerebral. These settlements have begun to offer boundaries around the usage and provision of SDKs. At the state level, the California attorney general's office has been keenly interested in SDKs and other tracking technologies for their part in the alleged unlawful sale or sharing of personal information. In addition, the plaintiffs' bar has sent demand letters and filed many class-action lawsuits alleging privacy violations involving the provision and usage of SDKs. SDKs may feel to many like just another cog in the labyrinthine advertising technology machine. With regulators, litigators and major industry players turning their focus to SDKs, privacy professionals must shift their focus to ensuring the proper incorporation of these technologies. Please read the full article: https://lnkd.in/gMgkUiNN. 22-1327 - Greenley v. Kochava, Inc. Finding good cause, the Court GRANTS the parties’ Joint Motion. The parties shall have leave to file motions to amend the pleadings on or before October 11, 2024. Class discovery is to be completed by January 10, 2025. Plaintiff must file a motion for class certification by February 14, 2025. Additionally, the parties are ORDERED to file a joint status report notifying the Court of the status of the case following mediation no later than June 17, 2024. Federal Trade Commission v. Kochava, Inc. (2:22-cv-00377) Plaintiff Federal Trade Commission (“FTC”) and Defendant Kochava Inc. (“Kochava”) submit this Joint Motion to Extend the Time for Joinder of Parties and Amendment of Pleadings. In support of this motion, the parties believe extending this deadline to June 14, 2024, would facilitate settlement talks.

Now are we going to follow disclaimers from other countries? And the data being collected is it protected by GPDR,PIPL, or other inter-governmental agencies ? It’s clear the public needs to know when you are using a website or an app, you are basically opening up pandoras box for yourself. When will the senate acknowledge the fact that the internet has now become a tool to blatently take advantage of your own personal information.

Double opt in is going to become a hot topic in 2026.. Too many states adopting strong privacy laws that are going to require more consent data, which will be easiest solved by double opt in. I don’t think it’s a bad thing, verifying real human behavior is becoming more normal in most app signups. Consider testing it- you may get “less in numbers” but you will have more quality. Better engagement. Better deliverability. Lower sending costs (even if you still pay for contacts) And that quality is what drives most your revenue. And less sending to people who don't care. Something to think about.

#news 📰 Google takes steps to protect location history. "The ability to delete place-related activity from Maps and the new blue dot controls will start rolling out on Android and iOS in the coming weeks, Google says. Google Maps also announced that if you have chosen to turn Location History on, your Time will soon be saved right on your device." Full content: https://lnkd.in/d2tydcWh #dataprivacy #datasecurity #gdpr #sentinelh2020

😬 Some websites and apps use deceptive tricks to manipulate users into making choices they wouldn't normally make. These are called dark patterns. They're not only unethical, but they can also lead to legal trouble, mistrust in your brand, and loss of revenue. So you don't wind up using any accidentally, here are nine dark pattern examples you should look out for: https://pvcy.me/3R2Zpgr #DarkPatterns #DataPrivacy #Transparency

"According to a draft provided to the IAPP, the proposed rules are broken down into three major sections: how to provide notice of the technology's use, when and how opting out is allowed, and how consumers can access information used by the business. It also carves out key areas of discussion for the CPPA Board, including how businesses might approach profiling children under 16 and how consumer information can be used to train a given system." https://lnkd.in/edBp7vdB