Privacy newsletter - May 12, 2020

Welcome to the latest edition of the Privacy Insider Newsletter. Each week we send you the latest and smartest news in the world of data privacy.

Last week, we saw the US Senate introduce legislation addressing privacy issues related to contact tracing. This week, we see a significant update to California's privacy law move forward. In case you're counting, that's two major pieces of data privacy legislation in the US in as many weeks.

Here are the top stories from last week you might have missed:

1. A new privacy rights bill was added to California’s November 2020 ballot and is expected to pass. Last week, a Californian privacy rights group announced they’d secured enough signatures to qualify for the upcoming ballot. Known as the California Privacy Rights Act, or CCPA 2.0, the new bill seeks to create a privacy enforcement arm, increase companies’ compliance obligations, and clarify ambiguous language in the CCPA. Link
   
   
2. Pew released new survey data on data privacy issues in the US. Americans are generally in favor of more data privacy regulation. They have a low amount of trust in companies and governments to safeguard their data. Link
   
   
3. This week in data leaks and breaches: GoDaddy disclosed a breach affecting 28k customers, after suffering from an employee phishing attack a month ago. The US Marshals Service exposed prisoners’ personal data in a security lapse. Microsoft’s private repositories on Github were hacked and stolen.
   
   
4. The privacy policies of Google Meet, Webex, and Microsoft Teams were all criticized by Consumer Reports this week. None of the platforms are transparent about how your data is being used, but their policies allow them to capture data while you're in a videoconference. This scrutiny is unsurprising following the criticism Zoom has faced over the past two months. Link
   
   
5. India ordered all workers to install its contact tracing app. The government is holding employers responsible for their employees' compliance. India's app has been criticized for giving little transparency about how the data will be used by the government. Update: The link is no longer available on nytimes.com. 
   
   
6. The European Union continues to patch loopholes in GDPR. The European Data Protection Board released updated guidelines stipulating that scrolling doesn't equal consent and that "cookie walls" are not okay. Link
   
   
7. Clearview AI canceled all relationships with private companies. Clearview AI is notorious for scraping 3 billion social media photos, and for being one of the first companies to face legal action from the CCPA. They’re ending relationships with all non-governmental entities as they scramble to deal with numerous lawsuits and mounting regulatory scrutiny. Link