Privacy newsletter - Sept. 8, 2020

Welcome to the latest edition of the Privacy Insider Newsletter. Each week, we send you the latest and smartest news in the world of data privacy.

Here are the top stories from last week you might have missed:

1. Apple delayed plans to roll out stricter privacy settings for apps until early next year. The rules will require app developers to seek permission before tracking your device ID for advertising purposes. Apple says it is delaying to give developers more time to implement the necessary changes. Link
   
   Apple released a new ad focused on its commitment to privacy. Link
2. Facebook announced it would dramatically change advertising to iOS users with the next major release. Apple device targeting has traditionally relied on IDFA, or the Identifier for Advertisers, a random ID assigned by Apple to a user’s device. Facebook is preparing for a world where most iOS users do not opt-in to permit tracking  for advertising purposes. Link
3. As children head back to school, many education-focused apps still have been found to harvest data from devices without consent. The International Digital Accountability Council investigated 123 apps and found that 79 share personal data with third parties. Enforcement of educational technology privacy safeguards is sorely lacking. Link
4. The Identity Theft Resource Center has reported a 33% decrease in data breaches in the first half of the year compared to the same period in 2019. The number of individuals impacted by data breaches declined by 66% year-over-year. Even though breach incidents are down overall, there has been a notable spike in phishing attempts and other scams related to COVID. Link
5. A US appeals court ruled that the National Security Agency’s bulk collection of citizens’ phone records was against the law. The collection of users’ call records exceeded the scope of Congress’s authorization. The ruling's timing is noteworthy, given it happened so quickly after the Schrems II decision that objected to these practices. Link
6. George Washington University created an uproar by asking students to sign a privacy notice and consent form or risk losing online class access. The statement was sent to students studying remotely in China and stated that it would collect “personal data” from students, including their contact information and citizenship, that may be transferred to other parties “when necessary.” College officials backed off after students attracted significant attention to the policy. Link
7. Warner Music disclosed that it had been leaking credit card details for months. Known as “web skimming,” hackers inserted malicious code into Warner Music’s checkout flow, which logged customer payment details entered into forms. Link