Privacy newsletter - Sept. 29, 2020

Welcome to the latest edition of the Privacy Insider Newsletter. Each week, we send you the latest and smartest news in the world of data privacy.

Here are the top stories from last week you might have missed:

1. The first lawsuit was filed using Brazil’s new data privacy law, the LGPD. The law went into effect last week. Administrative penalties won’t begin being enforced until August 2021, but Brazilians can still use the law to take private rights of action. The defendant in the first suit is a Brazilian firm that sells data to other entities for marketing purposes. Link
2. Amazon announced an autonomous indoor drone that can independently fly around your home to check out strange noises or patrol when you aren’t home. Between the drone, other Ring cameras, the Sidewalk mesh network, and the Halo app, Amazon is releasing a number of products that can access highly personal data. Innovative products that are also invasive open up privacy and security risks that are difficult to anticipate in advance. Link
3. The Irish Data Protection Commission (DPC) will begin enforcing cookie compliance next week. The Irish DPC published guidance notes for cookies with a six month grace period before enforcement. That grace period will expire on October 5. Osano’s tool is fully compliant, but fines begin soon if you haven’t yet set up cookie consent management. Link
4. More than 100 million search engine records were leaked online. Researchers found an unsecured database with millions of records of Bing user searches from more than 70 countries. The database included full search terms, account details, and location data. Link
5. Twitter now requires employees to use security keys to avoid another cyberattack like the one that occurred in July. Multiple employees were phished and gave hackers access to an internal administrative tool, which they used to post a Bitcoin scam on many high profile Twitter accounts. The security keys are one of a number of steps the social network is taking to beef up their security to avoid future incidents and prepare for election season. Link
6. The Washington State Senate introduced a new privacy bill. The Washington Privacy Act follows two previous attempts to pass a state privacy law and is broader in scope than previous attempts. The bill includes specific provisions relating to COVID-19 and processing personal data for contact tracing. Link
7. Advertising technology companies continue to develop potential solutions to replace the third-party cookie. AdExchanger has a helpful rundown of the attempted progress made so far between Google and advertising companies reliant on third-party cookies for revenue. Link