Privacy newsletter - Oct. 13, 2020

Welcome to the latest edition of the Privacy Insider Newsletter. Each week, we send you the latest and smartest news in the world of data privacy.

Here are the top stories from last week you might have missed:

1. The California Consumer Protection Act was twice amended last week with changes signed into law by Gavin Newsom, California’s governor. One amendment extends exemptions for employee and business to business information, and the other exempts medical information from the CCPA, which is governed by other privacy laws. Link
2. Consumer Reports released a study detailing the challenges with exercising one’s rights under the CCPA. An absence of mandated links, understanding dense legal policies, and burying opt-out options are all widespread issues. The study found that 62% of participants did not know if their opt-out request was successful. Link
3. Contact tracing apps are slowly beginning to roll out across states in the US, significantly trailing adoption in major European and Asian countries. To date, 10 states have released a a contact tracing app to the public. Five other states are coming soon, but building an effective tracing system still faces two enormous challenges with getting sufficient public adoption and setting up interstate tracing protocols. Link
4. Instant messaging and social media services are likely storing your personally identifiable information without your consent. Social media apps typically have the ability to import and store your contacts to find your friends. When someone you know does this, it could conflict with the CCPA. The author digs into app Houseparty and unsuccessfully tries to learn what they know about him despite never having signed up for the service. Link
5. Global research firm Gartner projects a major jump in data privacy regulations, with 10% of the world population currently covered increasing to 65% by 2023. Gartner argues the primary motivator in increasing privacy regulations is maintain parity with EU standards to preserve digital trade. Link
6. Contact tracing data from the UK’s test and trace scheme is reportedly being resold to third-party data brokers. Contact tracing data in the UK is supposed to only be stored for three weeks and "not be used "for any purposes other than for NHS Test and Trace", but some firms are reportedly selling it on. Link
7. The Five Eyes, India, and Japan convened and published a statement this weekend calling for backdoor access to major technology services. The Five Eyes alliance is comprised of the US, the UK, Canada, Australia, and New Zealand; and have made similar calls in recent years. Link