The ebb and flow of trans-Atlantic data transfers: It’s the geopolitics, stupid!*
The following is a guest post to the FPF blog from Lokke Moerel, Professor of Global ICT Law at Tilburg University and a Dutch Cyber Security Council member. Guest blog posts do not necessarily reflect the views of FPF. 1. Introduction There is a call for a rational debate on trans-Atlantic data transfers. Frustrations increase […]
Measuring Privacy Programs
The risks of falling short on privacy compliance are greater than they have ever been. New laws are going into effect around the world and in the states, enforcement agencies are exercising their authority and media organizations have teams devoted to identifying data protection failures. Legal judgments can run into the billions. And most important, […]
FTC Requires Algorithmic Disgorgement as a COPPA Remedy for First Time
On March 4, the Federal Trade Commission (FTC) and Department of Justice (DOJ) announced a settlement agreement with WW International and its subsidiary, Kurbo (Kurbo by WW), after charging the companies with violating the Children’s Online Privacy Protection Act (COPPA) for improperly collecting health information and other data from children as young as eight years […]
BCI Technical and Policy Recommendations to Mitigate Privacy Risks
This is the final post of a four-part series on Brain-Computer Interfaces (BCIs), providing an overview of the technology, use cases, privacy risks, and proposed recommendations for promoting privacy and mitigating risks associated with BCIs. Click here for FPF and IBM’s full report: Privacy and the Connected Mind. In case you missed them, read the […]
How the Kenyan High Court (temporarily) struck down the national digital ID Card: Context and Analysis
The High Court of Kenya, by virtue of a judicial review application, delivered a landmark judgment declaring the proposed national digital ID card (Huduma Card) unconstitutional on October 14, 2021 – a judgment that is now part of the growing data protection and privacy jurisprudence in the country. Kenya enacted its first Data Protection Act […]
Mercy King’ori
BCI Commercial and Government Use: Gaming, Education, Employment, and More
This post is the third in a four-part series on Brain-Computer Interfaces (BCIs), providing an overview of the technology, use cases, privacy risks, and proposed recommendations for promoting privacy and mitigating risks associated with BCIs. Click here for FPF and IBM’s full report: Privacy and the Connected Mind. In case you missed them, read the […]
The State of Play – Issue Brief: COPPA 101
The Children’s Online Privacy Protection Act (COPPA), enacted by Congress in 1998, aims to give parents more control over the information collected about their children online. The law requires operators of games, websites, apps, and other online services catered to users under the age of 13 to obtain permission from a child’s parent before collecting information about […]
BCIs & Data Protection in Healthcare: Data Flows, Risks, and Regulations
This post is the second in a four-part series on Brain-Computer Interfaces (BCIs), providing an overview of the technology, use cases, privacy risks, and proposed recommendations for promoting privacy and mitigating risks associated with BCIs. Click here for FPF and IBM’s full report: Privacy and the Connected Mind. In case you missed it, read the […]
Understanding why the first pieces fell in the transatlantic transfers domino
Two decisions issued by Data Protection Authorities (DPAs) in Europe and published in the second week of January 2022 found that two websites, one run by a contractor of the European Parliament (EP), and the other one by an Austrian company, have unlawfully transferred personal data to the US merely by placing cookies (Google Analytics and Stripe) provided by two US-based companies on the devices of their visitors.