News Alerts and Bleach Report for Week of October 3, 2022

Italy Takes Aim at Targeted Ads

After TikTok alerted users that they’d receive “personalized” advertising based on their activity and preferences earlier this year, Italy’s data privacy protection authority issued a warning to the social media platform. The Garante per la Protezione dei Dati Personali (Garante), notified TikTok that under GDPR, “using personal data automatically archived on users’ devices to send them targeted ads is illegal without the users’ explicit consent,” according to JD Supra. The Italian DPA is a powerful government entity, and JD Supra cites Pierluigi Perri, an Italian lawyer and professor at the University of Milan, who notes the DPA’s “investigative powers are quasi absolute. It is even above state secrets. But, at the same time, its inspection and enforcement activities are limited to the realm of personal data violations.” Though TikTok has cited “legitimate interest” as the basis for processing personal data under the EU’s GDPR, Italy’s DPA ruled “that TikTok’s choice is merely instrumental to achieving its own goals, whereas the legitimate basis for data collection appears to be of secondary importance, adaptable to the circumstances.” Data controllers with global customers should take note of this ruling—not only is Italy’s DPA a powerful gatekeeper of GDPR, this ruling shows it’s not willing to let technicalities slide when it comes to obtaining explicit consent from data subjects.

Michigan Introduces Data Privacy Bill

Last week, State Sen. Rosemary Bayer, D-Mich, took the lead on introducing Senate Bill 1182, a new comprehensive privacy bill for the state of Michigan. The bill is similar to California’s CCPA and other derivative laws, in that it would create consumer opt-out rights for data sales and targeted advertising, a 30-day right to cure, and a private right of action with 30 days of notice. Notably, Michigan’s bill would create a data broker registry. The bill would apply to entities that possess data on more than 100,000 consumers, and on those that hold data on more than 25,000 consumers and make 50 percent of their revenue from selling that data.

New Study Reveals Best Practices for Targeted Ads

Global research company Lucid published findings from its recent study on consumer attitudes toward data privacy. The study found that an overwhelming majority of respondents preferred to purchase products and services from trustworthy brands—and that a company’s ability to protect its consumers’ privacy is a huge factor in trustworthiness. The survey was commissioned by advertising firm Perion Network, and its CEO Doron Gerstel, noted that companies need to take note of the study’s findings in anticipation of third-party cookies phasing out, as the study also revealed 73 percent of respondents are suspicious of ads/brands “following them around.” Meanwhile, 79 percent of consumers reported they’d benefit “from an ad that included a clearly visible seal or other indication that guaranteed that the brand would not follow them around if they clicked it.” And, “almost all consumers (95 percent) think it’s very/somewhat important to buy from brands they trust. And almost all (97 percent) want brands to start protecting their privacy now, whether or not their state has privacy laws in place.”

BREACH REPORT:

* * * * * * *

To read our article on the recently introduced Personal Data Protection Law passed by the Indonesian parliament on September 20, 2022, click here.

To browse through our previously published articles and news alerts, please visit our website, and don’t forget to subscribe to receive free weekly Data and Cyber Governance news and Breach Reports directly to your email.

New episodes are generally released each week, here. They can be enjoyed on Spotify and Apple Podcasts.

Our most recently released episodes:

79 | Understanding 5G Cybersecurity Issues

78 | The Nexus Between Privacy, Cybersecurity & National Security

77 | Privacy & Cybersecurity Whistleblowers: A New Trend?

Don’t forget to subscribe!

Previous
Previous

Indonesian Privacy Law

Next
Next

CCPA Employer Exemptions Set to Expire