Electronics recycler ERI said Tuesday it completed the Service Organization Control (SOC) 2 Type 1 audit and received a compliance certification showing the company is “recognized globally for its rigor in the review of organizations’ systems and controls." It affirms that ERI’s practices, policies, procedures and operations meet the SOC 2 standards for security and data protection, the company said. ERI is also embarking on SOC 2 Type II compliance, which would assert that its internal systems and controls are effective at meeting audit standards on a continuous basis while ensuring that the personal assets of the organization’s potential and existing customers are protected, said CEO John Shegerian.
Connecticut will be the fifth state with a comprehensive privacy law, but a Louisiana privacy bill, after clearing the House Commerce Committee earlier this week, met a possible hurdle after the House sent it down to another committee. Connecticut Gov. Ned Lamont (D) signed SB-6 by Sen. James Maroney (D) Tuesday. The legislature passed the bill last month (see 2204290036) and the law will take effect July 1, 2023, the same day as Colorado’s privacy law. Maroney is "thrilled" Lamont signed his bill, he said Wednesday in a statement: "In our increasingly connected world, these rights are ever more important." Connecticut’s privacy law is “certainly one of the stronger bills” and “advances the conversation for privacy law in this country,” unlike the more business-friendly Utah law passed earlier this year, said Husch Blackwell attorney David Stauss, who participated in meetings to develop the Connecticut bill. It continues a trend of states, including Colorado and Virginia, passing bills based on the yet-to-be passed Washington Privacy Act, rather than on California’s law, he said in an interview. Consistency so far among state privacy bills may lessen chances of federal legislation “because you’re not getting a lot of interoperability concerns,” Stauss said. “You certainly have differences between these bills,” but “we have yet to come across a situation in which you can either comply with one state or another state.” Consumer Reports Director-Consumer Privacy Justin Brookman said Connecticut’s law isn’t “perfect, but it's definitely one of the stronger laws that have been passed.” CR was concerned after Utah’s law “that companies would be pushing for similarly weak laws, so it was important to see a stronger law pass soon after Utah,” he said. The Louisiana House and Governmental Affairs Committee will vote on HB-987 Tuesday said Chairman John Stefanski (R) at a livestreamed hearing Wednesday. The bill at first was similar to Utah’s bill but Microsoft-backed amendments added consumer protections that raised issues for TechNet members (see 2205090037). “I know there is some concern,” said Stefanski, saying he wants to “see if we can’t ease those concerns between now and the next meeting.” Sponsor Rep. Daryl Deshotel (R) said he was surprised to hear Tuesday from groups that hadn’t previously weighed in.
Clearview AI promised to comply with the Illinois Biometric Information Privacy Act (BIPA), in a settlement filed Monday at Illinois Circuit Court in Cook County. Under the agreement with American Civil Liberties Union and other plaintiffs, which the court must approve, Clearview wouldn’t be able to sell access to its facial recognition database to most businesses across the U.S. Also, the company would cease selling access to Illinois entities including police for five years. “Clearview can no longer treat people’s unique biometric identifiers as an unrestricted source of profit,” said Nathan Freed Wessler, ACLU Speech, Privacy and Technology Project deputy director. “Other companies would be wise to take note, and other states should follow Illinois’ lead in enacting strong biometric privacy laws.” The court last year denied Clearview AI’s motion to dismiss the case (see 2108270068). Clearview CEO Hoan Ton-That said the agreement doesn't stop the company from "selling its bias-free algorithm, without its database, to commercial entities on a consent basis, which is compliant with BIPA." The company's attorney Lee Wolosky of Jenner Block said the settlement is a "huge win" for Clearview, which "will make no changes to its current business model."
HBO Max's terms of use make it clear that any supposed Video Privacy Protection Act violation claims would be handled individually through arbitration and not via a class-action suit, HBO said in a motion to compel arbitration Monday (docket 1:22-cv-01942) in U.S. District Court in Manhattan. Suing HBO and seeking putative class-action status are two subscribers -- one in California, another in North Carolina -- who allege the streaming service's integration of the Facebook Tracking Pixel into the HBO Max website allows disclosure of their video viewing behavior to Facebook without their consent. Plaintiffs' attorneys didn't comment.
Getting HGTV's newsletter is the same as subscribing to its video service for purposes of being considered a subscriber under the Video Privacy Protection Act, counsel for plaintiffs suing Discovery Communications for VPPA violations told the U.S. District Court in Manhattan, according to a letter posted Thursday in docket 1:22-cv-02031. Discovery is accused of providing HGTV newsletter subscribers' personal information to Facebook without notifying them. Discovery, in an April 25 letter that said it's planning a motion to dismiss the putative class action, said district precedent aligns with the argument the plaintiffs aren't subscribers because the email newsletter is separate and distinct from HGTV video content.
The Connecticut House passed privacy legislation 144-5 Thursday, sending it to Gov. Ned Lamont (D) for his signature. The Senate unanimously passed a concurring bill earlier this month (see 2204210011). SB-6 creates a “consumer bill of rights with respect to data privacy,” said House General Law Committee Chair Michael D’Agostino (D), lead sponsor in the House. Consumers would have the right to know when their data is being tracked, how it’s being used and to delete the data under the new opt-out measure. The House declined to consider an amendment on children’s privacy.
Connecticut’s comprehensive privacy bill got a 35-0 bipartisan vote in the Senate and will go to the House. Democratic and Republican state senators praised the amended SB-6, modeled after Colorado’s privacy law, on the floor Wednesday (see 2204200070). "There is a crisis of privacy that we must overcome," said Senate President Bob Duff (D). The amended bill would apply to companies that possess personal data of 100,000 Connecticut residents in the previous calendar year, up from 65,000 in a previous version, or 25,000 residents if more than 25% of revenue comes from processing that data. Under other changes, controllers would no longer have to authenticate opt-out requests and children-specific protections would apply to 13-to-16-year-old teens, which is narrower than ages 13 to 18 in the previous version. In Maine, biometric privacy bill LD-1945 died amid disagreement between chambers.
The U.S. launched multilateral privacy negotiations with Canada, Japan, Korea, the Philippines, Singapore and Taiwan, Commerce Secretary Gina Raimondo announced Thursday. The countries established the Global Cross-Border Privacy Rules Forum, the start of cross-border negotiations to set rules and privacy recognition for processors systems. Raimondo said the “first-of-their-kind data privacy certifications” will help companies “demonstrate compliance with internationally recognized data privacy standards.” The forum will “facilitate trade and international data flows and promote global cooperation, building on our shared data privacy values while recognizing the differences in our domestic approaches to protecting data privacy,” she said.
Roku announced Tuesday a data collaboration “clean room,” where advertisers and agencies can use their encrypted first-party data to facilitate planning and measuring advertising campaigns on Roku without relying on “cookies or consortiums.” The clean room creates a secure connection between Roku's and the advertiser’s data, without sharing or exposing identifiable data and protecting consumers from direct identification, it said. “The future of TV advertising won’t rely on fragile cookies or consortiums, but on direct connection with actual consumers,” said Louqman Parampath, Roku vice president-product management. The clean room is integrated with OneView, Roku’s ad platform for TV streaming, enabling marketers to go from planning to buying “without additional steps, third-party fees, or missed audiences,” it said. Omnicom, Dentsu, Horizon Media, Icon Media Direct and Camelot are using the clean room currently on live campaigns, it said.
Connecticut’s comprehensive privacy bill neared a Senate floor vote. The Appropriations Committee voted 48-0 Monday to clear SB-6. The Judiciary Committee supported it in a 25-14 vote on the previous Monday. The General Law Committee cleared it earlier (see 2204110039. A Maine biometric privacy bill (LD-1945) cleared the Senate in a 20-14 vote Monday. It returned to the House for a concurrence vote because it was amended. The Maine legislature is to adjourn Wednesday (see 2204180028).