Data Privacy Policies Ramping Up in Intensity: The Week in Data Privacy and Transparency
Tech companies and state legislatures are working hard to implement data privacy policies, but which sector will effectively counter the rise in data breaches? Read on for this week’s data privacy recap.

Tech companies increase data privacy lobbying efforts
In recent months, tech companies have begun aggressively lobbying White House officials to start crafting a federal data privacy law. The momentum behind these efforts truly clicked into gear after the California Consumer Privacy Act passed earlier this year, imposing strict regulations on the ways companies use user data. Tech companies are now increasingly motivated to enact a less-strict Federal law which would overrule the state legislation.
Now that Colorado has successfully passed its own data security legislation, other states are sure to follow suit, It’s become clear that ignoring data privacy legislation is simply not an option for tech companies any more. In response, Facebook and Google are now directly involved in shaping the legislation to protect their interests. The legislation will likely not be ready until the end of 2018, as there are various government agencies involved in creating it.
Apple releases personal data mandate
Starting October 3, Apple app developers will have to abide by a new policy regarding data privacy, which is likely a response to the passing of the EU’s General Data Protection Regulation. The new rule requires developers to submit a privacy policy for all new apps and updates before they can be released to the public. These policies will be rigid once set in place, and will only be editable when developers submit app updates.
The policy mandates that every app will need to display their privacy information in an easily accessible manner, and they’ll need to clearly outline which data points they collect. Apps will also have to list any third parties they share information with, and the developers will have to ensure that all parties are compliant with their policies. Lastly, apps must clearly outline their retention and deletion procedures for user data, and allow users to revoke their consent at any point.

Mozilla Firefox now blocks data tracking by default
Although Google Chrome and Internet Explorer already include options for limiting data collection, Mozilla Firefox is the first search engine to include this feature by default. In order to change this setting, users will have to change their preferences manually. Google and Facebook have faced criticism in the past about the difficulty involved in changing browser data collection settings, but Mozilla’s update eliminates that issue altogether.
Future updates will also prevent a practice called fingerprinting, which is when websites discreetly divert computing resources from users’ computers in order to mine cryptocurrency. Mozilla is the fourth most popular search engine, according to StatCounter, but the browser will likely see an uptick in users until the other major search engines enact similar practices.
Colorado implements strict consumer data protection law
The Protections for Consumer Data Privacy Act, which was passed unanimously on May 29, went into full effect in Colorado this week. The legislation establishes three key rules for businesses and government entities that process documents containing personal information, both electronic and paper.
First off, all businesses must have a written policy explaining how they will inevitably dispose of users’ personal information. Second, if a data breach occurs, companies must alert consumers that their data has been compromised within 30 days. If more than 500 Coloradans are impacted, the attorney general’s office must be notified. Lastly, companies must take “reasonable” steps to protect all of the personal information they process. The term “reasonable” is purposefully vague, allowing different businesses to create suitable best practices given their unique situations.

Data breach reports increase by 75%
This staggering uptick in data breaches isn’t as dramatic as it seems, but it has incredibly positive implications for the future of data privacy. Before the implementation of GDPR, organizations weren’t required to report data breaches. Now that these reports are mandatory, the numbers will continue to go up. And since these reports will be public, companies will need to buff up their data security regulations in order to stay reputable.
Details from these reports show that human error is just as great a risk, if not more, to data security. Common causes of data breaches were data being emailed to the incorrect person, loss or theft of paperwork, and data being left in an insecure location. These numbers are just as significant as those of direct cyber attacks, signalling a need for increased human vigilance as well as policy regulation.
What do you think was the most important data story of the week? Leave us a comment below.
BIG is a weekly post that brings you the top data privacy and transparency news. Start your week with the latest stories and get ready to claim your data.
