Lucid Privacy Group (Page 2)

Through Orange Haze: Recapping IAB Tech Lab’s Summit in NYC

Earlier this month I had the pleasure of attending IAB Tech Lab’s IMPACT conference in midtown Manhattan. Digital advertising professionals gathered together to discuss pressing issues and learn from industry specialists, catch up with friends and clients, and fret about the Blade Runner-esque air conditions outside. The irony of

US Health Data Privacy Landscape and its Ripple Effect

In 2023, the privacy race has expanded to include healthcare data, with states like Washington, Connecticut, and Nevada introducing data-specific bills to protect consumers of wellness services beyond the traditional confines of America’s healthcare system. This is in parallel to states like Illinois’ interest in biometric data privacy, with

Journey to the West: China SCCs and the Transfer Impact Assessment (PIPIA)

As of 1st June 2023, data exports from China can (in some cases) be facilitated using SCCs and PIPIAs (Chinese TIAs). Lucid Privacy Group provides the details and a PIPIA template.

Artificial Intelligence, Regulation, Privacy

In this four-part deep dive into the future of AI regulation, Lucid Privacy Group explores the detail of the new approaches to AI regulation.

First Apple, Now Android to Devs: “Delete!”

It’s all too easy for us to download an app, speed through registration with our Google accounts, use the service for a month and then put it in the smartphone equivalent of a junk drawer. Rifling through on a whim, we may decide to throw the app away to,

Tracking pixel users and providers sued under US HIPAA and wiretapping laws

Fired Pixels Under Fire

The 2010s were a time of ‘novel’ patent lawsuits. It seemed like every company was being sued by Tom, Shrek & Harry LLP for sending hyperlinks to mobile users. You know, to service terms and coupons and such. The cardinal sin? Allegedly infringing an old patent. The lawsuits were frivolous

Who needs a DPO?

The European Data Protection Board (EDPB) has announced a Pan EU coordinated enforcement action by 26 separate Data Protection Authorities (DPA) on the designation of Data Protection Officers (DPOs). This ‘action’ will address the status of DPOs within their organization, including whether they have the resources to carry out their

Lucid releases Utah Readiness Record (UCPA)

The Utah Consumer Privacy Act (UCPA) made Utah the fourth US state to pass a comprehensive privacy law, and the law will become effective on December 31 of this year. To help you keep pace with the law, and to help you evaluate whether your business meets thresholds of applicability,

Lucid releases Connecticut Readiness Record (CDPA)

July 1, 2023, is now the most famous date on the calendar for privacy professionals in the US, and Connecticut has elbowed in on the fun. While the Connecticut Data Privacy Act (CTDPA) will become effective on July 1 of this year, the law includes a grace period for enforcemement

Lucid releases Colorado Readiness Record (CPA)

On July 1 2023, the Colorado Privacy Act (CPA) will come into effect. In fact, July is shaping up to be a banner month, as the Connecticut law will also take effect and CPRA in California is expected to commence enforcement. We’re hearing indications that letters will be mailed

Europe’s Digital Services Act

The European Union’s Digital Services Act (DSA) came into force in November 2022, & will be fully applicable for all entities from 17 February 2024. However, before the date of enforcement, the work has begun in earnest within the European Commission (EC) to interpret, clarify and implementate what the

Burying Behavioral Advertising in Terms of Service Violates GDPR Principles

2023 started with a serious blow to behavioral advertising. Irish Data Protection Authority (IE DPA) issued a decision to Meta that put its Behavioral Advertising under high scrutiny. This decision was handed down to Irish DPA from the European Data Protection Board (EDPB) and is an outcome of the dispute

Lucid releases Virginia Readiness Record (VCDPA)

On January 1st of this year, the Virginia Consumer Data Protection Act (VCDPA) officially came into force. To help you keep pace with the law, and to help you evaluate whether your business meets thresholds of applicability, Lucid is releasing our Virginia Readiness Record (VCDPA) as a public reference. As

Lucid Privacy Survey Finds That The Majority Of AdTech Businesses Plan To Honor Opt-Out Preference Signals Globally

Following the recent passage of new privacy laws in California, Colorado and Connecticut that will require businesses to honor ‘Do Not Sell or Share’ of targeted advertising opt-out requests via “opt-out preference signals’ or (‘signals’) (aka; ‘global privacy controls’ or ‘GPC’),” there has been some uncertainty on h0w these opt-out

Lucid References: California Readiness Record (CCPA/CPRA)

With the new California privacy law, CPRA, coming into force in January, many companies are conducting reviews to ensure that they understand how CPRA will apply to their business and what they will need to do to comply. The process has been complicated with CPRA sitting on top of the

A benchmarking poll for Opt-Out Preference Signals (GPC)

The Sephora enforcement action has the digital media industry in a bind. Many companies have been waiting for a range of implementation questions to be resolved through the CPRA rulemaking process before adopting GPC, but the California AG is already dropping the hammer. Some companies have already signaled that they

California v. Sephora

On August 24, 2022 we saw the first settlement under the California Consumer Privacy Act (“CCPA”). In a press release from the office of the California Attorney General Rob Bonta. Attorney General Bonta stated that “Sephora failed to disclose to consumers that it was selling their personal information, [and] it

Google Analytics 4 and IP Address

A closer look at the privacy and product implications of the deprecation of IP Address logging in GA4.

How Aare GDPR Fines Calculated?

EDPB Guidance for DPAs on calculating GDPR fines

Lucid reference section launches with Transfer Impact Assessment template

Over the past several years, as we have worked with clients to operationalize privacy compliance documentation, taking into account legislative requirements and iterating over time with regulatory guidance, we have built up a considerable library of templates. To help real life privacy pros fill out these templates, as well as

CPPA Releases First Draft of CPRA Regulations

An overview of the CPRA Draft Regulations

What are the likely effects of the Digital Markets Act on marketers?

It is safe to say that the EU’s Digital Markets Act (DMA) has the potential to have a significant impact on the main protagonists, the so-called ‘Gatekeepers,’ such as Amazon, Apple, Google, Meta and Microsoft.

The State of State Privacy Legislation

It’s old news that states have been proposing and passing privacy laws. Let’s take a moment to figure out the landscape.

Wordle — A Modern Day Parable.

Wordle was the online viral puzzle sensation of 2021. Developed by Brooklyn software engineer Josh Wardle as a gift to entertain his…

HOPE FOR A NEW TRANSATLANTIC TRANSFER SHIELD

After the recent body blows to the transatlantic data transfers, could we see some light at the end of the tunnel?