Welcome to September's GrailMail! We’re back with essential updates, in depth analysis, and actionable insights to help you stay ahead of the curve in the data privacy landscape.
Happy September, folks. 🍂 As the leaves begin to change, it’s the perfect time for a refreshed approach to data privacy.
But before diving into the top stories, we are thrilled to share highlights from our recent DataGrail Summit!Last month, the top minds in privacy, security, and legal gathered at the Ritz Carlton, Half Moon Bay to explore the future of responsible innovation.
Watch a recap of the event here:
All sessions from the 2024 DataGrail Summit are now available as on-demand recordings, and they’re ready for you to binge-watch. 🎥
Here are some highlights from a few of our speakers:
Frances Haugen - The Facebook whistleblower captivated our audience with her insights on the urgent need for ethical frameworks in AI. Frances emphasized the pressing challenge of establishing expectations in a rapidly evolving landscape, and urged collaboration among all stakeholders to address data privacy responsibly. Learn more about her sentiments here.
Eric Brinkman- As Chief Product Officer at DataGrail, Eric unveiled our innovative approach to privacy with Unified Choice, which is a comprehensive solution designed to streamline consent management.
David Tsao& Jason Clinton- Highlighting the intersection of security and privacy, the CISOs of Instacart and Anthropic stressed the importance of proactive communication between teams. They also brought a forward-looking perspective on stress-testing AI systems, warning organizations to anticipate future challenges in AI governance and emphasizing the need for adaptive strategies in order to stay ahead of potential threats.
Together, these experts illuminated the path toward responsible innovation, urging collaboration, adaptability, and a consumer-centric approach to navigate the evolving challenges of data privacy in the age of AI. Read the full recap of DataGrail Summit here.
We’re also thrilled to give a shoutout to our recently announced Data Privacy Hero Awards winners! We’re celebrating the exceptional contributions of privacy, legal, and security professionals raising the bar in data privacy.
Congratulations to:
🥇 The Champion: Kirsten Daru, General Counsel & Chief Privacy Officer at Netgear
đź’ˇ The Innovators: Eric Lovell and Sean Kellogg, Privacy Counsel at Dexcom
🚀 The Visionary:Gauri Manglik, Deputy General Counsel of AI, Privacy, and Product at GoFundMe
đź’° 23andMe settles $30 million data breach lawsuit
23andMe has settled a data breach lawsuit from a 2023 incident affecting 6.9 million customers, agreeing to pay $30 million and offer three years of security monitoring.
The settlement includes new cybersecurity measures to prevent future breaches, although the company denies any wrongdoing.
The breach, caused by credential stuffing, exposed sensitive genetic information, raising concerns about privacy and potential discrimination. As 23andMe navigates financial challenges, the settlement highlights the critical need for robust cybersecurity practices. Read the full story here.
🤖 LinkedIn's new AI policy: Users must opt out of AI training
LinkedIn has updated its privacy settings, now allowing the platform to use user-generated content to train its artificial intelligence—unless you opt out.
By default, any posts, articles, or videos you share could be fair game for AI training, which LinkedIn claims will enhance job-search tools and skill development.
To opt out, simply adjust your settings under “Data privacy,” but be aware that this won’t affect data already used. The opt-out process is not entirely user-friendly, raising concerns about fair compensation for the work that goes into improving LinkedIn's AI.
⚠️ Growing data risks expand the roles of Chief Privacy Officers
Now, corporate privacy executives are adding new areas to their remit. Many chief privacy officers are now involved in making AI and cybersecurity decisions for new products and services.
Over 80% of privacy teams now do additional work in areas such as AI and data governance, according to a forthcoming survey of 671 privacy executives from the International Association of Privacy Professionals.
Effective tomorrow, October 1st, the MTCDPA brings stricter regulations for handling personal data. The law requires organizations to honor consumer rights regarding data access, deletion, and opt-out options. If you handle the data of just 5% (or less) of Montana’s residents, you could be subject to this law. As Montana joins the ranks of states with robust privacy laws, businesses must quickly adapt to avoid penalties. Learn more about the act here.
đź‘€ Looking ahead: What are the effective dates of the U.S. state privacy laws?
As summer fades, DataGrail is keeping the momentum going with exciting product updates. Key features include AI risk detection in the Live Data Map to identify potentially risky applications, a new testing capability for consent configurations before launch, and streamlined opt-out request handling via the DataGrail Agent. You can stay informed with our monthly product release blog.
Many consumers have encountered frustrating experiences with cookie consent banners that employ dark patterns—designs that manipulate user choices to favor the company.
By prioritizing transparency and user choice, companies can enhance trust and ensure compliance while avoiding the pitfalls of deceptive design. As regulatory scrutiny increases, adopting these strategies will be crucial for maintaining top-notch practices. For more guidance, check out our consent banner style guide.
Navigating the maze of over 15 state privacy laws can be overwhelming for brands, especially when it comes to cookie and tracking consent. Privacy expert Kyle Comstock highlights that a solid consent strategy not only ensures compliance but also drives business growth.
This blog outlines three key compliance approaches: opt-in notices, opt-out models, and strategies for regions without specific policies. By adopting a few straightforward consent models, brands can simplify their compliance efforts and build consumer trust. You can learn more in our Guide to Consent Management.