The Latest Privacy & Data Protection News for June 2023

Co-founder and President of Termageddon

Welcome to the exciting world of Privacy & Data Protection News!

In June, three new privacy laws were passed – in Indiana, Tennessee and Montana. We are tracking these laws for regulations and will make updates to client policies prior to their effective dates.

We’re tracking many more bills this year- make sure to follow us on social media at @termageddon for the latest updates! We hope that you find this helpful for staying up to date with the myriad changes in the privacy field.

What’s new in privacy?

Below are some of the most notable news in privacy from this month:

Indiana SB5 signed into law. On May 1, 2023, the Governor of Indiana signed Indiana SB5, a comprehensive privacy law, meaning that Indiana has joined the state privacy law patchwork. The new law goes into effect on July 1, 2026, requires certain businesses to have a Privacy Policy and provides the following privacy rights to residents of Indiana: the right to confirm whether a business is processing the consumer’s personal data and to access such data, the right to correct, the right to delete, the right to portability, the right to appeal a decision made regarding a privacy rights request, and the right to opt out of targeted, the sale of personal data, and profiling. Learn more here.
Tennessee Information Protection Act (TIPA) signed into law. On May 15, 2023, TIPA was enrolled into law. The law requires certain businesses to have a Privacy Policy and provides privacy rights to residents of Tennessee such as the right to confirm whether a controller is processing the consumer’s personal information and to access that information, the right to correct, the right to delete, the right to portability, the right to opt out of sales of personal information and the right to not be discriminated against. Learn more here.
Montana Consumer Data Privacy Act (MCDPA) signed into law. The MCDPA will go into effect on October 1, 2024 and will require certain businesses to have a Privacy Policy and will provide residents of Montana with the right to confirm whether a controller is processing an individual’s personal data and to access that data, the right to correct, the right to delete, the right to portability, the right to opt out of targeted advertising, profiling and sale of personal data and the right to not be discriminated against. Learn more here.
Marking five years of GDPR. GDPR became applicable five years ago, on May 25, 2018. Since then, there have been more than 1,700 enforcement actions and 32 rulings by the Court of Justice of the European Union. Read more here.
Meta fined 1.2 billion euros for violations of GDPR. The Ireland Data Protection Commission has fined Meta 1.2 billion euros for unlawful data transfers from the European Union to the United States. The order accompanying the fine also required Meta to suspend future transfers of personal data to the United States within five months of the decision and to bring its processing operations into compliance within six months of the notification. Read more here.
Google to pay $39.9 million settlement. Washington’s Attorney General announced that the lawsuit with Google over location tracking practices has been settled. The settlement stemmed from the alleged deceptive collection of location data. In addition to paying the settlement fee, Google is also required to be more transparent with consumers about how it tracks and uses consumer data. Read more here.
Montana bans TikTok. The Governor of Montana signed SB419, which bans TikTok from operating in the state and prohibits mobile app stores from offering the app within Montana. The ban stems from alleged privacy violations and the release of data to foreign adversaries such as the Chinese Communist Party. Learn more here.
Ovulation app banned from sharing health data. The Federal Trade Commission has proposed an order that bans the app Premom from sharing health data for advertising purposes. The order alleges that such sharing of sensitive personal and health data without notifying consumers violates the Health Breach Notification Rule. Read more here.
CNIL fines website 380,000 for cookie consent violations. The website Doctissimo was fined by the French Data Protection Authority for failure to store data for no longer than necessary, failure to obtain individuals’ consent to collect the data and failure to adequately secure personal data. Read more here.
Cybercriminals impersonate ChatGPT. Check Point Research found that cybercriminals have been creating ChatGPT-related domains with the intention of luring users into downloading malicious files or disclosing sensitive information. Users who visit such domains are prompted to enter highly sensitive information such as login credentials, credit card numbers, or personally identifiable information. The attackers then use this information for identity theft or other nefarious purposes. Learn more here.

What privacy bills are we tracking?

As part of our service, we keep track of privacy bills that would affect the way Privacy Policies are written. Below is our most recent list of privacy bill proposals in the United States. You can access the privacy bill tracker any time on our blog.

Events

Here are some great virtual events that you can attend to learn more about the hottest issues in privacy and meet other privacy professionals:

If you made it this far, you’re a fellow privacy nerd! So, be sure to subscribe to our podcast, Privacy Lawls, where we talk privacy with some of the leaders in the industry.

About the Author

Donata Stroink-Skillrud

Donata is the Co-founder and President of Termageddon and a licensed attorney and Certified Information Privacy Professional. She serves as the Vice-Chair of the American Bar Association's ePrivacy Committee and the Chair of the Chicago Chapter of the International Association of Privacy Professionals.

Search the Site