Concord Privacy News: 8/19/24
Concord’s Latest Product Release Includes Automatic Language Translation, Improved Self-Service Billing, & More
The latest Concord product release includes a number of enhancements, including:
- Automatic language translation of the Consent Banner & Privacy Center content in 35 languages (based on the user’s browser language settings). Admins can easily enable/disable translation with the flip of a switch.
- A new “Ignored” category for trackers (cookies, scripts, iframes) to provide better insight and control and to help ensure compliance with stricter data privacy laws like GDPR. It is particularly important to correctly detect and block scripts and iframes since they often set data like cookies, which is disallowed by GDPR even if deleted right away. Concord’s new feature provides an easy solution to this complex problem.
- The ability to add a PII type classification to all data categories, including the ability to change the PII type for new and existing data categories in the Admin UI and via the Privacy API.
- Improved billing controls and reporting for metered billing usage.
This release also includes a number of other minor enhancements and fixes. Read the full product release notes here.
Other Privacy News of Note
Rhode Island Joins the Privacy Protection Movement with New Data Act
In a significant step towards enhancing consumer privacy, Rhode Island has become the 19th state to enact comprehensive privacy legislation. The Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA) was passed by the state legislature on June 13, 2024, and signed into law on June 29. Set to take effect on January 1, 2026, this new act introduces important changes to the state's data privacy landscape.
While the RIDTPPA largely follows the standard model seen in most non-California state privacy laws, it introduces several unique features that businesses should be aware of:
- Broad privacy notice requirements: Unlike many other state laws, the RIDTPPA's privacy notice rules apply to all commercial websites and internet service providers, even those not subject to the Act's other provisions.
- Extensive disclosure requirements: The Act mandates more comprehensive disclosures regarding the sale of personal data to third parties. For example, it requires companies to disclose “all third parties to whom the controller has sold or may sell customers’ personally identifiable information.”
- No cure period: Notably, the RIDTPPA does not include a cure period for potential violations, departing from the approach taken by some other states. This means the state attorney general (AG) — who is responsible for enforcing the Act — will not be required to give companies who have violated the Act time to correct their non-compliant practices.
As the implementation date approaches, businesses operating in Rhode Island should carefully review the Act's provisions to ensure compliance with these new data protection standards. For more information on how Concord can help companies easily comply with this and other data privacy regulations, visit our website.
Meta Agrees to Pay Texas $1.4 Billion in Largest State Data Privacy Settlement
Texas announced on Tuesday that Meta, Facebook’s parent company, will pay $1.4 billion in the largest data privacy settlement brought by a state. The lawsuit, which Texas brought in 2022, alleged that Meta illegally collected millions of Texans’ biometric information without consent, violating the state’s Capture or Use of Biometric Identifier Act and the Deceptive Trade Practices Act. Read more.
X Hit with Austrian Data Use Complaint Over AI Training
Austrian advocacy group NOYB on Monday filed a complaint against social media platform X accusing the Elon Musk-owned company of training its artificial intelligence (AI) with users' personal data without their consent in violation of EU privacy law. The group led by privacy activist Max Schrems announced that it had filed General Data Protection Regulation (GDPR) complaints with authorities in nine European Union authorities to ramp up pressure on the Irish data protection authority DPC. Read more.