Oracle has proposed a $115 million settlement to resolve a class action lawsuit accusing the company of unlawfully collecting and selling users' data without consent.
On September 6, the EU published a FAQ on the Data Act, explaining its relationship with the GDPR and addressing issues related to IoT data access and business-to-business data sharing.
On September 9, the U.S. IoT Cybersecurity Label, known as the "Cyber Trust Mark," came into effect to enhance the security of consumer IoT devices.
This study looked at the cookie consent practices of 64 Fortune 500 companies that directly engage with European customers. By simulating customers interacting with the website, the research scrutinizes how these global companies adhere to regulation. A staggering 70% of the evaluated websites do not comply with GDPR cookie consent requirements, indicating a substantial gap in adherence to privacy laws among even the biggest companies.
On August 30, the U.S. Federal Trade Commission (FTC) settled with security company Verkada, which will pay a $2.95 million penalty and implement stronger security measures following a lawsuit from the Department of Justice (DOJ).
On August 23, Brazil's National Data Protection Authority (ANPD) approved new regulations on international data transfers, including the adoption of Standard Contractual Clauses (SCCs) as a legal mechanism. These regulations require companies to ensure compliance with Brazil's LGPD and implement transparency measures for cross-border data transfers.