The California Privacy Protection Agency, the nation's first dedicated privacy regulator, has “many investigations underway,” Executive Director Ashkan Soltani said at a partially virtual CPPA board meeting Friday. Soltani estimated that the agency has received about 100 complaints from consumers since forming in 2021. The CPPA’s data broker registry is up and running after a 2023 bill transferred it to the agency from the California DOJ, Soltani said. Many have since registered and CPPA plans to publish a list of registrants in March, he said. Staff is preparing a proposed rulemaking package including cybersecurity risk assessments, automated decision-making technology for the next board meeting, said Soltani: Staff is incorporating feedback from board members after the Dec. 8 meeting (see 2312080064). In addition, staff is writing draft language and speaking with possible legislative authors for a potential bill that would require browser vendors to let users exercise their California privacy rights through a global opt-out signal, said Maureen Mahoney, deputy director-policy and legislation. “We’re confident that we have adequate resources to effectively sponsor the bill.” CPPA's board voted at last month’s meeting to advance the legislative proposal. The board considered a draft 2024-27 strategic plan with the mission statement: “Protect consumers’ privacy, ensure that businesses and consumers are well-informed about their rights and obligations, and vigorously enforce the law against businesses that violate consumers’ privacy rights.”
Radio broadcaster Audacy’s bankruptcy restructuring won't signal a huge shift for radio but could discourage outside investment in the medium, industry analysts and media brokers said in interviews this week. Audacy’s bankruptcy is expected to proceed much like those of Cumulus and iHeartMedia, they added. “The industry has been through this before,” Tideline Partners media broker Gregory Guy said. Audacy has 230 radio stations in 46 markets and is the country’s second-largest radio group.
Data brokers don’t have a “free license” to sell sensitive location data, FTC Chair Lina Khan said Tuesday, announcing the agency’s first ban on selling location data. The agency announced a nonmonetary settlement with Virginia-based X-Mode Social and Outlogic, its successor. Until May, the company lacked policies "to remove sensitive locations from the raw location data it sold,” the FTC said. X-Mode/Outlogic didn’t “implement reasonable or appropriate safeguards against downstream use of the precise location data it sells, putting consumers’ sensitive personal information at risk,” it added. The commission approved a consent order 3-0 with the company. X-Mode now faces fines of up to $50,120 per violation for future infractions. X-Mode must implement a program with continuous review of its data sets and prevent disclosure of sensitive location data. In addition, it must delete all location data it previously collected. Sen. Ron Wyden, D-Ore., applauded the agency for “taking tough action to hold this shady location data broker responsible.” He said that in 2020, he “discovered that the company had sold Americans' location data to U.S. military customers through defense contractors.” The FTC action is “encouraging,” but Congress needs to pass legislation allowing regulators to hold data brokers more accountable, Wyden said. An attorney for X-Mode didn’t comment Tuesday.