DPIA Research - A collection of primary documents which show how Data Protection Impact Assessments are created

DPIAResearch.eu is an independent academic repository of Data Protection Impact Assessments, offering transparent resources and expert GDPR consulting for organisations facing complex data privacy challenges.

4 DPDPA Tools You Need To Get Compliant

The Digital Personal Data Protection Act, 2023, highlights the significance of protecting personal data in the digital age and makes substantial modifications to India's data protection laws. With these new regulations come obligations for businesses to ensure compliance and protect the privacy and security of Indian citizens' personal data.

In this blog, we'll explore four essential DPDPA tools that can assist your organisation in achieving compliance:

Consent Management PlatformGrievance Redressal System

Assessments and Audits Tool

DPDP Act Awareness Program

Digital Personal Data Protection Act (DPDPA) Compliance Checklist

To ensure that your organisation complies with the Digital Personal Data Protection Act, 2023, take the following steps:

1. Obtain explicit consent

Prior to processing, collecting, using, or sharing personal information, ensure explicit consent is obtained from data principals.

2. Issue Retroactive Consent Notices

Provide retroactive consent notices for any consents obtained before the enactment of the law to ensure transparency and compliance.

3. Manage Data Principal Requests

Respond promptly to data principals' requests to access, correct, update, or remove their personal data to uphold their rights.

4. Conduct Periodic DPIAs

Conduct Data Protection Impact Assessments regularly to assess and manage risks associated with personal data processing.

5. Create DPDP Training Program For Employees

Establish a comprehensive training program to educate and empower employees about their responsibilities under the Data Protection and Privacy Act (DPDPA), reducing the likelihood of non-compliance.

6. Appoint Independent Auditor & DPOs

Appoint independent auditors and dedicated Data Protection Officers (DPOs) to oversee compliance efforts and ensure accountability within the organisation.

These are the basics of building compliance with the Digital Personal Data Protection Act, by doing so, organisations can uphold the data processing hygiene that the DPDPA law mandates.

Tools to Build Digital Personal Data Protection Act (DPDPA) Compliance For Companies

With data privacy regulations becoming increasingly stringent, it's essential for businesses to ensure compliance to protect the personal information of individuals. Let's explore four DPDPA tools and how they can help your organisation build compliance:

1. Consent Management Tool

Getting the data principals' explicit consent is required under DPDPA Section 6. It is necessary to take explicit affirmative action in order for this consent to be freely granted, specific, informed, unconditional, and unambiguous. It should be clear about the data used and the purpose for which the individual has granted consent.

Notice: A notice must also be sent along with the consent detailing the nature of the personal data, the reason for processing it, the rights of the data principal, and how they may exercise those rights. These notices should be written in plain, easy-to-read language and must include a link to see the notice in any of the languages listed in the Eighth Schedule of the Constitution in addition to English.

Problem: Managing consent requests manually is not only challenging but also prone to manual error leaving gaps in your organisations compliance building efforts.

Solution: An automated Consent Management tool can be used to manage, monitor, and track consent requests.

2. Data Principal Grievance Redressal Platform

Under Section 12 of the DPDPA, data principals have the right to access, update, or delete their personal data. To avoid penalties that go up to INR 250cr, companies need to respond to these requests in a reasonable time frame.

Problem: To fast-track and resolve these data principal requests in time and also have tangible proof as evidence if needed.

Solution: An automated grievance redressal tool enables data principals to assert their rights via a user-friendly platform, managed by DPOs and stakeholders.

3. Automated Data Protection Impact Assessments (DPIAs)

Under the DPDP Act, appointing a Data Protection Officer (DPO) as the central point of contact for all aspects of the act is essential for your role as a Significant Data Fiduciary. The DPOs must conduct periodic Data Protection Impact Assessments (DPIAs) to evaluate and mitigate risks to ensure compliance.

A Data Protection Impact Assessment is a structured process created to assist in systematically analyzing, identifying, and minimizing risks related to data protection.

Problem: Small and medium-sized businesses (SMEs) can benefit from using built-in templates, but bigger organisations and Significant Data Fiduciaries (SDFs) need a more reliable and scalable solution to handle the significant processing and gathering of personal data.

Solution: The Data Protection Impact Assessment (DPIA) Tool enables Data Protection Officers (DPOs) to conduct DPIAs, track identified risks, and ensure compliance with regulatory requirements by providing a user-friendly platform.

4. DPDP Act Employee Training & Awareness

Under the Digital Personal Data Protection Act 2023, all employees handling personal data on behalf of organisations must understand their responsibilities under the law and also ways to tackle breach in emergencies.

Solution: DPDP Consultants’ Data Protection Awareness Program (DPAP) is a subscription-based DPDPA tool that enables companies to conduct regular and mandatory awareness sessions, followed by assessments.

By fostering a culture of compliance within your organisation, you can minimize the risk of non-compliance and build trust with customers and stakeholders.

Conclusion

Achieving compliance with the Data Privacy and Protection Act (DPDPA) is crucial for businesses operating in today's digital landscape. The four DPDPA tools discussed in this blog offer indispensable support in navigating the complexities of data privacy and protection regulations. These tools empower organisations to handle their data privacy requirements efficiently and automate manual tasks that are prone to error.

By implementing these tools, businesses can streamline their compliance efforts, and foster trust with their customers by demonstrating a commitment to protecting their sensitive information. Investing in robust DPDPA tools is becoming exceedingly necessary as the regulatory environment changes to maintain long-term compliance and protect the integrity of your company's data operations.

Embracing these tools not only helps businesses meet regulatory requirements but also positions them for success in an increasingly data-driven world.

Ready To Automate DPDPA compliance?

Contact DPDP Consultants today to learn more about our innovative tools and services to help secure and make your business DPDP Compliant today. 

Data Protection: Legal Safeguards for Your Business

In today’s digital age, data is the lifeblood of most businesses. Customer information, financial records, and intellectual property – all this valuable data resides within your systems. However, with this digital wealth comes a significant responsibility: protecting it from unauthorized access, misuse, or loss. Data breaches can have devastating consequences, damaging your reputation, incurring…

View On WordPress

Safeguarding Coastal Communities: MGB Conducts Vital Coastal Vulnerability Assessment in Caraga Town

Scan the QR code to get this post on the go. In a proactive move to monitor climate-induced hazards, the Mines and Geosciences Bureau (MGB) recently conducted a comprehensive coastal vulnerability assessment in Caraga town, Davao Oriental. The aim was to analyze and address potential risks posed by erosion, tsunamis, storm surges, and sea level rise in these inherently susceptible coastal…

View On WordPress

A major review of over 67,000 animal species has found that while the natural world continues to face a biodiversity crisis, targeted conservation efforts are helping bring many species back from the brink of extinction.

The study draws on data from the IUCN Red List, the world's largest database of species conservation status. The researchers say their results, reported in the journal PLOS Biology, highlight both the successes and the need for urgent action.

The world is facing a global biodiversity crisis, with 28% of more than 160,000 assessed species threatened with extinction, and an estimated one million species facing this fate due to human activities. However, conservation measures can be successful if there is concrete evidence about what works.

The researchers, led by the University of Cambridge with the IUCN, BirdLife International, and Oxford and Durham Universities, used Red List data to assess whether conservation measures had been put in place, and whether those actions had a positive impact on a given species' conservation status.

"We found that almost all the species that have moved from a more threatened category to a less threatened category have benefited from some sort of conservation measures," said lead author Ashley Simkins, a Ph.D. candidate in Cambridge's Department of Zoology. "It's a strong signal that conservation works."

While there is no 'one size fits all' solution, the researchers observed some connections between conservation success stories. Many of these species live in isolated areas, such as islands, where intensive conservation efforts—such as habitat protection, captive breeding and reintroductions—can be fully implemented.

"While biodiversity loss is a genuine crisis, it's vital that we celebrate the success stories wherever and whenever we can," said Simkins. "It's so hard for a species to improve its conservation status, but with the right effort, we can turn things around."

The Iberian lynx, once the world's most endangered cat, has rebounded from just a few hundred individuals to a few thousand. Likewise, the kākāpō, a flightless parrot from New Zealand, has benefited from dedicated recovery programs. And the European bison, which was hunted to extinction in the wild in the early 20th century, now roams parts of Eastern Europe thanks to sustained conservation efforts over decades.

Marine species have also seen dramatic recoveries. Humpback and blue whales, once driven to the brink of extinction by commercial whaling, have made a comeback after an international moratorium on whaling. However, despite these success stories, the study found that six times more species are declining than improving.

The researchers say that, like human health care, preventative measures in conservation are preferable and more cost-effective to emergency interventions.

"Humans have gotten pretty good at what could be considered 'A&E' conservation—focusing on species at very high risk of extinction," said Simkins. "What we're less good at is preventing species from becoming threatened in the first place. We need to move beyond treating the symptoms of biodiversity loss and start addressing the root causes."

The researchers also emphasize the need for collaborative, locally driven conservation. In Papua New Guinea, for example, conservationists worked with local communities to replace tree kangaroo hunting with sustainable forms of animal protein, including farming of chickens and fishing—an approach that benefitted both people and wildlife.

"It's vital that we as conservationists are working with stakeholders, rather than dictating to them, whether that's an Indigenous community in Papua New Guinea or a farmer in Somerset," said Simkins.

"Conservation doesn't have to be a zero-sum game—there are compromises that can benefit both the natural world and human society."

"In this climate of constant stories about wildlife declines and insufficient political action to protect nature, it's important to realize that there are also many success stories and that conservation efforts are making a real, demonstrable impact on the world," said co-senior author Dr. Silviu Petrovan, also from the Department of Zoology. "Conservation works if given the chance."

"This research sheds light on which actions to save species have been effective, and what interventions are needed," said co-author Dr. Stuart Butchart, Chief Scientist at BirdLife International. "Governments need to turn their words into actions, and rapidly scale up efforts to save species from extinction and help populations to recover. Safeguarding our natural heritage for future generations depends upon this."

"The IUCN Red List of Threatened Species informs and guides on-the-ground conservation decisions; actions which are further guided by the research presented in this publication," said co-author Craig Hilton-Taylor, Head of the IUCN Red List.

"Almost everyone will have their own favorite example of a conservation success story, whether it's the bald eagle in North America, or the red kite in the UK," said Simkins. We need joint action to ensure these positive stories aren't the exception—they're the norm."

URGENT WARNING FOR UK ARTISTS

URGENT! UK AI COPYRIGHT VOTE NEXT WEEK! Gov removed vital artist protections. CONTACT YOUR MP NOW to reinsert Baroness Kidron's amendments & defend UK creators! Stay informed and protect your creative RIGHTS! It's ENDs on MAY 7th, 2025!

IF YOU'RE IN THE UK CONTACT YOUR LOCAL MP:

IF YOU'RE OUTSIDE THE UK PLEASE SPREAD THE WORD, IF THIS GOES THROUGH UNCHANGED IT SETS A DANGEROUS PRECIDENT FOR ALL CREATIVES!

Dandelion News - February 22-28

Like these weekly compilations? Tip me at $kaybarr1735 or check out my Dandelion Doodles! (This month’s doodles will be a little delayed since I wasn’t able to work on them throughout the month)

1. City trees absorb much more carbon than expected

“[A new measurement technique shows that trees in LA absorb] up to 60% of daytime CO₂ emissions from fossil fuel combustion in spring and summer[….] Beyond offering shade and aesthetic value, these trees act as silent workhorses in the city’s climate resilience strategy[….]”

2. #AltGov: the secret network of federal workers resisting Doge from the inside

“Government employees fight the Trump administration’s chaos by organizing and publishing information on Bluesky[…. A group of government employees are] banding together to “expose harmful policies, defend public institutions and equip citizens with tools to push back against authoritarianism[….]””

3. An Ecuadorian hotspot shows how forests can claw back from destruction

“A December 2024 study described the recovery of ground birds and mammals like ocelots, and found their diversity and biomass in secondary forests was similar to those in old-growth forests after just 20 years. [… Some taxa recover] “earlier, some are later, but they all show a tendency to recover.””

4. Over 80 House Democrats demand Trump rescind gender-affirming care ban: 'We want trans kids to live'

“[89 House Democrats signed a letter stating,] "Trans young people, their parents and their doctors should be the ones making their health care decisions. No one should need to ask the President’s permission to access life-saving, evidence-based health care." "As Members of Congress, we stand united with trans young people and their families.”“

5. Boosting seafood production while protecting biodiversity

“A new study suggests that farming seafood from the ocean – known as mariculture – could be expanded to feed more people while reducing harm to marine biodiversity at the same time. […] “[… I]t’s not a foregone conclusion that the expansion of an industry is always going to have a proportionally negative impact on the environment[….]””

6. U.S. will spend up to $1 billion to combat bird flu, USDA secretary says

“The USDA will spend up to $500 million to provide free biosecurity audits to farms and $400 million to increase payment rates to farmers who need to kill their chickens due to bird flu[….] The USDA is exploring vaccines for chickens but is not yet authorizing their use[….]”

7. An Innovative Program Supporting the Protection of Irreplaceable Saline Lakes

“[… T]he program aims to provide comprehensive data on water availability and lake health, develop strategies to monitor and assess critical ecosystems, and identify knowledge gaps to guide future research and resource management.”

8. EU to unveil ​‘Clean Industrial Deal’ to cut CO2, boost energy security

“The bold plan aims to revitalize and decarbonize heavy industry, reduce reliance on gas, and make energy cheaper, cleaner, and more secure. […] By July, the EU said it will ​“simplify state aid rules” to ​“accelerate the roll-out of clean energy, deploy industrial decarbonisation and ensure sufficient capacity of clean-tech manufacturing” on the continent.”

9. Oyster Restoration Investments Net Positive Returns for Economy and Environment

“Researchers expect the restored oyster reefs to produce $38 million in ecosystem benefits through 2048. “This network protects nearly 350 million oysters[….]” [NOAA provided] $14.9 million to expand the sanctuary network to 500 acres by 2026 […] through the Bipartisan Infrastructure Law.”

10. Nations back $200 billion-a-year plan to reverse nature losses

“More than 140 countries adopted a strategy to mobilize hundreds of billions of dollars a year to help reverse dramatic losses in biodiversity[….] A finance strategy adopted to applause and tears from delegates, underpins "our collective capacity to sustain life on this planet," said Susana Muhamad[….]”

February 15-21 news here | (all credit for images and written material can be found at the source linked; I don’t claim credit for anything but curating.)

Also preserved on our archive

By Pandora Dewan

COVID-19 may leave some people with lasting memory problems long after their infection has cleared, new research has found, with the findings particularly pronounced among those who suffered from the earliest variants of the virus.

COVID-19 is known for its respiratory symptoms. But we are increasingly learning that SARS-CoV-2—the virus that causes the infection—can affect our brains too. Brain fog, cognitive deficits, and loss of smell and taste are commonly reported symptoms of the virus and some report these neurological symptoms long after the initial infection has subsided.

Scientists aren't entirely sure why the virus causes these symptoms, although lab-based studies have shown that the virus can disrupt the protective barrier that surrounds our brains and prevents foreign substances, like viruses, from entering. Research has also shown that the virus appears to affect the ability of our brain cells to communicate with each other, producing either too much or too little of key signaling molecules in the brain.

In a new study, published in the journal eClinicalMedicine, researchers from Imperial College London, King's College London and University College London Hospital in the United Kingdom set out to investigate the persistence of these cognitive symptoms even after milder COVID-19 infections.

In the study, 18 consenting unvaccinated volunteers with no prior exposure to SARS-CoV-2 were intentionally infected with the virus and monitored regularly over a 360-day period. Their cognitive function was measured at different points throughout the study and compared to what it had been before they were infected. They were also compared against 16 volunteers who were not infected with the virus.

This type of study is called a human challenge study and offer valuable insights into the onset of diseases and how they develop in a controlled medical environment.

"This is the first and probably will be the only Human Challenge Study to be conducted with Wildtype SarS-CoV-2 in people who were unvaccinated and who had not previously had the virus," the study's lead author Adam Hampshire, a professor of cognitive and computational neuroscience at King's College London and visiting professor at Imperial College London's Department of Brain Sciences, told Newsweek.

He added: "It also is the first study to apply detailed and sensitive assessments of cognitive performance from pre to post infection under controlled conditions. In this respect, the study provides unique insights into the changes that occurred in cognitive and memory function amongst those who had mild COVID-19 illness early in the pandemic."

During the study, the volunteers who were infected showed statistically significant reductions in cognitive and memory functions compared to those who did not receive the virus. These symptoms did not emerge right away but lasted for at least a year after the initial infection. This aligns with previous research from Hampshire's lab that sampled data from over 100,000 adults.

"Our previous research has shown that cognitive effects were the most pronounced for people who were ill with early virus variants, those who had persistent symptoms and those who were hospitalized," Hampshire said.

However, in the recent study, these long-lasting cognitive impacts were even seen in those who experienced milder symptoms (although it is worth noting that this may not be the case with newer variants of the virus).

So, how does the virus cause these cognitive impairments? Well, we still don't know for sure, but Hampshire said that those who had been infected with the virus showed an increase in a protein in the brain that is often associated with a brain injury.

"Future research should examine the biological mechanisms that mediate this relationship, determine how they differ to those observed for other respiratory infections, and explore whether targeted interventions can normalize these memory and executive processes," the researchers write in their study.

References Proust, A., Queval, C. J., Harvey, R., Adams, L., Bennett, M., & Wilkinson, R. J. (2023). Differential effects of SARS-CoV-2 variants on central nervous system cells and blood-brain barrier functions. Journal of neuroinflammation, doi.org/10.1186/s12974-023-02861-3

Trender, W. et al. (2024) Changes in memory and cognition during the SARS-CoV-2 human challenge study. eClinicalMedicine, doi.org/10.1016/j.eclinm.2024.102842

Hampshire, A., Azor, A., Atchison, C., Trender, W., Hellyer, P. J., Giunchiglia, V., Husain, M., Cooke, G. S., Cooper, E., Lound, A., Donnelly, C. A., Chadeau-Hyam, M., Ward, H., & Elliott, P. (2024). Cognition and Memory after Covid-19 in a Large Community Sample. The New England journal of medicine. doi.org/10.1056/NEJMoa2311330

Trump and Palantir Forge a Pan-Government Surveillance State, Empowering Tech Oligarchs and Silencing Critics

Source article for analysis: https://newrepublic.com/post/195904/trump-palantir-data-americans

1. Narrative Framing

Simplicity & “Common-Sense” Appeal The administration casts cross‐agency data‐sharing as an efficiency and “government modernization” measure, flattening complex privacy and constitutional concerns into a feel-good story about bureaucratic streamlining. This preloads the conclusion that any objection is mere technophobia or red tape, rather than a debate over surveillance power.

Binary Framing (“Security vs. Chaos”) By emphasizing “national security” and “public safety,” critics are implicitly positioned as indifferent to immigrant crime or terrorism, pressuring dissenters to choose between safety and liberty—an either-or that forecloses nuanced policy discussion.

2. Emotional Engineering

Fear & Resentment References to “enforcing the March executive order,” “punish his critics,” and fears of immigrant targeting stoke anxiety about arbitrary state power. This fear is then channeled into loyalty among “true patriots” who trust the administration to wield that power wisely.

Pride & Tribal Bonding Invoking a “war on inefficiency” and naming a “far-right billionaire” ally provides a rallying narrative for supporters who see themselves as part of an inner circle, engendering pride in being on the “winning team.”

3. Pipeline On-Ramps & Ecosystem Mapping

Soft Entry via “Modernization” Pitches around “data modernization” and “innovation” serve as gateway content—memes and soundbites in tech-oriented outlets gradually introduce audiences to more radical surveillance proposals.

Content Funnel

Friendly tech press (“efficiency gains”)

Conservative opinion pieces (“keep America safe”)

Policy white papers and FOIA-leaked memos (“full database blueprints”)

Private sector deep dives (Palantir user groups, DOD contractor briefings)

4. Dog Whistles & Euphemisms

“National Security” Sanitized language for mass surveillance and immigrant tracking.

“Data-Driven Governance” A euphemism that hides the indiscriminate collection of personal information under the veneer of neutral analytics.

“Government Efficiency” Code for centralizing power and reducing agency-specific safeguards that currently protect civil liberties.

5. Archetypes & Mythos

Tech-Militarist Savior Casting Peter Thiel and Alex Karp as modern “warrior-lords” of data who will “defend” America—evoking the warrior archetype that simplifies identity into a battle of “us vs. them.”

Fallen Homeland Narrative Suggests America’s institutions are backward and corrupt, needing a techno-strongman to resurrect core values—mirroring the “rise-from-ruin” mythos common in alt-right rhetoric.

6. Strategic Impact Assessment

Real-World Mobilization This intel could be used to silence dissidents (through audits, visa denials, or targeted prosecutions), chill protest activity, and surveil immigrant communities disproportionately.

Beneficiaries & Victims Tech oligarchs (Thiel, Musk) and the Trump political machine gain concentrated power; critics, immigrants, student activists, and labor organizers become object lessons.

7. Vibe Warfare & Identity Signals

Stoic Realist Aesthetic Dark, angular visuals of data centers and code screens reinforce a mood of uncompromising techno-authority.

“Based” Tech Patriotism Pittings of “innovation bros” vs. “liberal elites,” using jargon (“Foundry,” “Grok”) as in-group markers to foster parasocial loyalty among tech-savvy conservatives.

8. Epistemic Booby Traps & Self-Sealing Logic

“If you have nothing to hide…” Pre-emptively discredits objections by labeling them paranoia or disloyalty, barring dissenting evidence from being taken seriously.

Data as Truth Presents analytics as inherently objective, making any critique of methodology or oversight seem “anti-science.”

9. Irony Shielding & Tone Drift

Tech-Bro Irony Occasional self-deprecating jokes about “big brother” memes allow participants plausible deniability (“We’re just goofing, who doesn’t love tech?”), while the surveillance machinery locks in.

Memetic Alchemy Use of playful GIFs or “dank” one-liners about “tracking your ex’s Starbucks habit” masks the seriousness of mass data collection.

A data broker owned by the country’s major airlines, including Delta, American Airlines, and United, collected US travelers’ domestic flight records, sold access to them to Customs and Border Protection (CBP), and then as part of the contract told CBP to not reveal where the data came from, according to internal CBP documents obtained by 404 Media. The data includes passenger names, their full flight itineraries, and financial details.

CBP, a part of the Department of Homeland Security (DHS), says it needs this data to support state and local police to track people of interest’s air travel across the country, in a purchase that has alarmed civil liberties experts.

The documents reveal for the first time in detail why at least one part of DHS purchased such information, and comes after Immigration and Customs Enforcement (ICE) detailed its own purchase of the data. The documents also show for the first time that the data broker, called the Airlines Reporting Corporation (ARC), tells government agencies not to mention where it sourced the flight data from.

“The big airlines—through a shady data broker that they own called ARC—are selling the government bulk access to Americans' sensitive information, revealing where they fly and the credit card they used,” senator Ron Wyden said in a statement.

ARC is owned and operated by at least eight major US airlines, other publicly released documents show. The company’s board of directors include representatives from Delta, Southwest, United, American Airlines, Alaska Airlines, JetBlue, and European airlines Lufthansa and Air France, and Canada’s Air Canada. More than 240 airlines depend on ARC for ticket settlement services.

ARC’s other lines of business include being the conduit between airlines and travel agencies, finding travel trends in data with other firms like Expedia, and fraud prevention, according to material on ARC’s YouTube channel and website. The sale of US fliers’ travel information to the government is part of ARC’s Travel Intelligence Program (TIP).

A Statement of Work included in the newly obtained documents, which describes why an agency is buying a particular tool or capability, says CBP needs access to ARC’s TIP product “to support federal, state, and local law enforcement agencies to identify persons of interest’s US domestic air travel ticketing information.” 404 Media obtained the documents through a Freedom of Information Act (FOIA) request.

The new documents obtained by 404 Media also show ARC asking CBP to “not publicly identify vendor, or its employees, individually or collectively, as the source of the Reports unless the Customer is compelled to do so by a valid court order or subpoena and gives ARC immediate notice of same.”

The Statement of Work says that TIP can show a person’s paid intent to travel and tickets purchased through travel agencies in the US and its territories. The data from the Travel Intelligence Program (TIP) will provide “visibility on a subject’s or person of interest’s domestic air travel ticketing information as well as tickets acquired through travel agencies in the U.S. and its territories,” the documents say. They add that this data will be “crucial” in both administrative and criminal cases.

A DHS Privacy Impact Assessment (PIA) available online says that TIP data is updated daily with the previous day’s ticket sales, and contains more than one billion records spanning 39 months of past and future travel. The document says TIP can be searched by name, credit card, or airline, but ARC contains data from ARC-accredited travel agencies, such as Expedia, and not flights booked directly with an airline. “If the passenger buys a ticket directly from the airline, then the search done by ICE will not show up in an ARC report,” that PIA says. The PIA notes that the data impacts both US and non-US persons, meaning it does include information on US citizens.

“While obtaining domestic airline data—like many other transaction and purchase records—generally doesn't require a warrant, there's still supposed to go through a legal process that ensures independent oversight and limits data collection to records that will support an investigation,” Jake Laperruque, deputy director of the Center for Democracy & Technology's Security and Surveillance Project, told 404 Media in an email. “As with many other types of sensitive and revealing data, the government seems intent on using data brokers to buy their way around important guardrails and limits.”

CBP’s contract with ARC started in June 2024 and may extend to 2029, according to the documents. The CBP contract 404 Media obtained documents for was an $11,025 transaction. Last Tuesday, a public procurement database added a $6,847.50 update to that contract, which said it was exercising “Option Year 1,” meaning it was extending the contract. The documents are redacted but briefly mention CBP’s OPR, or Office of Professional Responsibility, which in part investigates corruption by CBP employees.

“CBP is committed to protecting individuals’ privacy during the execution of its mission to protect the American people, safeguard our borders, and enhance the nation’s economic prosperity. CBP follows a robust privacy policy as we protect the homeland through the air, land and maritime environments against illegal entry, illicit activity or other threats to national sovereignty and economic security,” a CBP spokesperson said in a statement. CBP added that the data is only used when an OPR investigation is open, and the agency needs to locate someone related to that investigation. The agency says the data can act as a good starting point to identify a relevant flight record before then getting more information through legal processes.

On May 1, ICE published details about its own ARC data purchase. In response, on May 2, 404 Media filed FOIA requests with ICE and a range of other agencies that 404 Media found had bought ARC’s services, including CBP, the Secret Service, SEC, DEA, the Air Force, US Marshals Service, TSA, and ATF. 404 Media found these by searching US procurement databases. Around a week later, The Lever covered the ICE contract.

Airlines contacted by 404 Media declined to comment, didn’t respond, or deferred to either ARC or DHS instead. ARC declined to comment. The company previously told The Lever that TIP “was established after the Sept. 11 terrorist attacks to provide certain data to law enforcement … for the purpose of national security matters” and criminal investigations.

“ARC has refused to answer oversight questions from Congress, so I have already contacted the major airlines that own ARC—like Delta, American Airlines, and United—to find out why they gave the green light to sell their customers' data to the government,” Wyden’s statement added.

US law enforcement agencies have repeatedly turned to private companies to buy data rather than obtain it through legal processes such as search warrants or subpoenas. That includes location data harvested from smartphones, utility data, and internet backbone data.

“Overall it strikes me as yet another alarming example of how the ‘Big Data Surveillance Complex’ is becoming the digital-age version of the military-industrial complex,” Laperruque says, referring to the purchase of airline data.

“It's clear the data broker loophole is pushing the government back towards a pernicious ‘collect it all’ mentality, gobbling up as much sensitive data as it can about all Americans by default. A decade ago the public rejected that approach, and Congress passed surveillance reform legislation that banned domestic bulk collection. Clearly it's time for Congress to step in again, and stop the data broker loophole from being used to circumvent that ban,” he added.

According to ARC’s website, the company only introduced multifactor authentication on May 15.

"A data broker owned by the country’s major airlines, including Delta, American Airlines, and United, collected US travelers’ domestic flight records, sold access to them to Customs and Border Protection (CBP), and then as part of the contract told CBP to not reveal where the data came from, according to internal CBP documents obtained by 404 Media. The data includes passenger names, their full flight itineraries, and financial details.

...

A DHS Privacy Impact Assessment (PIA) available online says that TIP data is updated daily with the previous day’s ticket sales, and contains more than one billion records spanning 39 months of past and future travel. The document says TIP can be searched by name, credit card, or airline, but ARC contains data from ARC-accredited travel agencies, such as Expedia, and not flights booked directly with an airline. “If the passenger buys a ticket directly from the airline, then the search done by ICE will not show up in an ARC report,” that PIA says. The PIA notes that the data impacts both US and non-US persons, meaning it does include information on US citizens.

“While obtaining domestic airline data—like many other transaction and purchase records—generally doesn't require a warrant, there's still supposed to go through a legal process that ensures independent oversight and limits data collection to records that will support an investigation,” Jake Laperruque, deputy director of the Center for Democracy & Technology's Security and Surveillance Project, told 404 Media in an email. “As with many other types of sensitive and revealing data, the government seems intent on using data brokers to buy their way around important guardrails and limits.”

...

“ARC has refused to answer oversight questions from Congress, so I have already contacted the major airlines that own ARC—like Delta, American Airlines, and United—to find out why they gave the green light to sell their customers' data to the government,” Wyden’s statement added."

Data Protection Impact Assessment guidance, DPIA Guidance, WP29 DPIA Guidance

Guidelines on Data Protection Impact Assessment (DPIA) (wp248rev.01) . DPIA guidance from EU Data Protection Authorities with clear steps, frameworks, and risk assessment advice to ensure GDPR compliance.

The U.S. Air Force Temporarily Moves 17 B-1B Bombers to Grand Forks AFB in North Dakota

David Cenciotti

B-1 to Grand Forks AFB

Seventeen aircraft and 800 people will relocate to Grand Forks Air Force Base in North Dakota, while Ellsworth Air Force Base, in South Dakota, is readied for the arrival of the B-21 Raider.

Beginning this month, the U.S. Air Force will temporarily transfer 17 B-1B Lancer bombers and 800 Airmen from Ellsworth Air Force Base, South Dakota, to Grand Forks AFB in North Dakota. The relocation is expected to last about 10 months, during which Ellsworth will undertake all the works required to welcome the Northrop Grumman B-21 Raider.

While at Grand Forks, the BONEs (the unofficially nickname of the bomber, from B-One) of the 28th Bomb Wing, will still carry out their usual assignments.

According to Col. Derek Oakley, the wing’s commander, the runway work is a big step toward getting ready for the Raider. He also noted how it reflects the Air Force’s dedication to the long-range bomber program and its impact on the local community.

“The runway construction at Ellsworth is a key milestone in ensuring we’re ready to receive the B-21 Raider. This project illustrates the U.S. Air Force’s commitment to our nation’s newest long-range strike bomber and to the surrounding community.”

In a press release, the U.S. Air Force said that Ellsworth residents might see more construction-related activity, while people living near Grand Forks should expect heavier military traffic and aircraft noise as operations ramp up.

B-1B relocation Grand Forks

A U.S. Air Force B-1B Lancer assigned to the 28th Bomb Wing, Ellsworth Air Force Base, South Dakota, takes off at Luleå-Kallax Air Base, Sweden, Feb. 26, 2024, during Bomber Task Force 24-2. (U.S. Air Force photo by Staff Sgt. Jake Jacobsen)

The first two Ellsworth’s bombers are expected to arrive at their “new” base this week, ahead of the full fleet’s arrival in early 2025. Routine inspections and repairs will take place at Grand Forks, but larger maintenance tasks will be handled by the 7th Bomb Wing at Dyess AFB, Texas. From there, Ellsworth bombers were launched in Global Strike missions in Iraq and Syria: in the night between Feb. 2 and 3, 2024, they took part in the air strikes on seven facilities, which included more than 85 targets in Iraq and Syria, that Iran’s Islamic Revolutionary Guard Corps (IRGC) and affiliated militias used to attack U.S. and Coalition Forces in northeastern Jordan which had killed three U.S. soldiers on Jan. 28.

The 319th RW at Grand Forks AFB, is the headquarters operating the RQ-4B Global Hawk high-altitude, long-endurance Intelligence, Surveillance and Reconnaissance unmanned aircraft launched and flown remotely all over the world. Supporting a critical Air Force mission, sensor operators of the 319th RW analyze pattern-of-life data to help protect NATO’s eastern flank and oversee several strategically important operational areas.

Col. Tim Monroe of the 319th Reconnaissance Wing highlighted the benefits of integrating B-1 operations into Grand Forks’ existing drone-focused setup, which uses RQ-4B Global Hawks for surveillance worldwide:

“There’s no doubt integrating the B-1 community into our Grand Forks Unmanned Aerial System ecosystem will pay dividends for everyone involved. This temporary relocation is the vanguard of Air Force integration, readiness, and agile combat employment, and epitomizes the mantra of One Team, One Fight.”

Once Ellsworth’s runway upgrades are completed, the bombers and Airmen will head back home, paving the way for the B-21 Raider’s arrival in the mid-2020s.

Ellsworth was selected as the first B-21 Raider base after it cleared an EIA (Environmental Impact Assessment) report in 2021. Whiteman and Dyess AFBs in Missouri and Texas, respectively, were later designated the second and third bases for the bomber by Secretary of the Air Force Frank Kendall in mid-September.

Grand Forks was previously a B-1B base, until the bombers were relocated in 1994. In anticipation of the possible relocation, a hot-pit refueling, the first in 30 years at the base in North Dakota, was carried out by the 28th BW with support by the 319th Reconnaissance Squadron, on Oct. 1, 2024, to assess the possibility of relocating the bombers. In fact, while the majority of the physical infrastructures, including the required runway length, ordnance storage capacity, and aircraft refueling equipment, are still present, the 29th BW and the 319th RS still had to demonstrate the ability to operate the B-1B from non-home base locations.

@TheAviationist.com

There is very little evidence that protections for nature are a blocker to development, the government has admitted in its own impact assessment of the controversial new planning and infrastructure bill.

The analysis by Whitehall officials provides no data or research to back up the government’s central argument that it is environmental legislation that holds up building.

Ministers say the new bill will speed up housing developments and large infrastructure projects by allowing developers to avoid meeting environmental obligations to protect habitats and species such as barn owls, otters, bats and newts, at the site of their project, by paying into a central nature recovery fund (NRF) which will be used to create environmental improvement elsewhere.

Officials admit this nature improvement could be in a different county to the place where the building is taking place, raising fears it will reduce access to nature.

The NRF, which is in part three of the bill, has been criticised by leading economists, ecologists and former government advisers as a “licence to kill nature” with no evidence that it would boost the economy. They want part three of the bill withdrawn for further consultation.

The Office for Environmental Protection watchdog has published a legal opinion which states the new bill in its current draft would remove safeguards for nature and put protected sites at risk.

Now the central reason given by the government for the new legislation, that nature is a blocker to development – promoted by prime minister Keir Starmer, chancellor Rachel Reeves and housing secretary Angela Rayner – has been undermined by the government’s own impact assessment.

Officials attempted to examine the impact of one environmental obligation – nutrient neutrality – on building delays, but officials said: “There is very limited data on how environmental obligations affect development.

“This makes reaching a robust estimate of the impacts associated with the NRF, which will streamline the process for discharging environmental obligations, very challenging.”

They have not analysed other environmental obligations, including the requirement to protect sites of special scientific interest (SSSI), not to harm threatened species such as bats or barn owls, and to adhere to water neutrality rules to ensure the development does not overwhelm water demand in an area, because there is a “lack of data” on the impact of any of these obligations on housing delays.

Robert Oates, CEO and founder of the ecological consultancy Arbtech, said: “The government’s impact assessment on the planning and infrastructure bill lays bare a truth many of us in the industry have suspected for some time: they have no idea how this bill will affect vulnerable species like barn owls and otters.

He said despite the lack of any evidence, entire species now risked being sacrificed under the false premise that nature blocks development. “Time and again, the government has failed to produce any evidence to support this claim,” he added.

The admission in the impact assessment comes as the chair of the environmental audit committee (EAC), Toby Perkins, said the government risked failing to meet its pledge to protect 30% of land by 2030 and offer communities greater access to nature.

The EAC, in a report published on Wednesday, said the push for developers to pay into an NRF was fuelling speculation ministers may be wavering on their commitment to biodiversity net gain, which drives investment into nature by encouraging developers to provide a minimum increase in biodiversity of 10%, whether this is done on the development site, delivered somewhere else, or by buying “credits” from the government as compensation.

Foxhog Venture Rejects 450+ Startup Applications in India: A Bold Stand for Transparency and Ethical Investing

Foxhog Ventures, a US-based venture capital firm, has recently stirred the Indian startup ecosystem by rejecting over 450 startup funding applications. This bold move reflects the firm’s deep rooted commitment to transparency, ethical investing, and stringent due diligence practices in the evolving landscape of venture capital in India.

Many of the rejected applications fell short due to incomplete documentation, inconsistencies in financial disclosures, and non-compliance with essential legal standards. Some cases involved the submission of falsified data, which not only led to the rejection of those proposals but also resulted in the blacklisting of the startups and the initiation of legal proceedings.

Despite the firm stance, Foxhog continues to express its confidence in the Indian market, especially in its untapped potential. The firm remains focused on funding purpose driven startups, particularly those emerging from Tier 2 and Tier 3 cities. With a sharp eye on high impact sectors like agriculture, dairy, retail, and fintech, Foxhog is building a funding ecosystem rooted in real-world outcomes and long-term viability. Its flagship initiative, Venture Capital for Villages, is a prime example- an ambitious program aimed at enabling rural entrepreneurship and promoting grassroots economic development.

In response to defamatory narratives and fraudulent applications, the firm has taken legal measures, including filing police complaints and issuing formal legal notices. These steps are not about deterring startups, they’re about protecting the credibility of foreign investment and ensuring that serious founders have access to fair, trusted platforms. The firm believes such accountability reinforces the startup environment rather than weakens it.

Internally, the mass rejections have led Foxhog Ventures to double down on its due diligence protocols. Acknowledging that some past decisions lacked the rigor they demand today, the firm is now setting higher standards for risk assessment and transparency. This recalibration is part of the broader vision to redefine venture capital in India for 2025 and beyond, making it smarter, cleaner, and more impact focused. https://www.youtube.com/@foxhog/videos

For Indian startups looking to work with Foxhog or any other global investor, the message is clear: come prepared. Transparency is non-negotiable. Founders are encouraged to maintain accurate financials, be honest about profitability and losses, clearly communicate burn rates and revenue models and above all, uphold integrity in all investor conversations. In an age where funding is increasingly tied to purpose and accountability, the future belongs to startups that are built on honesty and resilience.

…

USAJOBS, the federal government’s official hiring site, was one of the systems that Musk's associates were given access to. The database stores personal information — Social Security numbers, home addresses, employment records — provided by private individuals who have applied for federal jobs, regardless of whether the applicants went on to work for the government.

Musk’s aides were also given access to the OPM’s Enterprise Human Resources Integration (EHRI) system. Contained within the EHRI are the Social Security numbers, dates of birth, salaries, home addresses, and job descriptions of all civil government workers, along with any disciplinary actions they have faced. “They’re looking through all the position descriptions… to remove folks,” one of the OPM staffers said of Musk’s team. “This is how they found all these DEI offices and had them removed — [by] reviewing position description level data.”

Other databases Musk’s team has access to include USA Staffing, an onboarding system; USA Performance, a job performance review site; and HI, which the government uses to manage employee health care. “The health insurance one scares me because it's HIPAA [protected] information, but they have access to all this stuff,” the OPM staffer noted.

…

 A new server being used to control these databases has been placed in a conference room that Musk’s team is using as their command center, according to an OPM staffer. The staffer described the server as a piece of commercial hardware they believed was not obtained through the proper federal procurement process.

There is a legal requirement that the installation of a new server undergo a Privacy Impact Assessment (PIA), a formal process to ensure the change would not create any security vulnerabilities. But in this instance, the staff believes there was no PIA. “So this application and corresponding hardware are illegally operating,” they added.

…

Upon gaining access to the OPM databases last week, Musk used the agency to email all federal civil employees simultaneously. The email announced a “deferred resignation” program, claiming that any federal employee who wished to resign effective September 30, 2025, would receive pay and benefits until that date and would not have to show up for work except in rare cases. Musk and the White House falsely described the offer as a "buyout" or "severance." The American Federation of Government Employees, the largest federal employee union, has condemned the program, saying it “will cause chaos for the Americans who depend on a functioning federal government.”