Sign up to save your podcasts
Or
Share Fall 2022 Newsroom: Instagram and Criteo fines, GDPRexit, and the Data Privacy Framework
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Fall 2022 Newsroom: Instagram and Criteo fines, GDPRexit, and the Data Privacy Framework
With Nina Müller, Ethical Commerce Alliance Director and host of the Ethical Allies podcast.
References:
- Full Newsroom (Fall 2022)
- Tara Taubman-Bassirian on the Instagram fine
- Peter Hense on valid consent
- Cory Underwood on Google Analytics and Sephora
- Derek A. Lackey on Joe Biden’s Executive Order (a marketer’s perspective)
- Stephan Grynwajc on Joe Biden’s Executive Order (a lawyer’s perspective)
Selected updates:
Enforcement
Starting with Europe, the most discussed recent case, and perhaps the most complex, is Ireland’s 405m EUR fine to Meta for the manner in which it exposed contact details for 13-17 year olds on Instagram business accounts. At its core: the European Data Protection Board (EDPB)’s intervention to find a compromise between the Data Protection Commissioner (leading supervisory authority for most US tech giants) and other Data Protection Agencies accusing it of resting on its laurels.
Perhaps even more relevant to the interplay that we mostly care about (MarTech/AdTech + Privacy) was the French DPA’s announcement of a potential 60m EUR fine for Criteo. All hints point to a lack of proper oversight in the obtention of valid consent through publishers and advertisers. The role of these two was instrumental in building what the company had once claimed were “IDs and interests for 72% of all internet users”, so this case could bring us full circle into the Consent Management Platforms debate and whether they can be relied upon. All in all, it is no wonder that Criteo has moved firmly into first-party data territory, now calling itself a Commerce Media platform.
The Digital Analytics space got its own share of excitement too. Denmark became (with Austria, France, and Italy) the fourth country to make it clear that Google Analytics breached the GDPR unless additional measures are taken. As explained in detail by France’s CNIL, the only way to avoid scrutiny was using a reverse proxy (a company’s own EU-based server, filtering out important pieces of information prior to forwarding calls to Google’s servers). As many will remember, this was only the tip of the iceberg of the 101 complaints filed by NYOB against companies using either Google Analytics or the Facebook pixel.
Next in line was TikTok, quickly catching up with Meta/Facebook and Google in terms of privacy violations, penalties, privacy lawsuits and privacy-related scandals. Its latest trophies: the UK’s DPA (ICO)’s proposed 27m GBP fines for its mishandling of children’s data (they were allowed to sign up without parental consent, information provided was insufficient, and special categories of data were being processed), a 92 million settlement in Illinois (under the State’s Biometric Information Privacy Law on which every major social media platform has stumbled before) and recent coverage of the manner in which its tracking pixels follow everyone around the web.
Legal updates
It may not be a new law or court case, but Joe Biden’s Executive Order to make room for the EU-US Data Privacy Framework (Privacy Shield 2.0) is the biggest piece of news on this front. All going well in Brussels, it could put an end to the nightmare currently faced by the millions of customers of US-based SaaS MarTech and AdTech solutions that happen to process data on US soil, including Google Analytics, Mailchimp, HubSpot, or Salesforce Marketing Cloud.
For its part, the UK wants out of the GDPR and this could actually result in a more dynamic environment (it relied on an Oxford University research that claimed that the GDPR is costing UK businesses 8% of their profits). For one thing, they are proposing to let small businesses get on with their lives.
Future of media
Elon Musk completed his acquisition of Twitter, announcing monthly charges to its heaviest users - starting with those displaying a “verified” blue icon, who happen to be the ones caring the most about the status their identity or following confers to them. This was criticized as a “misinformation nightmare”, in very timely Halloween fashion.
This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe
View all episodes
By Sergio Maldonado
5
66 ratings
With Nina Müller, Ethical Commerce Alliance Director and host of the Ethical Allies podcast.
References:
- Full Newsroom (Fall 2022)
- Tara Taubman-Bassirian on the Instagram fine
- Peter Hense on valid consent
- Cory Underwood on Google Analytics and Sephora
- Derek A. Lackey on Joe Biden’s Executive Order (a marketer’s perspective)
- Stephan Grynwajc on Joe Biden’s Executive Order (a lawyer’s perspective)
Selected updates:
Enforcement
Starting with Europe, the most discussed recent case, and perhaps the most complex, is Ireland’s 405m EUR fine to Meta for the manner in which it exposed contact details for 13-17 year olds on Instagram business accounts. At its core: the European Data Protection Board (EDPB)’s intervention to find a compromise between the Data Protection Commissioner (leading supervisory authority for most US tech giants) and other Data Protection Agencies accusing it of resting on its laurels.
Perhaps even more relevant to the interplay that we mostly care about (MarTech/AdTech + Privacy) was the French DPA’s announcement of a potential 60m EUR fine for Criteo. All hints point to a lack of proper oversight in the obtention of valid consent through publishers and advertisers. The role of these two was instrumental in building what the company had once claimed were “IDs and interests for 72% of all internet users”, so this case could bring us full circle into the Consent Management Platforms debate and whether they can be relied upon. All in all, it is no wonder that Criteo has moved firmly into first-party data territory, now calling itself a Commerce Media platform.
The Digital Analytics space got its own share of excitement too. Denmark became (with Austria, France, and Italy) the fourth country to make it clear that Google Analytics breached the GDPR unless additional measures are taken. As explained in detail by France’s CNIL, the only way to avoid scrutiny was using a reverse proxy (a company’s own EU-based server, filtering out important pieces of information prior to forwarding calls to Google’s servers). As many will remember, this was only the tip of the iceberg of the 101 complaints filed by NYOB against companies using either Google Analytics or the Facebook pixel.
Next in line was TikTok, quickly catching up with Meta/Facebook and Google in terms of privacy violations, penalties, privacy lawsuits and privacy-related scandals. Its latest trophies: the UK’s DPA (ICO)’s proposed 27m GBP fines for its mishandling of children’s data (they were allowed to sign up without parental consent, information provided was insufficient, and special categories of data were being processed), a 92 million settlement in Illinois (under the State’s Biometric Information Privacy Law on which every major social media platform has stumbled before) and recent coverage of the manner in which its tracking pixels follow everyone around the web.
Legal updates
It may not be a new law or court case, but Joe Biden’s Executive Order to make room for the EU-US Data Privacy Framework (Privacy Shield 2.0) is the biggest piece of news on this front. All going well in Brussels, it could put an end to the nightmare currently faced by the millions of customers of US-based SaaS MarTech and AdTech solutions that happen to process data on US soil, including Google Analytics, Mailchimp, HubSpot, or Salesforce Marketing Cloud.
For its part, the UK wants out of the GDPR and this could actually result in a more dynamic environment (it relied on an Oxford University research that claimed that the GDPR is costing UK businesses 8% of their profits). For one thing, they are proposing to let small businesses get on with their lives.
Future of media
Elon Musk completed his acquisition of Twitter, announcing monthly charges to its heaviest users - starting with those displaying a “verified” blue icon, who happen to be the ones caring the most about the status their identity or following confers to them. This was criticized as a “misinformation nightmare”, in very timely Halloween fashion.
This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit www.mastersofprivacy.com/subscribe
More shows like Masters of Privacy
View all
Economist Podcasts
4,204 Listeners
Football Weekly
2,556 Listeners
Risky Business
369 Listeners
Azeem Azhar's Exponential View
610 Listeners
Today in Focus
994 Listeners
The Intelligence from The Economist
2,528 Listeners
Your Undivided Attention
1,539 Listeners
Serious Privacy
23 Listeners
Privacy Please
29 Listeners
Hard Fork
5,502 Listeners
She Said Privacy/He Said Security
12 Listeners
"The Data Diva" Talks Privacy Podcast
16 Listeners
The Rest Is Politics: Leading
885 Listeners
The Privacy Corner
2 Listeners
Technology, Data and Privacy
1 Listeners