The Privacy Corner

Send us a text

Privacy Corner Newsletter: September 26, 2024

This week’s Privacy Corner highlights key developments in EU data protection:

▶ French CNIL: New guidelines set to affect over 10,000 mobile app developers; enforcement sweep scheduled for Spring 2025.
▶ UK ICO: Issued a reprimand to SkyBet, marking their most significant cookie action to date; 99% of top websites now comply with cookie regulations.
▶ EU Advocate General: Emphasized the need for clear and concise explanations of automated decisions; data subjects entitled to meaningful information about the decision-making process.

Sponsored by Privado.ai

Send us a text

Privacy Corner Newsletter: September 5, 2024

This newsletter covers key privacy developments, including:
▶ Uber's €290 Million GDPR Fine: The Dutch DPA fined Uber for failing to use appropriate safeguards when transferring personal data from its EU entity to the US, despite Uber's claim it wasn't necessary. This case highlights the confusion around international data transfers under GDPR.
▶ Swedish Pharmacies Fined for Using Meta Pixel (Even with Consent): These pharmacies demonstrate that getting user consent for tracking isn't enough. Organizations must also implement proper security measures and assess risks before using tracking tools.
▶ Google Loses Round in Chrome Tracking Case: A California court revived a lawsuit against Google for allegedly misleading users about data collection in Chrome's "Basic Browser Mode." The court ruled a "reasonable user" wouldn't expect such data collection without being signed in.

Send us a text

Privacy Corner Newsletter: August 15, 2024

Top Stories: 🚀 

▶ Meta Challenges EDPB's "Consent or Pay" Opinion: Meta is suing the European data protection authorities over their opinion on "consent or pay" models, arguing it violates EU law.
▶ US Sues TikTok for Children's Privacy Violations: The US Department of Justice accuses TikTok of illegally collecting and using personal data from children under 13.
▶ The UK Information Commissioner's Office proposes a multi-million dollar fine against a data processor for a security breach.

Send us a text

Privacy Corner Newsletter: August 1, 2024

Top Stories:
▶️ Google Backtracks on Cookie Ban: Privacy Concerns or Regulatory Pressure? We explore Google's reversal on phasing out third-party cookies and the potential reasons behind it.
▶️ FTC Clarifies: Hashing Doesn't Anonymize Data The FTC reminds companies that masking data with hashing doesn't guarantee anonymity.
▶️ New York Pushes for Strict Tracking Regulations: But What's the Law? New York's Attorney General issues guidance on online tracking compliance, raising questions about legal grounds.

Send us a text

Privacy Corner Newsletter: July 18, 2024

Top Stories:

• UK Revives Data Protection Reform: The new UK government plans a "Digital Information and Smart Data Bill" (DISDB) that includes some proposals from the previous government's scrapped Data Protection and Digital Information Bill (DPDIB). Key details like the Information Commissioner's Office (ICO) restructuring and scientific research data rules are expected to return, but the final form of the bill remains unclear.
• Privacy Group Targets Microsoft-Owned Adtech Firm: noyb, a privacy advocacy group, filed a complaint against Xandr (owned by Microsoft) with the Italian Data Protection Authority (DPA). Xandr allegedly rejected data access and deletion requests, claiming pseudonymized data makes identification impossible. Noyb argues Xandr should be able to identify individuals and comply with requests.
• California Tightens CCPA Rules: The California Privacy Protection Agency (CPPA) proposed major changes to the California Consumer Privacy Act (CCPA) regulations. Highlights include a new definition of "artificial intelligence," cybersecurity audits for certain businesses, and an increased application threshold based on revenue.

Send us a text

This Week's Privacy News:

US Privacy Update:
Comprehensive privacy laws in Texas and Oregon are now in effect.
Colorado's privacy law's opt-out mechanism for targeted ads is now active.
Federal privacy law seems unlikely in the near future.

Meta in Hot Water:
The EU is investigating Meta's "pay-or-OK" policy under the Digital Markets Act (DMA) for potentially violating user consent.
A potential fine of up to 10% of global turnover is on the table.

Grindr Loses GDPR Battle:
The dating app must pay a $6.1 million fine for sharing user data with advertisers without proper consent.
This case sets a precedent for how companies handle data revealing sexual orientation.

Send us a text

This Week in Privacy: Stalled Law, Meta's AI U-Turn, and Snap Appeasement

This edition of the Privacy Corner Newsletter dives into three key privacy headlines:

- Vermont's ambitious privacy bill, H.121, gets vetoed due to concerns about its impact on businesses. The bill included strong consumer rights and data minimization requirements.
- Meta delays its plan to train AI models on user posts following intervention from the Irish DPC. Privacy group noyb claims a "preliminary win" due to their complaints.
- The UK ICO reveals why it dropped an enforcement notice against Snap. The social media company took ten steps to address data protection risks associated with its My AI chatbot feature.

Send us a text

This Week's Privacy News Roundup: GDPR, Privacy Sandbox, and Child Data Protection

This week's Privacy Corner dives into key data privacy developments:

- UK Court Considers EU Law in GDPR Case: A UK court judgement clarifies the "household exemption" and "right of access" under the UK GDPR, referencing relevant EU law.
- Noyb Challenges Google Chrome's Privacy Sandbox Consent Flow: Privacy group noyb argues Google's method of obtaining consent for Topics ad targeting violates the GDPR.
- New York Enacts Strict Child Data Protection Act: New York introduces a strong child data privacy law with tight restrictions on data collection and a high bar for consent.

Send us a text

This week's Privacy Corner dives into several data privacy battles:

- EU privacy group noyb filed complaints against Meta alleging its AI training policy violates GDPR rules on transparency, data subject rights, and lawful processing.
- Noyb also targeted Microsoft, accusing them of misleading schools about their role in data processing for Microsoft 365 Education products and secretly tracking student data.
- The Australian privacy regulator dropped its investigation into TikTok's use of tracking pixels due to limitations in the outdated Privacy Act, but launched proceedings against healthcare provider Medibank for a massive data breach.

Send us a text

Privacy Corner Newsletter Summary

This week's newsletter covers several key privacy topics:

- EDPB vs OpenAI: The European Data Protection Board (EDPB) is investigating OpenAI's ChatGPT software to ensure it complies with GDPR regulations.

- UK's GDPR reforms are dead: The UK's attempt to reform data protection laws has stalled due to upcoming elections. The proposed changes, including a new "recognized legitimate interests" legal basis and relaxed data subject rights, are unlikely to be revived soon.

- Irish DPC's 2023 report: The Irish Data Protection Commissioner (DPC) report shows a significant increase in workload and fines issued in 2023.