The Privacy Corner

Send us a text

Privacy Corner Newsletter: November 7, 2024

In this edition, we dive into the latest updates on GDPR fines, data broker enforcement, and the EU-US Data Privacy Framework review:

▶ Ireland fines LinkedIn €310 million, six years after a complaint—with full EDPB support:
The Irish DPC issues a €310 million fine against LinkedIn for GDPR violations, marking a significant shift in enforcement under new leadership.

▶ California prepares for a data broker enforcement sweep:
The California Privacy Protection Agency targets non-compliant data brokers, enforcing new registration and deletion requirements under the Delete Act.

▶ The EDPB reviews the first year of the EU-US Data Privacy Framework:
The EDPB’s first-year review of the EU-US DPF highlights both successes and areas for improvement in the data-sharing framework.

#privado #privacycodescanning #compliance #privacyengineering #gdpr #cpra #ccpa #mhmda #dataprivacy #compliance #softwarecodescanning

Send us a text

Privacy Corner Newsletter: October 24, 2024

This week, we dive into the UK’s resurrected data reform bill, ePrivacy Directive guidelines, and a new complaint against Pinterest. 

▶ Back from the Dead: Comparing the UK’s New and Old Data Reform Bills

The UK has introduced a new Data (Use and Access) Bill (DUAB), which incorporates several proposals from the previously scrapped Data Protection and Digital Information Bill (DPDIB). The DUAB revives and reshapes key provisions, such as legitimate interests and cookie consent exemptions, while dropping several controversial aspects from its predecessor.

How might these changes in UK legislation affect your organization's data compliance strategy?

▶ EDPB Finalizes ePrivacy Directive Guidelines: Fingerprinting, SDKs, and APIs Firmly in Scope

The European Data Protection Board (EDPB) has published its final guidelines clarifying how the ePrivacy Directive applies to modern tracking technologies. Developers and privacy professionals should note that the Directive covers not just cookies but newer methods like device fingerprinting and SDKs—tightening consent requirements across digital platforms.

Are your tracking technologies compliant with the latest ePrivacy Directive guidelines?

▶ Pinterest Hit by noyb Complaint: Cookies and the Right to Data Recipient Information

A complaint has been filed by privacy group noyb against Pinterest, alleging insufficient disclosure about the sharing of users' personal data. The case could set a new precedent on the amount of detail required in responses to data subject access requests, especially regarding which third parties receive personal data.

Could your data subject access request processes withstand a similar challenge?

Send us a text

Privacy Corner Newsletter: October 10, 2024

▶ Court ruling on credit card data: The UK tribunal rules that credit card numbers alone may not always qualify as personal data, challenging the ICO’s interpretation. This decision could reshape how companies assess their data protection obligations after a breach. How will this impact your approach to classifying sensitive data?

▶ EDPB clarifies processor responsibilities: New guidance outlines the extent to which controllers are accountable for sub-processors. Critical insights for your GDPR compliance strategy.

▶ CJEU redefines legitimate interest: A commercial interest can now qualify as a legitimate interest under GDPR—but only under specific conditions. What this shift means for your data processing activities.

Sponsored by Privado.ai

Send us a text

Privacy Corner Newsletter: September 26, 2024

This week’s Privacy Corner highlights key developments in EU data protection:

▶ French CNIL: New guidelines set to affect over 10,000 mobile app developers; enforcement sweep scheduled for Spring 2025.
▶ UK ICO: Issued a reprimand to SkyBet, marking their most significant cookie action to date; 99% of top websites now comply with cookie regulations.
▶ EU Advocate General: Emphasized the need for clear and concise explanations of automated decisions; data subjects entitled to meaningful information about the decision-making process.

Sponsored by Privado.ai

Send us a text

Privacy Corner Newsletter: September 5, 2024

This newsletter covers key privacy developments, including:
▶ Uber's €290 Million GDPR Fine: The Dutch DPA fined Uber for failing to use appropriate safeguards when transferring personal data from its EU entity to the US, despite Uber's claim it wasn't necessary. This case highlights the confusion around international data transfers under GDPR.
▶ Swedish Pharmacies Fined for Using Meta Pixel (Even with Consent): These pharmacies demonstrate that getting user consent for tracking isn't enough. Organizations must also implement proper security measures and assess risks before using tracking tools.
▶ Google Loses Round in Chrome Tracking Case: A California court revived a lawsuit against Google for allegedly misleading users about data collection in Chrome's "Basic Browser Mode." The court ruled a "reasonable user" wouldn't expect such data collection without being signed in.

Send us a text

Privacy Corner Newsletter: August 15, 2024

Top Stories: 🚀 

▶ Meta Challenges EDPB's "Consent or Pay" Opinion: Meta is suing the European data protection authorities over their opinion on "consent or pay" models, arguing it violates EU law.
▶ US Sues TikTok for Children's Privacy Violations: The US Department of Justice accuses TikTok of illegally collecting and using personal data from children under 13.
▶ The UK Information Commissioner's Office proposes a multi-million dollar fine against a data processor for a security breach.

Send us a text

Privacy Corner Newsletter: August 1, 2024

Top Stories:
▶️ Google Backtracks on Cookie Ban: Privacy Concerns or Regulatory Pressure? We explore Google's reversal on phasing out third-party cookies and the potential reasons behind it.
▶️ FTC Clarifies: Hashing Doesn't Anonymize Data The FTC reminds companies that masking data with hashing doesn't guarantee anonymity.
▶️ New York Pushes for Strict Tracking Regulations: But What's the Law? New York's Attorney General issues guidance on online tracking compliance, raising questions about legal grounds.

Send us a text

Privacy Corner Newsletter: July 18, 2024

Top Stories:

• UK Revives Data Protection Reform: The new UK government plans a "Digital Information and Smart Data Bill" (DISDB) that includes some proposals from the previous government's scrapped Data Protection and Digital Information Bill (DPDIB). Key details like the Information Commissioner's Office (ICO) restructuring and scientific research data rules are expected to return, but the final form of the bill remains unclear.
• Privacy Group Targets Microsoft-Owned Adtech Firm: noyb, a privacy advocacy group, filed a complaint against Xandr (owned by Microsoft) with the Italian Data Protection Authority (DPA). Xandr allegedly rejected data access and deletion requests, claiming pseudonymized data makes identification impossible. Noyb argues Xandr should be able to identify individuals and comply with requests.
• California Tightens CCPA Rules: The California Privacy Protection Agency (CPPA) proposed major changes to the California Consumer Privacy Act (CCPA) regulations. Highlights include a new definition of "artificial intelligence," cybersecurity audits for certain businesses, and an increased application threshold based on revenue.

Send us a text

This Week's Privacy News:

US Privacy Update:
Comprehensive privacy laws in Texas and Oregon are now in effect.
Colorado's privacy law's opt-out mechanism for targeted ads is now active.
Federal privacy law seems unlikely in the near future.

Meta in Hot Water:
The EU is investigating Meta's "pay-or-OK" policy under the Digital Markets Act (DMA) for potentially violating user consent.
A potential fine of up to 10% of global turnover is on the table.

Grindr Loses GDPR Battle:
The dating app must pay a $6.1 million fine for sharing user data with advertisers without proper consent.
This case sets a precedent for how companies handle data revealing sexual orientation.

Send us a text

This Week in Privacy: Stalled Law, Meta's AI U-Turn, and Snap Appeasement

This edition of the Privacy Corner Newsletter dives into three key privacy headlines:

- Vermont's ambitious privacy bill, H.121, gets vetoed due to concerns about its impact on businesses. The bill included strong consumer rights and data minimization requirements.
- Meta delays its plan to train AI models on user posts following intervention from the Irish DPC. Privacy group noyb claims a "preliminary win" due to their complaints.
- The UK ICO reveals why it dropped an enforcement notice against Snap. The social media company took ten steps to address data protection risks associated with its My AI chatbot feature.