惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Schneier on Security
Schneier on Security
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Attack and Defense Labs
Attack and Defense Labs
H
Hacker News: Front Page
Google DeepMind News
Google DeepMind News
雷峰网
雷峰网
C
CXSECURITY Database RSS Feed - CXSecurity.com
Cisco Talos Blog
Cisco Talos Blog
T
Tenable Blog
G
Google Developers Blog
A
About on SuperTechFans
The Cloudflare Blog
S
Securelist
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
C
Cisco Blogs
H
Hackread – Cybersecurity News, Data Breaches, AI and More
aimingoo的专栏
aimingoo的专栏
云风的 BLOG
云风的 BLOG
Forbes - Security
Forbes - Security
腾讯CDC
Application and Cybersecurity Blog
Application and Cybersecurity Blog
V
Vulnerabilities – Threatpost
IT之家
IT之家
博客园_首页
P
Proofpoint News Feed
P
Privacy & Cybersecurity Law Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
Project Zero
Project Zero
月光博客
月光博客
NISL@THU
NISL@THU
爱范儿
爱范儿
S
Secure Thoughts
K
Kaspersky official blog
Security Latest
Security Latest
T
Tailwind CSS Blog
博客园 - Franky
D
Darknet – Hacking Tools, Hacker News & Cyber Security
TaoSecurity Blog
TaoSecurity Blog
The GitHub Blog
The GitHub Blog
Microsoft Azure Blog
Microsoft Azure Blog
B
Blog RSS Feed
S
SegmentFault 最新的问题
H
Help Net Security
T
Tor Project blog
L
LINUX DO - 热门话题
S
Security @ Cisco Blogs
N
News and Events Feed by Topic
O
OpenAI News
S
Schneier on Security

Blog of Simple Analytics

The EU wants to kill cookie banners Google is tracking you (even when you use DuckDuckGo) German court rules Meta’s tracking tech violates GDPR Closing the data gap - Simple Analytics x Usercentrics The EU-US data deal may be dead in the water You are missing 20% of your website data with GA4 How a reverse trial will push Simple Analytics to the next level Google will start tracking all your devices (WTF?) Big Tech Fails EU’s Digital Services Act: Only Wikipedia Passes the Test Meta fined $102 million by the Irish Data Protection Commission Europeans spend 575 Million hours per year clicking cookie banners The most interesting GDPR fines GDPR and fines: all there is to know Google loses key antitrust case Web Analytics for Crypto Companies Web analytics for publishers Google pulls Uno Reverse card: Rolls back decision to kill third-party cookies Privacy Monthly July 2024 Privacy Perspectives June 2024 Privacy Monthly June APRA fumbles targeted advertising Privacy Monthly May Meta loses key privacy battle Google delays cookie phase-out once again Privacy Monthly April 2024 Web Analytics and Consent Cookies 101 Privacy Monthly March 2024 German authority cracks down on cookie banners Google Tag Manager vs Google Analytics Google search alternative Data retention in Google Analytics Guide to Google Analytics and Cookie consent What are Google Analytics' identifiers? How to export data from Google Analytics Privacy Monthly February 2024 The Criteo case: a big deal for Big Tech Privacy Monthy January 2024 What the Digital Markets Act means for privacy Google Settles in $5B Incognito Mode Lawsuit Legal troubles for Adobe Analytics Web analytics for nonprofits HIPAA and mental health Why Meta subscriptions are under attack, and why it matters for privacy Privacy Monthly: December Simple Analytics AI Host analytics on Cloudflare Zaraz Add Google Analytics to Convertkit Google Analytics Pricing - Paid vs Free Road to 1 Million ARR - October update CCPA and Data Protection: all there is to know Analytics without a cookie banner Enterprise Analytics Privacy Monthly: November 2023 Delete Act: all you need to know Mobile App Tracking Under Fire The road to 1 Million ARR - September Update Privacy Monthly: October 2023 HIPAA violations First challenge to the EU-US data transfer framework Direct Marketing under GDPR Road to 1 million ARR - August Update CCPA vs CPRA: what is new? Privacy Monthly: September 2023 A/B Testing with Simple Analytics Dobbs v. Jackson ruling is a privacy mess Privacy Monthly: August 2023 What are your rights under the CCPA? When does the CCPA apply? How does the HIPAA compare to the CCPA and GDPR? Why Meta is in a world of trouble CJEU: cookie-based analytics collects sensitive data Road to 1 million ARR - July update All about the new Data Transfer Framework Road to 1 Million ARR - June update What is PHI under HIPAA? Sweden declares Google Analytics illegal Searching for GA4 Alternatives? Top 10 Reliable Options for Google Analyticss Ultimate HIPAA Compliance Checklist: Essential Steps for Healthcare Providers Privacy Monthly: June 2023 More troubles for Google Analytics The path to 1M ARR - May Update Data Processing Agreements Minimal Product Analytics Facebook data transfers declared illegal Is Google Analytics CCPA-compliant? Help us with your input Cookie banners: How to stay GDPR compliant? GDPR Compliance Checklist Simple Analytics: Privacy-first website analytics Improve your e-commerce performance with analytics European Facebook blackout is closer than we think Know your website’s Carbon Emissions - and how to reduce it The path to 1M ARR - April 2023 How to add video tracking using Google Tag Manager? How to track form submissions using Google Tag Manager? Why is my Simple Analytics data different from Google Analytics? Debug Simple Analytics script How to Import Google Analytics Data to Simple Analytics
Privacy Monthly: May 2023
Carlo Cilent · 2023-05-09 · via Blog of Simple Analytics

Welcome back to our privacy monthly! April has been an eventfuul month in privacy: the ChatGPT case sent waves across Europe, Meta are risking a Europe-wide Facebook blackout, the LIBE committee of the EU Parliament pushed against the EU-US data transfer framework, and more.

  1. A hot month for ChatGPT
  2. EU MEPs push against US adequacy decision
  3. EPPO investigates Pegasus use in Greece
  4. Is a Facebook blackout coming?
  5. EU Commission publishes first set of services affected by DSA
  6. Cambridge Analytica 2.0?
  7. France ratifies Convention 108+
  8. EDPB publishes workforce report on Google Analytics complaints
  9. Meta changes its privacy policies after EDPB decision
  10. TikTok mishandled children data, again
  11. US residents can apply for Facebook settlement

Michelin chose Simple AnalyticsJoin them

A hot month for ChatGPT

OpenAI’s popular ChatGPT AI has been at the center of the privacy debate lately. On March 30 the Italian data protection authority provisionally blocked ChatGPT over privacy issues (as we explained in detail). Open AI has since implemented some changes to ChatGPT’s data processing, which led the Italian authority to lift the ban on April 28. However, the authority is still carrying out an in-depth investigation and may take further action if needed.

The case set an EU-wide domino effect in motion. The European Data Protection Board (EDPB) created a task force to examine the legal issues posed by ChatGPT and coordinate the approach between authorities. In all likelihood, the impact of the task force’s work will extend beyond ChatGPT and impact regulation of generative AI. In the meantime, the French and German data protection authorities are both carrying out their own investigations on ChatGPT.

Last but not least, the European Parliament agreed upon a new draft of the AI Act proposal that classifies generative AIs such as ChatGPT as high risk, subjecting them to stricter risk management and data governance rules.

EU MEPs push against US adequacy decision

On April 13, the European Parliament Committee on Civil Liberties, Justice and Home Affairs unanimously voted against the European Commission’s upcoming adequacy decision for the US. The resolution is not binding for the Commission but is likely to influence the discussion over the new EU-US data transfer framework, especially considering the surprising unanimity behind the vote.t

The resolution acknowledges that the Trans-Atlantic Data Privacy Framework is an improvement over the Privacy Shield, but highlights issues including the criteria for bulk data collection, the data retention rules, and the transparency of the redress mechanism.

The draft adequacy decision is still likely to pass in the Commission. In all likelihood, the predictable legal challenge before the Court of Justice will be the trial by fire for the new data transfer framework.

EPPO investigates Pegasus use in Greece

Upon request of members of the European Parliament, the European Public Prosecutor's Office launched an investigation on the use and sale of the military-grade spyware in Greece.

The use of military-grade spyware (most notably Pegasus) by State actors is a hot topic at a European level and has been widely criticized by human rights organizations. Last year the PEGA Committee of the EU Parliament published a report that paints a worrisome picture of spyware use in the EU. Shortly thereafter, the European Data Protection Supervisor called for a ban of military-grade spyware in its Opinion on the European Media Freedom Act.

Greece is currently at the center of the spyware scandal. The Greek government allegedly used the Predator spyware to monitor politicians and journalists and sold Predator licenses to foreign countries ( including Sudan, now embroiled in a civil war).

Is a Facebook blackout coming?

According to the IAPP, the Irish Data Protection Commissioner may soon suspend EU-US data transfers for Facebook, potentially leading to an EU-wide Facebook blackout.

The decision will be a further step in a long legal battle over the GDPR’s data transfer rules involving privacy NGO noyb and the European Data Protection Board. The Board already solved the dispute on April 13 with a yet unpublished decision. The Commissioner, who is legally bound by the Board’s decision, is expected to publish her own final decision on May 12. Should the data transfers be suspended, Meta will surely challenge the decision in the Irish courts.

Numerous US companies have their European subsidiaries in the Republic of Ireland, including tech giants such as Meta, Google, and Apple. Consequently, the Commissioner’s decision could have a major impact on EU-US data transfers.

EU Commission publishes first set of services affected by DSA

On April 25 the European Commissions published a first set of online platforms and search engines designed as “very large” for the purposes of the Digital Services Act.

These services include Facebook, the Apple App Store, TikTok, and several Google Services including Google Search and Youtube. Wikipedia is the only service on the list provided by a non-profit organization.

Under the Act, very large online platforms and search engines are subject to stricter rules regarding transparency, targeted advertising, content moderation, and minor protection.

Cambridge Analytica 2.0?

Privacy NGO noyb filed a set of complaints against major political parties in Germany, claiming that they illegally micro-targeted electors for political advertising via Facebook during the 2021 federal election.

In the words of noyb member Felix Micolash, “any data on a person's political views is protected particularly strictly by the GDPR. Such data is not only extremely sensitive, but also allows large-scale manipulation of voters, as Cambridge Analytica has shown".

In a recent, high-profile case involving the NGO, the EDPB found that targeted advertising on Facebook was unlawful (as we explained on our blog). This precedent might give noyb the upper hand in the complaints.

Profiling based on sensitive data on social networks is an urgent privacy issue and one the Amsterdam District Court recently dealt with in a civil case (which we discussed in depth). Regardless of the outcome and merits of noyb’s legal action, it is reason for concern that Cambridge-Analytica style political microtargeting took place in Europe post-GDPR.

Coincidentally, the European Parliament and the European Data Protection Supervisor both called for a ban on political microtargeting in the proposed Regulation for the transparency and targeting of political advertising. Could they be onto something?

France ratifies Convention 108+

On March 30 France, already a party of Convention 108, ratified the modernised Convention 108 (best known as Convention 108+).

The original and modernised Conventions are Council of Europe treaties but are open to States outside the Council as well. To this date, the conventions are the only legally binding agreements on data protection under international law. Convention 108 has been ratified by 55 States across the world (most of them European), but not all of them signed and ratified Convention 108+.

EDPB publishes workforce report on Google Analytics complaints

In 2021 the EDPB formed a task force to deal with 101 complaints form NGO noyb against Google’s data transfers related to Google Analytics. A report for the task force’s work was published on March 28, after a surprisingly long delay.

The report is somewhat prudent in its tone, but highlights that standard contractual clauses for transferring data to the US need to be integrated by supplementary measures- as stated by the Court of Justice in the Schrems II ruling. It also highlightsGoogle Analytics’ IP anonymization option and Google’s (non end-to-end) encryption of data are not enough to keep personal data confidential.

This is nothing new, as several DPAs already stated the same in their rulings (we examined the issue in depth in our blog). Ultimately, the future of EU-US data transfers still hinges upon the upcoming Schrems III ruling over the Trans-Atlantic Data Privacy Framework.

On April 5 Meta changed the privacy policies for its Facebook and Instagram platforms. Under the new policies, Meta’s legal basis for providing targeted advertisement is legitimate interest. Additionally, users in the EU now have the option to opt out of targeted advertising.

The move comes after the Irish privacy watchdog fined the company for a total €390M for unlawfully targeting users of both platforms with personalized advertising. The fines were the outcome of a controversial, high profile case involving the EDPB.

Noyb is skeptical about Meta’s new legal basis (rightly so, we believe) and announced their intention to further challenge Meta on the issue. They also offer an opt-out tool to help Facebook and Instagram users reject targeted advertising from the platforms.

TikTok mishandled children data, again

On April 4 the UK privacy watchdog (ICO) fined TikTok £12.7M for unlawfully processing children’s data. According to the ICO, the social platform did too little to verify the age of new users and to remove existing accounts for children under 13.

This is not the first time TikTok gets in trouble with data protection authorities for its insufficient age verification policies. In 2021 the Italian GPDP suspended TikTok’s activities three times with regards to underage users. One year later, the Irish DPC drafted a decision to fine the platform for similar violations and submitted it to her European counterparts. At the present moment the procedure is still pending.

US residents can apply for Facebook settlement

Last December Meta agreed to pay $725M to settle a class action related to the Cambridge Analytica scandal. According to the allegations, Meta (then Facebook Inc.) disclosed personal data to Cambridge Analytica without user consent, enabling the now-defunct British company to target US electors in the 2016 presidential election.

Facebook users now have a right to apply for the settlement, provided that they were US residents at any time between 2007 and 2022.