惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

博客园_首页
PCI Perspectives
PCI Perspectives
H
Help Net Security
爱范儿
爱范儿
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
雷峰网
雷峰网
S
Secure Thoughts
Jina AI
Jina AI
Attack and Defense Labs
Attack and Defense Labs
大猫的无限游戏
大猫的无限游戏
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
S
Security @ Cisco Blogs
阮一峰的网络日志
阮一峰的网络日志
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Recent Commits to openclaw:main
Recent Commits to openclaw:main
The Hacker News
The Hacker News
The Last Watchdog
The Last Watchdog
T
Tor Project blog
小众软件
小众软件
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
博客园 - 叶小钗
博客园 - 【当耐特】
G
Google Developers Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
C
Cyber Attacks, Cyber Crime and Cyber Security
C
Cisco Blogs
T
The Blog of Author Tim Ferriss
I
Intezer
S
Schneier on Security
S
Securelist
W
WeLiveSecurity
C
Cybersecurity and Infrastructure Security Agency CISA
P
Palo Alto Networks Blog
Scott Helme
Scott Helme
Project Zero
Project Zero
Google Online Security Blog
Google Online Security Blog
T
Threatpost
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Engineering at Meta
Engineering at Meta
Blog — PlanetScale
Blog — PlanetScale
V
Visual Studio Blog
Last Week in AI
Last Week in AI
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
人人都是产品经理
人人都是产品经理
Y
Y Combinator Blog
A
Arctic Wolf
GbyAI
GbyAI
H
Hackread – Cybersecurity News, Data Breaches, AI and More
L
LangChain Blog

Blog of Simple Analytics

The EU wants to kill cookie banners Google is tracking you (even when you use DuckDuckGo) German court rules Meta’s tracking tech violates GDPR Closing the data gap - Simple Analytics x Usercentrics The EU-US data deal may be dead in the water You are missing 20% of your website data with GA4 How a reverse trial will push Simple Analytics to the next level Google will start tracking all your devices (WTF?) Big Tech Fails EU’s Digital Services Act: Only Wikipedia Passes the Test Meta fined $102 million by the Irish Data Protection Commission Europeans spend 575 Million hours per year clicking cookie banners The most interesting GDPR fines GDPR and fines: all there is to know Google loses key antitrust case Web Analytics for Crypto Companies Web analytics for publishers Google pulls Uno Reverse card: Rolls back decision to kill third-party cookies Privacy Monthly July 2024 Privacy Perspectives June 2024 Privacy Monthly June APRA fumbles targeted advertising Meta loses key privacy battle Google delays cookie phase-out once again Privacy Monthly April 2024 Web Analytics and Consent Cookies 101 Privacy Monthly March 2024 German authority cracks down on cookie banners Google Tag Manager vs Google Analytics Google search alternative Data retention in Google Analytics Guide to Google Analytics and Cookie consent What are Google Analytics' identifiers? How to export data from Google Analytics Privacy Monthly February 2024 The Criteo case: a big deal for Big Tech Privacy Monthy January 2024 What the Digital Markets Act means for privacy Google Settles in $5B Incognito Mode Lawsuit Legal troubles for Adobe Analytics Web analytics for nonprofits HIPAA and mental health Why Meta subscriptions are under attack, and why it matters for privacy Privacy Monthly: December Simple Analytics AI Host analytics on Cloudflare Zaraz Add Google Analytics to Convertkit Google Analytics Pricing - Paid vs Free Road to 1 Million ARR - October update CCPA and Data Protection: all there is to know Analytics without a cookie banner Enterprise Analytics Privacy Monthly: November 2023 Delete Act: all you need to know Mobile App Tracking Under Fire The road to 1 Million ARR - September Update Privacy Monthly: October 2023 HIPAA violations First challenge to the EU-US data transfer framework Direct Marketing under GDPR Road to 1 million ARR - August Update CCPA vs CPRA: what is new? Privacy Monthly: September 2023 A/B Testing with Simple Analytics Dobbs v. Jackson ruling is a privacy mess Privacy Monthly: August 2023 What are your rights under the CCPA? When does the CCPA apply? How does the HIPAA compare to the CCPA and GDPR? Why Meta is in a world of trouble CJEU: cookie-based analytics collects sensitive data Road to 1 million ARR - July update All about the new Data Transfer Framework Road to 1 Million ARR - June update What is PHI under HIPAA? Sweden declares Google Analytics illegal Searching for GA4 Alternatives? Top 10 Reliable Options for Google Analyticss Ultimate HIPAA Compliance Checklist: Essential Steps for Healthcare Providers Privacy Monthly: June 2023 More troubles for Google Analytics The path to 1M ARR - May Update Data Processing Agreements Minimal Product Analytics Facebook data transfers declared illegal Is Google Analytics CCPA-compliant? Help us with your input Cookie banners: How to stay GDPR compliant? GDPR Compliance Checklist Privacy Monthly: May 2023 Simple Analytics: Privacy-first website analytics Improve your e-commerce performance with analytics European Facebook blackout is closer than we think Know your website’s Carbon Emissions - and how to reduce it The path to 1M ARR - April 2023 How to add video tracking using Google Tag Manager? How to track form submissions using Google Tag Manager? Why is my Simple Analytics data different from Google Analytics? Debug Simple Analytics script How to Import Google Analytics Data to Simple Analytics
Privacy Monthly May
More from Congress: FISA 702 reauthorized, 4th Amendment Not For · 2024-05-02 · via Blog of Simple Analytics

Saying that April was a hot month, might very well be an understatement. There is plenty of news from US Congress, including unprecedented legislation against Tiktok and a new, bipartisan privacy bill. Meanwhile, Apple caved in to regulatory pressure in China and the EDPB took a stance against Meta in a key, high-profile legal battle.

There’s a lot to discuss, so let’s dive in!

  1. US Congress discusses federal privacy bill, bans TikTok
  2. More from Congress: FISA 702 reauthorized, 4th Amendment Not For Sale Act
  3. Personal data not a commodity, says EDPB
  4. Apple removes encrypted services from Chinese App Store
  5. Mass US data leakage
  6. ByteDance suspends TikTok Rewards program in Europe
  7. US government tightens HIPAA rules for reproductive health data
  8. Google delays cookie deprecation-again.
  9. Grindr faces lawsuit over HIV data
  10. Google pays $62M settlement over location data
  11. AI keeps raising privacy issues

Michelin chose Simple AnalyticsJoin them

US Congress discusses federal privacy bill, bans TikTok

A bicameral federal privacy bill was unexpectedly proposed in Congress. The bill, named American Privacy Right Act (APRA), includes a comprehensive set of privacy protections, including data minimization and transparency requirements, new consumer rights, and a private right of action subject to certain limitations.

State preemption is likely to be a thorny issue in future negotiations. Some States already afford strong privacy protections to their citizens and will not be happy to see federal law undermine them.

In the meantime, Congress finalized unprecedented legislation that forces Chinese giant ByteDance to divest ownership in TikTok under threat of a ban from the US market. According to Reuters, ByteDance is ready to challenge the constitutionality of the law but would rather leave the US market than divest ownership if push came to shove.

In other news from the US Congress, FISA Section 702 was finally reauthorized for two years in the nick of time.

FISA authorizes surveillance over foreign citizens but has been abused in the past in order to monitor Americans’ communication without a warrant. Privacy and civil rights advocates have long criticized the weak safeguards surrounding the law and are not happy to see it extended without any amendment.

In happier news, the House passed the 4t Amendment Is Not For Sale Act, a bill that prohibits law enforcement and intelligence agencies from buying personal information from data brokers with no warrants of safeguards (which they do all the time). We hope to see this become law.

Personal data not a commodity, says EDPB

In its highly anticipated Opinion on pay-or-ok, the EDPB clarified that personal data are not a commodity and took a clear stance against Meta’s data mining. In all likelihood, the Court of Justice will have the last word in Meta’s long GDPR compliance saga, but the EDPB’s Opinion is a very good sign nonetheless.

This is a really big deal for privacy because many services monetize on user data in similar ways to Meta. Check out our blog to learn more about the EDPB’s Opinion, the story behind it, and its potential impact on the privacy of EU citizens.

Apple removes encrypted services from Chinese App Store

Apple removed four apps from the Chinese version of the App Store upon an order of Chinese authorities. The list includes the Threads platform and three popular end-to-end encrypted messaging apps (WhatsApp, Telegram, and Signal).

This is not the first time the Chinese government orders Apple to make software unavailable: the company was already forced to remove a VPN app in 2017. It is superfluous to highlight the possible harms to users when privacy-preserving apps are removed from the closed iOS environment, especially in a country like China.

As an Apple spokesperson told the WSJ, the company must comply with the laws even if it dislikes them. Still, none of this would have happened if it simply allowed Chinese iOS users to sideload apps, as EU users are able to do under the Digital Markets Act. By choosing to retain complete control over the iOS environment in China, Apple is knowingly putting itself in a position where it can be bullied by the government into harming its users.

Mass US data leakage

The Federal Communications Commission fined several US wireless carriers for non-consensually disclosing customers’ location data to data brokers. The fines amount to a total of $200M between Verizon, AT&T, T-Mobile, and Sprint (now owned by T-Mobile).

This is a data leakage of catastrophic proportions. The carriers sanctioned by the FCC are some of the largest on the US market, with Verizon alone accounting for almost 150 million customers.

ByteDance suspends TikTok Rewards program in Europe

As if the TikTok ultimatum from Congress wasn’t enough, the EU Commission announced an investigation into TikTok Lite’s reward program for potential infringements of the Digital Services Act. The investigation prompted ByteDance to suspend the program on the EU market.

TikTok Lite’s “Task and Reward Program” rewards users for engaging with the platform and performing certain tasks such as liking content and inviting friends to join TikTok. The Commission notes that ByteDance failed to properly assess the risks of Task and Reward, and suspects that the program could have addictive effects and cause mental health harms to the platform’s (mostly quite young) audience .

US government tightens HIPAA rules for reproductive health data

The Department of Human Health and Services issued new rules to restrict data disclosures under HIPAA in order to protect women seeking reproductive health care in sanctuary States. Crucially, the new rule forbids disclosures for the purpose of investigating reproductive health care that was lawfully provided.

The confidentiality of reproductive health care data became a key human rights issue in 2022, when the Dobbs v. Jackson ruling opened the floodgates to anti-abortion legislation in conservative States. Strengthening the HIPAA is a step in the right direction, but enormous amounts of health data still fall outside the narrow scope of the law and can be used by law enforcement and other actors in ways that harm women and health care providers.

Google delayed the deprecation of third-party cookies once again. The announcement came days after the Washington Post reported on regulatory pushback against the Sandbox due to privacy vulnerabilities.

To learn more about the news and the Privacy Sandbox, head over to our blog.

Grindr faces lawsuit over HIV data

Grindr will face a class action in the UK over the non-consensual disclosure of sensitive data, including HIV data. The lawsuit involves hundreds of users and revolves around personal data disclosures between 2018 and 2020.

Grindr, a popular dating app catering to the queer audience, was already fined in Norway for non-consensually sharing sensitive data with advertisers. According to Grindr’s own policy, such disclosures are still taking place, albeit with the user’s consent (or, in all likelihood, under a fiction of consent, as is typically the case for dating apps).

Google pays $62M settlement over location data

Stop me if you’ve heard this before, but Google signed a settlement over location data.

You know the story by now: Google likes “giving user control” over their data by tying location data collection to multiple, unclear settings found in all sorts of different places on Android devices. This may or may not be done to preventing users from entirely turning off location data collection. Google's settings are so intentionally obtuse, that even a Google engineer was not able to disable tracking.

AI keeps raising privacy issues

A recent report from the New York Times describes how OpenAI, Google, and Meta plunder the Internet for training data to develop their cutting-edge AIs. As they race each other to build bigger and more powerful models, these giants scrape data comes from all sorts of sources, including Facebook and Youtube content.

The NYT has an axe to grind with OpenAI but still raises some fair points. Big Tech’s scraping of the Web skirts company policies, exploits gaps in copyright law, and raises severe privacy concerns which are yet to be addressed. Similar privacy concerns were raised by the Italian privacy watchdog in its pending investigation on Open AI and in a parallel investigation on Sora, OpenAI’s text-to-video tool.

In the meantime, privacy advocate noyb filed a complaint against OpenAI after it failed to correct false personal information provided by ChatGPT. The complaint raises a thorny issue: under the GDPR, OpenAI has a duty to ensure that personal data are accurate, which entails ensuring that ChatGPT’s output is accurate. Good luck with that.