惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

酷 壳 – CoolShell
酷 壳 – CoolShell
GbyAI
GbyAI
SecWiki News
SecWiki News
Project Zero
Project Zero
C
Cisco Blogs
Simon Willison's Weblog
Simon Willison's Weblog
P
Privacy International News Feed
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Scott Helme
Scott Helme
A
Arctic Wolf
Security Latest
Security Latest
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
P
Privacy & Cybersecurity Law Blog
Apple Machine Learning Research
Apple Machine Learning Research
T
Tailwind CSS Blog
The Hacker News
The Hacker News
T
Tenable Blog
雷峰网
雷峰网
有赞技术团队
有赞技术团队
V
V2EX
C
CXSECURITY Database RSS Feed - CXSecurity.com
T
Threat Research - Cisco Blogs
T
Threatpost
AWS News Blog
AWS News Blog
L
LINUX DO - 热门话题
Application and Cybersecurity Blog
Application and Cybersecurity Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
S
SegmentFault 最新的问题
月光博客
月光博客
Spread Privacy
Spread Privacy
S
Secure Thoughts
宝玉的分享
宝玉的分享
博客园 - 三生石上(FineUI控件)
Forbes - Security
Forbes - Security
T
The Exploit Database - CXSecurity.com
G
GRAHAM CLULEY
The Last Watchdog
The Last Watchdog
Y
Y Combinator Blog
I
Intezer
博客园 - 【当耐特】
B
Blog RSS Feed
Attack and Defense Labs
Attack and Defense Labs
I
InfoQ
博客园 - 叶小钗
Cyberwarzone
Cyberwarzone
V2EX - 技术
V2EX - 技术
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Hugging Face - Blog
Hugging Face - Blog
H
Help Net Security
C
CERT Recently Published Vulnerability Notes

Blog of Simple Analytics

The EU wants to kill cookie banners Google is tracking you (even when you use DuckDuckGo) German court rules Meta’s tracking tech violates GDPR Closing the data gap - Simple Analytics x Usercentrics The EU-US data deal may be dead in the water You are missing 20% of your website data with GA4 How a reverse trial will push Simple Analytics to the next level Google will start tracking all your devices (WTF?) Big Tech Fails EU’s Digital Services Act: Only Wikipedia Passes the Test Meta fined $102 million by the Irish Data Protection Commission Europeans spend 575 Million hours per year clicking cookie banners The most interesting GDPR fines GDPR and fines: all there is to know Google loses key antitrust case Web Analytics for Crypto Companies Web analytics for publishers Google pulls Uno Reverse card: Rolls back decision to kill third-party cookies Privacy Monthly July 2024 Privacy Perspectives June 2024 Privacy Monthly June APRA fumbles targeted advertising Privacy Monthly May Meta loses key privacy battle Google delays cookie phase-out once again Privacy Monthly April 2024 Web Analytics and Consent Cookies 101 Privacy Monthly March 2024 German authority cracks down on cookie banners Google Tag Manager vs Google Analytics Google search alternative Data retention in Google Analytics Guide to Google Analytics and Cookie consent What are Google Analytics' identifiers? How to export data from Google Analytics The Criteo case: a big deal for Big Tech Privacy Monthy January 2024 What the Digital Markets Act means for privacy Google Settles in $5B Incognito Mode Lawsuit Legal troubles for Adobe Analytics Web analytics for nonprofits HIPAA and mental health Why Meta subscriptions are under attack, and why it matters for privacy Privacy Monthly: December Simple Analytics AI Host analytics on Cloudflare Zaraz Add Google Analytics to Convertkit Google Analytics Pricing - Paid vs Free Road to 1 Million ARR - October update CCPA and Data Protection: all there is to know Analytics without a cookie banner Enterprise Analytics Privacy Monthly: November 2023 Delete Act: all you need to know Mobile App Tracking Under Fire The road to 1 Million ARR - September Update Privacy Monthly: October 2023 HIPAA violations First challenge to the EU-US data transfer framework Direct Marketing under GDPR Road to 1 million ARR - August Update CCPA vs CPRA: what is new? Privacy Monthly: September 2023 A/B Testing with Simple Analytics Dobbs v. Jackson ruling is a privacy mess Privacy Monthly: August 2023 What are your rights under the CCPA? When does the CCPA apply? How does the HIPAA compare to the CCPA and GDPR? Why Meta is in a world of trouble CJEU: cookie-based analytics collects sensitive data Road to 1 million ARR - July update All about the new Data Transfer Framework Road to 1 Million ARR - June update What is PHI under HIPAA? Sweden declares Google Analytics illegal Searching for GA4 Alternatives? Top 10 Reliable Options for Google Analyticss Ultimate HIPAA Compliance Checklist: Essential Steps for Healthcare Providers Privacy Monthly: June 2023 More troubles for Google Analytics The path to 1M ARR - May Update Data Processing Agreements Minimal Product Analytics Facebook data transfers declared illegal Is Google Analytics CCPA-compliant? Help us with your input Cookie banners: How to stay GDPR compliant? GDPR Compliance Checklist Privacy Monthly: May 2023 Simple Analytics: Privacy-first website analytics Improve your e-commerce performance with analytics European Facebook blackout is closer than we think Know your website’s Carbon Emissions - and how to reduce it The path to 1M ARR - April 2023 How to add video tracking using Google Tag Manager? How to track form submissions using Google Tag Manager? Why is my Simple Analytics data different from Google Analytics? Debug Simple Analytics script How to Import Google Analytics Data to Simple Analytics
Privacy Monthly February 2024
Carlo Cilent · 2024-02-07 · via Blog of Simple Analytics

This sure was a busy month in privacy! After long negotiations, the EU is one step closer to the AI Act. In the meantime, regulators issued important decisions against Uber and Amazon, the EDPB is working on the hot issue of pay-or-ok, the Senate heard social media CEOs on children online safety, and more!

  1. EU moves closer to AI Act as Data Act enters into force
  2. EDPB discusses pay-or-ok
  3. Heated Senate hearing over children safety
  4. Two large fines from the French watchdog
  5. Dutch regulator strikes at Uber
  6. FTC cracks down on data sharing
  7. GPDP still not happy with ChatGPT
  8. EU and US working on an agreement on police access to data
  9. EU Commission confirms 11 adequacy decisions
  10. Amazon now requires a warrant for Ring footage

The UK Government chose Simple AnalyticsJoin them

EU moves closer to AI Act as Data Act enters into force

EU Member States unanimously voted for the AI Act. Three more votes are still needed, including the crucial plenary vote from the European Parliament in April.

In the meantime, the Data Act of the EU entered into force. The Regulation aims to facilitate the use and exchange of data, especially industrial and IoT data, while striking a balance with cybersecurity and user control.

EDPB discusses pay-or-ok

The EDPB (that is, the institution that brings EU privacy regulators together) discussed the pay-or-ok approach to privacy in January and intends to publish guidelines on the issue. In other words, the EDPB intends to clarify whether, and to what extent, companies can treat personal data as a commodity.

Pay-or-ok is a hot topic right now, as Meta’s latest compliance strategy is centered around offering paid, ad-free subscriptions for Facebook and Instagram as an alternative to its free subscriptions. But the issue is bigger than that and has enormous consequences for EU privacy law as a whole.

If you are curious about the topic, our blog explores Meta’s compliance strategies and the implications of pay-or-ok for the GDPR.

Heated Senate hearing over children safety

In response to increasing public concerns over children’s safety on social media, a US Senate committee questioned the CEOs of major social platforms over children’s online safety.

CEOs from Meta, X, Snap, TikTok, and Discord were present. The questioning was rather tense, with Mark Zuckerberg (Meta) and Shou Zi Chew (TikTok) taking most of the heat. Evan Spiegel (Snap) and Linda Yaccarino (X) expressed support for the Kids Online Safety Act, while other CEOs voiced skeptical positions. 

Two large fines from the French watchdog

The French privacy regulator (CNIL) fined Amazon France for €32M over its workplace surveillance practices, and fined Yahoo for €10M for using tracking cookies. illegally.

The regulator sent a very strong signal that Amazon’s notoriously invasive workplace surveillance will not be tolerated in France: €32M is about 3% of Amazon France’s turnover for 2021 and is close to the maximum cap of 4% under the GDPR.

Dutch regulator strikes at Uber

The Dutch regulator fined Uber for €10M for failing to inform drivers of its data retention policies and making it difficult for drivers to access their personal data.

Control over data is crucial to the power balance between companies and gig economy workers. The right to access data can sometimes help workers wrestle their data back, tipping the balance in their favor. This happened not long ago in a landmark case that Uber lost (Uber BV v Aslam).

FTC cracks down on data sharing

Following an official investigation, the Federal Trade Commission ordered X to tighten its privacy policies for location data. X will not be allowed to collect location data without consent, and will not be able to share “sensitive” location data (such as medical facilities or religious institutions) with its partners.

The FTC also [banned data aggregator InMarket Media from sharing precise geolocation data.

GPDP still not happy with ChatGPT

The Italian privacy watchdog issued a (yet unpublished) notice of alleged privacy violations for Open AI relative to ChatGPT . Future developments are worth watching closely, as generative AIs raise important and yet unresolved privacy issues.

The regulator first addressed ChatGPT last year when the company was ordered to halt service for Italian users over privacy issues (we discussed the case here). The authority later lifted the restriction, but only temporarily: the case was left open and the investigation eventually led to the January 2024 notice.

EU and US working on an agreement on police access to data

According to Politico, European Justice Commissioner Didier Reynders that the EU and the USwill reach an agreement on police access to personal data within the year.

The EU and the US already have a mutual assistance treaty in place, but the existing procedures for accessing data are slow and cumbersome. The controversial Cloud Act of the US can speed things up for US law enforcement, but raises issues under the GDPR and has been widely criticized because of its unilateral nature. A new agreement could fix some issues with the Cloud Act while also allowing EU law enforcement faster access to US data.

Of course, the future agreement needs to balance effective law enforcement with the right to privacy- and the European Data Protection Supervisor will no doubt chime in on that front.

EU Commission confirms 11 adequacy decisions

The European Commission reviewed and upheld the existing adequacy decisions for Andorra, Argentina, Canada, the Faroe Islands, Guernsey, the Isle of Man, Israel, Jersey, New Zealand, Switzerland, and Uruguay. The decisions for Japan, South Korea, the U.K., and the U.S. have not been confirmed yet.

An adequacy decision is a unilateral decision that immensely simplifies data transfers by “greenlighting” a non-EU country as a safe destination for personal data. Adequacy decision are based on a complex assessment of the legal framework of the recipient country and need to be reviewed periodically.

Amazon announced that it now requires a warrant before sharing Ring footage with law enforcement. Hopefully Amazon will eventually address Ring’s other privacy issues, such as its severe cybersecurity vulnerabilities and Amazon’s irresponsibly lax data access policies for Ring employees.