The world of data privacy is continuously evolving, as countries move towards stricter regulations while consumers raise concerns about their personal data. The month of April was no different. From GDPR fines to new consumer privacy laws and privacy-centric changes from Big Tech, here are the major stories we don’t want you to miss.


Google updates cookie banner for EU users

Google will display an updated cookie banner in the EU informing users how cookies are used and adding a new reject button to easily reject all non-essential cookies. The company says it has worked with France’s Commission Nationale de l’Informatique et des Libertés (CNIL) to fully redesign its approach to handling cookies on YouTube and on its search engine. Earlier this year, France’s data protection agency CNIL fined Google €150 million ($170 million) for deploying confusing language in cookie banners. Read story.


Connecticut adopts new consumer data privacy bill

Connecticut is gearing up to be the fifth US state to adopt a comprehensive privacy law. The Connecticut General Assembly passed Senate Bill 6, the Connecticut Data Privacy Act on April 28, 2022. The legislation covers personal data privacy and online monitoring and includes provisions for opting out of targeted advertising and sale of data, opt-in consent for sensitive data processing, and creating data protection standards for data controllers and processors. The bill is set to take effect on July 1, 2023, and also includes consumer rights, obligations, and exceptions similar to other state-level privacy laws in the US. Read story.


DuckDuckGo’s privacy-focused browser arrives on Mac

The privacy-centric browsing app of DuckDuckGo is now available in beta on Mac, but users will have to join a private waitlist to gain access. Similar to the mobile browsing app, the Mac browser will automatically block web trackers and includes the famous “Fire” button that burns or erases your browsing history and tabs in a single click. To join the waitlist for the browser, download (or update) the DuckDuckGo app on mobile. Then head to Settings > Privacy > DuckDuckGo for Desktop. You’ll then have to wait to receive an app notification with an invite code and link you can use to download the browser on your Mac. Read story.


Google starts testing Privacy Sandbox For Devs

Google has announced that it has started the “origin trials” for the Chrome Privacy Sandbox, its new replacement for serving targeted ads without using cookies. At this stage, testing developers will gain access to Privacy Sandbox’s newest measurement proposals: Topics API, FLEDGE, and Attribution Reporting that allow remarketing and ad clicks measurement without tracking behaviour across sites. Currently, developers can begin testing code in Canary Chrome beta. After this, testing will then begin in a limited way for Chrome beta users and then eventually to a stable version of Chrome. Read story.


Dutch tax authority fined €3.7 million for GDPR violations

The Netherlands’ data regulator, Autoriteit Persoonsgegevens, has issued a €3.7 million fine against the Dutch Tax and Customs Administration for GDPR violations. The six violations included unlawful maintenance of a list and a lack of legal basis for the processing of personal data. “The tax authorities received this fine because of the years of illegal processing of personal data in the Fraud Signaling Facility (FSV),” as per the DPA. The list maintained over six years, contained entries for approximately 270,000 individuals that sometimes incorrectly registered people as possible fraudsters. Read story.


Google is banning call recording on Android

Google is introducing a new Play Store policy that will effectively block third-party call recording apps from the Play Store. As per a Reddit thread posted on April 21, Google is planning to update a policy involving the Accessibility API that Android developers used in their call-recording apps. Google has gradually been trying to eliminate call recording on Android, mainly due to privacy concerns and the Accessibility API was the last resort for call recording apps. However, the pre-installed apps that already have permission to tap on the Accessibility API will not be affected by the changes. Read story. 


CNIL gets new powers to handle GDPR complaints

France’s data protection authority CNIL now has new powers to fast-track the handling of data protection complaints. As per a new order dated 8 April, minor and low-complexity data protection complaints “simplified sanction procedure” in view of the rising complaints received. Last year alone, more than 14,000 complaints were made to the authority, citing alleged breaches of the EU General Data Protection Regulation (GDPR). Earlier in 2022, CNIL confirmed three priority areas for its regulatory focus including transferring personal data outside of the EU when using cloud computing services. Read story.


The US announces global forum for data transfers

The US, Canada, Japan, the Republic of Korea, the Philippines, Singapore, and Chinese Taipei, issued a Global Cross-Border Privacy Rules Declaration announcing the establishment of the Global Cross-Border Privacy Rules Forum (Global CBPR Forum). The Global CBPR Forum intends to establish the Global Cross Border Privacy Rules and “first-of-their-kind data privacy certifications that help companies demonstrate compliance with internationally recognized data privacy standards”. The Global CBPR Forum is charged with promoting cooperation, exchange of information, and bridging the varying regulatory approaches to data protection and privacy. Read story.


Companies can still collect data despite Apple’s ATT

In 2021, Apple enacted App Tracking Transparency (ATT), a policy that forbids app makers from tracking user activity across other apps unless they obtain users’ explicit permission. But, researchers claim that loopholes in the ATT framework could allow some companies that collect first-party data, such as Facebook and Google to bypass the framework and collect user data. The researchers noted that “while Apple’s changes make tracking individual users more difficult, they motivate a counter-movement, and reinforce existing market power of gatekeeper companies with access to large troves of first-party data,”. Read story.


EU Parliament adopts the Data Governance Act

The European Parliament approved the Data Governance Act (DGA) on April 6, 2022. DGA seeks to allow the reuse and sharing of data to enable companies in the EU to obtain access to more data such as trade secrets, personal data, or intellectual property rights between sectors. Supporters of the legislation hope that it will accelerate the EU’s digital transformation “stimulating new business models and social innovation,” according to lead MEP Angelika Niebler. The DGA will become law after it is adopted by the Council of the EU. Read story