The new year is taking a stronger grip on privacy. From search engines to your OS, tech companies are enacting privacy-friendly practices and are contributing to, what industry observers are referring to as reshaping the internet. Take a look at how February fared and we will be back with the top stories next month!
Google announces privacy sandbox for Android
Google has announced the start of a multi-year initiative to bring the Privacy Sandbox to Android. It will overhaul ad tracking on Android phones and will do away with the device-specific advertising ID used by Android devices now. Google shared the suite of design proposals called “Android Privacy Sandbox,” These solutions will address ad-related activities such as limiting data-sharing with third parties and will explore technologies that “reduce the potential for covert data collection, including safer ways for apps to integrate with advertising SDKs”. Read story.
The EDPB publishes guidelines on DSARs
The European Data Protection Board (EDPB) published guidelines on Data Subject Access Requests (DSARs) in the GDPR and what it means for companies that process personal data. The 60-page guidance covers a broad range of issues on subject access requests and how they can be implemented in different situations. The draft guidelines are not legally binding and is open for public consultation, and comments can be submitted till 11 March 2022. Article 15 GDPR provides data subjects with the right to access their data and obtain information on how companies (controllers) have collected and processed the data. Read guidelines.
Mozilla and Meta collaborate on privacy-preserving ad tech
Mozilla and Meta have collaborated on new advertising technology, called Interoperable Private Attribution (IPA), that would allow advertisers to track campaign performance across devices and browsers without collecting data on users. IPA will use a ‘match-key’ concept, where a match-key is linked to a user’s account or device and is only accessible by the browser. It also uses Multi-Party Computation (MPC) to make it impossible for anyone to identify users who interact with advertisements. This unexpected partnership between the two companies has drawn attention as Mozilla has been a harsh critic of Meta’s approach to privacy. Read story.
Google launches privacy ‘Checks’ for Android, iOS apps
Google has launched a new privacy platform ‘Checks’ that uses AI to detect privacy and compliance issues in mobile apps, available to both Android and iOS mobile app developers. Checks is a project developed at Google’s in-house incubator, Area 120. It will help developers to identify potential compliance issues, give actionable insights and links to relevant resources. To use Checks, app developers can log in to their Google account and provide their Google Play app ID. The platform has four tiers: Free, Core ($249 per month), Premium ($499 per month), and Enterprise. Watch video.
Belgian DPA fines IAB Europe over its consent framework
The Belgian data protection authority (DPA) has fined Interactive Advertising Bureau Europe (IAB) Europe 250,000 euros for violating GDPR and has been ordered to take corrective actions in 2 months. The DPA said IAB Europe’s Transparency and Consent Framework (TCF) could “for a large group of citizens, lead to a loss of control over their personal data.” The IAB is an association of the digital marketing and advertising industry and the TCF is used by advertisers and publishers using advertising cookies to comply with the GDPR in connection with real-time bidding. Read story.
France is the latest to rule Google Analytics violates GDPR
France’s data protection authority, CNIL ruled that Google Analytics violated Article 44 of the GDPR, which covers personal data transfers outside the EU to other ‘third countries’. CNIL noted that transfers to the United States are not sufficiently regulated, because of the absence of an adequacy decision. The complaint was filed by “None of Your Business,” the privacy watchdog founded by Max Schrems. The Austrian and Norwegian Data Protection Authorities had reached similar decisions in the previous months ruling that Google Analytics violates the EU GDPR. Read story.
EU authorities probe use of cloud services in public sector
The European Data Protection Board (EDPB) and 22 authorities have joined hands for a coordinated enforcement action to evaluate the use of cloud services by the public sector in Europe. Over 80 public agencies from a wide range of sectors including health, finance, tax, education and IT services will be covered. US cloud-service providers are attracting extra scrutiny after the 2020 judgment striking down the flagship EU-US Privacy Shield. The EDPB has noted that the findings are slated to be published before the end of 2022. Read story.
EU proposes new Data Act
The European Commission published its proposal for a new EU Data Act, which sets new rules for data sharing and is part of the EU’s strategy to become the leader in the data-agile economy. The Act will complement the Data Governance Act, adopted last year that provides a legal framework for sharing non-personal data. The draft Data Act will apply to manufacturers of products and services, such as the Internet of Things (IoT) devices and cloud service providers in the EU. Read draft regulation.
Facebook whistleblower calls for review of Irish DPC
Facebook whistleblower Frances Haugen has called for an independent inquiry into the Irish Data Protection Commission, noting that the commission faces a “conflict of interest” when regulating Big Tech firms because of their investments in the country. Speaking to a European Parliament committee, she advocated for a central EU data protection authority to help take away the “unfair pressure” on Ireland to hold the firms accountable. Ireland’s DPC has come under heavy scrutiny for allegedly under-enforcing the GDPR when a report by the Irish Council for Civil Liberties (ICCL) accused the watchdog of being “the GDPR’s worst bottleneck”. Read story.
Meta loses appeal of Cambridge Analytica case in Australia