From Google’s third-party cookie phaseout to new user consent policy updates, and Meta’s plan to unlink Facebook and Instagram, the EU privacy landscape is changing for BigTech, thanks to the upcoming Digital Markets Act. Catch all the top stories and updates from January.


Google starts phasing out third-party cookies on Chrome

On January 4, 2024, Google’s Chrome web browser disabled third-party cookies for 1% of its users – about 30 million people. A new feature called Tracking Protection, which restricts third-party cookies by default was rolled out for the 1% of randomly selected group of Chrome users globally. This marks the beginning of Google’s year-long plan to phase out cookies in 2024. Read more


Google issues warnings for non-compliant cookie banners

Google has updated its EU user consent policy for targeted ads in Europe to comply with the Digital Markets Act (DMA). The company also sent warnings to website and app owners that they could face account suspension in the European Economic Area (EEA)or UK if they display non-compliant cookie banners. Read more

CookieYes CMP is a trusted tool to comply with the new Google updates, as seen from this discussion on LinkedIn.


Two US states pass comprehensive data privacy laws

The first month of 2024 saw the passage of two new US state privacy laws in New Jersey and New Hampshire. New Jersey becomes the 13th state with a comprehensive state privacy law, which is set to take effect in January 2025. A few days later, New Hampshire passed a bill to become the 14th state to enact a data privacy law. The bill still is subject to signature from the state’s Governor and will take effect on 1 January 2025. Read more 


‘Mother of All Breaches’ data leak revealed 26 billion records

Security researchers have discovered a massive data leak dubbed the “Mother of All Breaches,” that revealed 26 billion records from popular sites like LinkedIn, Snapchat, Venmo, Adobe and X, formerly Twitter. The leak also includes records of government organizations in the US, Brazil, Germany, Philippines, Turkey, and other countries as per Cybernews, which first discovered the breach. Read more

You can use this data leak checker by Cybernews to see if your data has been compromised in the data breach.


Meta to let users unlink their Instagram and Facebook accounts

To comply with the Digital Markets Act (DMA) in the European Union (EU), Meta announced that its users will be able to unlink their Instagram, Facebook and Messenger accounts as well as other services. The changes will apply in the EU, EEA and Switzerland, and Meta will notify users about their ability to choose whether they would like to share information between these services. Read more


Spain publishes new guidance on analytics cookies

In January, the Spanish Data Protection Agency issued guidance on cookies employed for audience measurement, commonly known as analytics cookies (available in Spanish). The SDPA clarifies the instances where consent is necessary per the ePrivacy Directive and also lists cases where cookies used for obtaining traffic or performance data can be exempt from consent under certain conditions. Read more


EU data protection fines hit a record high in 2023

According to data from, approximately €2.1 billion in fines were imposed in the EU due to GDPR violations. A major contributor was the €1.2 billion for Facebook’s parent company Meta, related to the unlawful transfer of data to the US based on standard contractual clauses (SCCs). Meta was also fined £344 million by the Irish Data Protection Commission for unlawful processing of user data for targeted advertising.


Colorado recognises GPC as the first valid universal opt-out mechanism

The Colorado Attorney General announced that the Global Privacy Control (GPC) is the first universal opt-out mechanism considered valid under the Colorado Privacy Act (CPA). Beginning on July 1, 2024, organisations subject to CPA must respect consumers’ preference to opt out of the sale of personal data and targeted advertising via browser signals that conform to the GPC specification. Read more


ChatGPT is violating Europe’s privacy laws, says Italian DPA

Italy’s Data Protection Authority (DPA) conducted a month-long investigation on Open AI’s popular chatbot, ChatGPT, and has notified the company of infringements of the EU’s data privacy laws. OpenAI now has 30 days to respond with its defence.  Italy was the first EU country to block ChatGPT in March 2023 for breaching GDPR. Read more


Amazon fined for surveillance of workers in France

Amazon France Logistique was recently fined €32 million by the French data protection authorities, the Commission Nationale de l’Informatique et des Libertés (CNIL), for surveillance of its warehouse workers that CNIL noted as “excessively intrusive” and retaining data on their activities for longer than was considered necessary. Read more