It was an eventful month for data privacy with heavy GDPR fines, court rulings and new proposals. While we celebrated Data Privacy Day on January 28, privacy concerns for users seem to be rising with governments increasingly tightening regulations for Big Tech. Read the biggest stories in this Privacy Roundup for January. We will be back with the top stories next month!
France fines Google, Facebook €210m for cookie violation
Belgium reinforces cookie consent rules
Facebook launches new Privacy Center
Meta (formerly Facebook) announced a new version of its Privacy Center, which will provide a comprehensive overview of data collection, sharing, security, data use and ads. Meta noted that Privacy Center will “educate people on their privacy options and make it easier to understand how we collect and use information”. Users can learn how apps like Facebook and Instagram collect and use data and figure out how to use the multitude of privacy and security controls available. The Privacy Center is currently available to a small number of Facebook desktop users in the US. It plans to roll it out to people in the coming months. People who have access can find the Privacy Center in the Settings > Privacy section. Read story.
Google pulls back on FLoC
Google is set to do away with the proposed Federated Learning of Cohorts (FLoC) with a new interest-based targeting proposal called Topics. Topics will work by identifying “a handful of topics, like ‘Fitness’ or ‘Travel,’ that represent your top interests for that week based on your browsing history,”. Google noted that it will launch a developer trial for the new API in Q1 2022 but hasn’t announced a date. FLoC, an interest-based tracking mechanism, was intended to replace third-party cookies. But it was met with privacy concerns and browsers like DuckDuckGo, Vivaldi, Brave, Edge and Mozilla had refused to use it. Watch video.
Google One VPN is now available for iPhone
Google’s VPN service that’s included with a Google One Premium subscription is finally available for iPhones and iPad users. The VPN is available to users in 18 countries, including the US, UK, France, Germany and Canada. The service, which was available on Android since October 2020, is available for Google One members who have the 2TB Premium plan. Google also announced new VPN features for Android users such as a “safe disconnect” that shuts off internet access when a user is disconnected from the VPN. Google One VPN works by assigning users an IP address based on their current location and allows them to browse through websites without revealing the IP address. Read story.
Austrian DPA rules use of Google Analytics unlawful
Austria’s Data Protection Authority recently published its decision that the use of Google Analytics on the Austrian website NetDoktor breached the European Union’s General Data Protection Regulation (GDPR). The site’s use of Google Analytics involved a transfer of personal data to Google LLC in the US, which was in breach of Article 44 GDPR. According to the 2020 Schrems II ruling, sending personal data to a company in the US can happen only with EU sanctioned legal contracts i.e. Standard Contractual Clauses. The Norwegian Data Protection Authority also reached a similar conclusion this month hinting at wider implications for Google Analytics. Read story.
US lawmakers introduce TLDR Act
US lawmakers have introduced legislation that aims to simplify terms of service agreement which are often lengthy and complex legal documents that users must agree to before using websites and online services. The Terms-of-service Labeling, Design and Readability Act (TLDR Act) requires websites and mobile apps to create a “concise, easy to understand” summary of their terms of service that includes information on how personal information is collected and used. If passed, the TLDR Act will apply to large websites and apps and exempt small businesses. Read story.
Data breaches reached an all-time high last year
The overall number of data breaches (1,862) is up more than 68% compared to 2020 (1,108) according to the latest report published by the Identity Theft Resource Center (ITRC). A major concern outlined in the report is the increasing number of cyberattacks responsible for breaches. Over the past two years, ransomware-related data breaches have doubled while cyberattacks alone accounted for 1,600 compromises last year. Another concern that the report mentions is the lack of transparency in breach notifications. The companies that hold your data and then get hacked aren’t sharing as much as they did in the past. Read story.
The UK gets a new Information Commissioner
John Edward has been appointed as the chief of the Information Commissioner’s Office (ICO). The former New Zealand privacy commissioner is taking charge during a critical point for the country’s data protection regime. Post-Brexit, the UK government has signalled that the country will begin to diverge from the European Union’s GDPR. Edwards will work with the government on the proposed reforms including facilitating data adequacy partnerships with non-EU countries and reforming data privacy laws to make them more business-friendly. He replaces outgoing ICO chief Elizabeth Denham, who was appointed to the role in 2016. Read story.