Privacy Roundup: Top 10 Stories of May 2023

From phasing out third-party cookies to new requirements to serve ads in the EU and UK, Google is revamping its ad tech ecosystem. While the EU is preparing to face the unique challenges posed by AI. Catch up on all the top stories from the world of data privacy here.

From early 2024, Google plans to move 1% of its Chrome users to Privacy Sandbox and disable third-party cookies for them. As per Google’s timeline, the next stage of phasing out will begin by the second half of 2024.  With the release of Chrome 115 in July 2023, Google is also making Privacy Sandbox’s APIs available to all users, which will allow developers to test its effectiveness with live traffic. Read more

The Interactive Advertising Bureau Europe (IAB Europe) launched an updated version of its Transparency and Consent Framework (TCF). The new TCF v2.2 was launched in response to the criticism surrounding TCF v2.0 after the Belgian Data Protection Authority (DPA) found IAB Europe to be in breach of GDPR’s provisions. The latest version introduces updates as per the Action Plan submitted to and validated by the Belgian DPA. Read more

Google announced new requirements for websites serving ads in the Europe and UK aimed at creating a consistent consent experience for its ad tech ecosystem. Google will require website publishers who use Google AdSense, Google Ad Manager and AdMob to use a Google-certified CMP when serving ads in the EEA or the UK. The requirements follow IAB Europe’s announcement of the new TCF version 2.2. Google is expected to provide a list of Google-certified CMPs soon. Learn more

Meta has been hit with a record-breaking $1.3 billion fine (€1.2 billion) by the EU’s lead regulator, Ireland’s Data Protection Commissioner (DPC). The DPC noted that Facebook’s current data transfer to the US “did not address the risks to the fundamental rights and freedoms” of its EU users and violated GDPR. The decade-long battle stems from a complaint raised by privacy campaigner Max Schrems in the wake of the Edward Snowden revelations in 2013. Read more 

OpenAI has announced a new privacy setting that allows users to disable their chat history. This prevents content shared with ChatGPT from being used to improve the AI model. The new privacy options come in the wake of the recent privacy breach and concerns raised by EU regulators about ChatGPT.  To disable your ChatGPT history click on your account name, then click Settings > Show > Data controls and toggle off Chat History & Training. Read more

Members of the European Parliament (MEPs) have endorsed the draft AI Act. The draft includes safeguards to prohibit mass facial recognition programs in public places and predictive policing algorithms. It also calls for creating a public database of “high-risk” AI systems used by public and government authorities. The legislation was first drafted in 2021 with the aim of bringing transparency, trust, and accountability to AI. Read more 

Facial recognition firm Clearview AI has been fined €5.7 million by the French DPA CNIL for failing to pay its previous fine. In October 2022, Clearview AI was fined €20 million for GDPR violations including the illegal collection and sale of facial recognition data. As the firm has not complied with the order or submitted any proof of compliance, CNIL has imposed an additional fine of €5.7 million. Read story

Google will pay Washington state $39.9 million to resolve a lawsuit for misleading location tracking practices. Google collected and profited from consumers’ location data, even after disabling Google’s tracking technology on their phones and computers. Google is also required to be more transparent about its tracking practices and provide detailed information on its “Location Technologies” online. Google has denied wrongdoing in agreeing to settle. Read more

Montana becomes the first US state to ban TikTok Montana has signed legislation prohibiting mobile app stores from offering TikTok, making it the first US state to ban the popular video-sharing app. Montana has also announced that TikTok could face fines if they violate the ban which will take effect January 1, 2024. Over concerns that the Chinese-owned TikTok is a national security risk, the federal government, and several US states prohibited the app on government devices. Read more 

Amazon will pay US Federal Trade Commission (FTC) a $25 million penalty for violating the Children’s Online Privacy Protection Act (COPPA). Amazon will also be required to overhaul its deletion practices and implement stringent privacy safeguards. According to the complaint by FTC, Amazon indefinitely retained children’s recordings collected through its voice assistant app, Alexa and failed to delete records when requested by parents. Read more