With Google fined, Meta cleared by a German court, and Europe rethinking GDPR rules, privacy is back in the spotlight. Here are the top stories you need to know.
Microsoft mandates consent signals for EU, UK, and Swiss users
Starting May 5, 2025, Microsoft Advertising will require all websites using its tracking tools, such as the Universal Event Tracking (UET) tag, to send a consent signal for users in the EU, UK, and Switzerland. This mandate applies even if a website doesn’t specifically target those regions, aligning Microsoft with broader privacy standards in the industry. Read more
Belgian court strikes down tracking-based ad consent framework
The Belgian Court of Appeal has upheld a decision that the Transparency and Consent Framework (TCF), widely used in online advertising, fails to comply with the General Data Protection Regulation (GDPR) due to insufficient transparency and consent mechanisms. Read more
EU proposes GDPR reforms to reduce regulatory burdens
The European Commission has introduced the ‘Omnibus’ reform package aimed at simplifying the General Data Protection Regulation (GDPR) to reduce unnecessary bureaucracy for businesses, particularly small and medium-sized enterprises, while maintaining data protection standards. Read more
German court allows Meta to use public user data for AI training
A German court has dismissed an injunction seeking to prevent Meta from using publicly available Facebook and Instagram posts to train its AI models. The court found the data use aligns with Meta’s “legitimate interest” under GDPR and noted that users can opt out. Read more
Massachusetts and New York propose comprehensive privacy laws
Legislators in Massachusetts and New York have introduced bills aimed at establishing comprehensive consumer privacy protections. The proposed laws would grant residents rights over their personal data and impose obligations on businesses regarding data handling and transparency. Read more
Google settles $1.375B Texas privacy lawsuit
Google has agreed to pay $1.375 billion to settle allegations by the Texas Attorney General that it unlawfully collected and used Texans’ personal data, including geolocation and biometric information, without proper consent. This marks the largest state-level settlement for data privacy violations in the US. Read more
NOYB challenges Meta's AI data use in Europe
Privacy group NOYB, led by Max Schrems, has filed 11 complaints across EU countries and sent a cease-and-desist letter to Meta, opposing its plan to use European users’ personal data for AI training. NOYB argues that Meta’s reliance on ‘legitimate interest’ under GDPR is unfounded and calls for an opt-in consent model. Read more
Experts express concern over EU's plan to weaken encryption
A coalition of 89 experts, including organizations like Mozilla, Proton, and the Electronic Frontier Foundation, has urged the European Commission to rethink its ProtectEU strategy. They warn that proposed changes could weaken end-to-end encryption and jeopardize EU residents’ privacy and security. Read more
California bill seeks opt-in for location data collection
California Assembly Bill 1355, also known as the California Location Privacy Act, would mandate businesses to obtain clear, opt-in consent before collecting or sharing users’ precise location data, aiming to enhance digital privacy protections for consumers. It is currently under review in the state legislature. Read more
ICO releases case studies on privacy-enhancing technologies
The UK’s Information Commissioner’s Office (ICO) has published case studies demonstrating the practical application of privacy-enhancing technologies (PETs), such as differential privacy and synthetic data, to help organisations protect personal data while enabling data sharing and analysis. Read more