Meta is once again under NOYB scrutiny, but this time even the EC Commission joins them! From the Data Act to the Irish Data Protection Commissioner’s resignation, here are the top stories from October.


Meta’s ad-free subscription faces scrutiny in the EU

Meta’s paid no-ads subscription service, introduced in Europe this month, is facing the heat as advocacy group NOYB has raised a complaint to the Austrian regulator, claiming that the new service amounted to paying a fee to ensure privacy. For Web users, the monthly fee for the ad-free service is €9.99, while iOS and Android customers have to pay €12.99 per month. According to Meta, the subscription model “balances the requirements of European regulators while giving users choice.” Read more 


EU Parliament adopts the final version of the Data Act

The European Parliament has adopted the final version of the Data Act, which aims at creating harmonised rules for fair access and use of data. That Act includes provisions to facilitate data sharing, establish data transfer and usage rights, introduce interoperability standards, reinforce the right to data portability, and protect against unauthorised access to data. Data Act is awaiting formal approval by the Council of the EU before it becomes law and is expected to be enforced gradually over the next few years. Read more


Most websites don’t have privacy policies, researchers say

Researchers from Penn State College of Information Sciences and Technology crawled millions of websites and found that only one-third of online organizations had privacy policies available. Despite strict privacy regulations such as GDPR and CPRA, most organizations are not in compliance, according to the researchers. Additionally, a website’s privacy policy link had a 2-3% probability of being broken, and 5% of the broken links had irrelevant content.  Read more

If you are one of these organizations, we’ve you covered – Generate a free privacy policy for your website in minutes!


Helen Dixon, Irish Data Protection Commissioner, to step down

Helen Dixon, the Irish Data Protection Commissioner, has announced that she will be stepping down from her role as the head of the most influential data regulator in the European Union in early 2024. During her tenure, Dixon played a crucial role in data protection in the EU General Data Protection Regulation era. Dixon and her office have faced criticism and legal challenges from privacy activists over the regulator’s slow decision-making and enforcement against tech giants. Read her statement


EU Commission’s microtargeting campaign under scrutiny

The European Commission’s use of micro-targeting campaigns to promote its controversial ‘Chat Control’ regulation has come under scrutiny. Privacy advocacy group None of Your Business (NOYB) lodged a complaint with the European Data Protection Supervisor (EDPS) for EC’s alleged use of micro-targeted ads on the social media platform X (former Twitter) to push its proposal in the countries that did not support the law in the EU Council of Ministers. The countries involved are the Netherlands, Sweden, Belgium, Finland, Slovenia, Portugal, and the Czech Republic, with the ads being viewed more than four million times. Read more


A third of GDPR fines for social media platforms relate to child data protection

According to a recent analysis by the Dutch VPN provider Surfshark, five of the most widely used social media platforms—Facebook, Instagram, TikTok, Whatsapp, and X/Twitter—have been penalized more than €2.9 billion for breaking EU data protection laws since 2018.  One-third (4 out of 13) of these fines are linked to inadequate child data protection adding up to €765 million of the total amount. Read more 


US issues executive order on AI

US President Biden has issued an executive order on “safe, secure, and trustworthy artificial intelligence” introducing a range of measures to address and minimise AI threats. The executive order mandates that any business developing an AI model that might endanger national security should report to the government and take steps to comply with federal standards. This requirement will apply to the much-anticipated GPT-5. Read more


Apple resolves long-standing privacy bug in iOS

Apple has addressed a long-standing vulnerability in its iPhone and iPad software that has been undermining a privacy feature since its inception. The bug affected the iPhone’s Private Wi-Fi Address feature, which was designed to mask the device’s MAC address when connecting to a Wi-Fi network. The tech giant has fixed the vulnerability, with the release of iOS 17.1 and iOS 16.7.2. Read more


Okta admits to data breach of all customer support users

Despite previous claims that only a small percentage of customers were impacted, the American access and identity management company Okta has disclosed that hackers stole data from its customer support system in a network breach two months ago. The company has warned that the expanded scope opens customers to the risk of heightened attacks and phishing attempts. The threat actors responsible for the recent intrusion into Okta’s networks are still unknown. Read more


Samsung reports year-long data breach

In a recent admission by Samsung, hackers gained access to the personal data of its UK-based customers during a year-long breach of its systems. The company has not disclosed the exact number of affected customers, but the compromised data includes customer names, phone numbers, postal addresses, and email addresses. However, no financial data or passwords were impacted. The incident has been reported to the UK’s Information Commissioner’s Office (ICO). Read more