Privacy Roundup: Top 10 Stories of October 2023

The UK-US data bridge has been passed, Meta now wants to charge EU users for an ad-free Facebook and Instagram, the world’s first AI summit took place in Britain and more. Read all the top stories here. 

On October 12, the UK-US Data Bridge went into force. Companies in the UK can now transfer personal data to US businesses certified as offering an adequate level of data protection under the Framework. To be eligible for the UK-US Data Bridge, US companies must participate in the EU-US Data Privacy Framework, which now has over 550 organizations already signed up. Read more

The UK hosted a landmark artificial intelligence summit on November 1 and 2, that focused on “frontier AI” models and sought to find international coordination on the ethical and responsible development of AI. Over 25 countries, including the United States, China, and the European Union, have endorsed the “Bletchley Declaration,” to tackle global risks of advanced AI. Read more

P.S. Even the AI experts take their cookies seriously – spot the CookieYes banner on the Summit’s official website!

Meta plans to charge $14 a month for ad-free Facebook and Instagram subscriptions for EU users if they do not agree to let the company use their personal data for targeted ads. This comes as a response to the EU’s Digital Service Acts and its requirement that platforms should get users’ consent in order to show them targeted ads. Read more

Starting Q1 2024, Google has announced that it will begin phasing out third-party cookies in Chrome for 1% of users worldwide. With an extended phase-out plan, Google intends to allow small-scale testing before it starts to expand the third-party cookie phaseout to 100% of Chrome users, from Q3 2024. The complete phase-out will be done pending regulatory approval from the UK’s Competition and Markets Authority (CMA). Read more

The Commission d’accès à l’information du Québec, Quebec’s data protection body, approved the final draft of its guidelines for businesses to obtain valid consent to process personal data under Law 25.  The guidelines are the first set of instructions that the CAI has released, outlining specific duties under Law 25. Other guidelines relating to the application of other provisions of these laws will be developed by the Commission.​ Read more

The European Data Protection Board (EDPB) have extended Norway’s ban on Meta’s processing of personal data for behavioural advertising to the entire European Economic Area (EEA). The “urgent binding decision” followed a request from Norway’s data regulator, Datatilsynet. Since August 7, Meta has been subject to a daily $93,000 fine imposed by Norway for breaching users’ privacy by collecting their data for targeted advertising. Read more

Google has agreed to reform its data collection practices to end an anti-trust investigation by Germany’s competition regulator, the Federal Cartel Office (FCO).  The new commitments by Google apply to services like Gmail, Google TV, and Assistant and give users the option to provide unambiguous consent on how their data is used across the company’s platforms. Read more

A Pew Research Center survey found that most Americans believe they have little to no control over what companies or the government do with their data with 71% of them worried about how the government use their data – up from 64% in 2019. On how people approach privacy policies, the survey found that a majority of Americans ignore privacy policies altogether and 56% frequently click “agree” without reading its content. Read study

The Mozilla Foundation released the ‘Annual Consumer Creep-O-Meter’ a report that measures digital privacy on a scale of 1 to 100. Mozilla gives our current state of digital privacy a score of 75.6 out of 100, which in the Creep-O-Meter terms is “very creepy.”  Cars were among the worst offenders with 100% of cars failing to meet Mozilla’s Minimum Security Standards, while 40% of mental health apps received worse scores than in 2022. Read the report

The UK’s Information Commissioner’s Office (ICO) has threatened to shut down Snapchat’s ‘My AI’ feature, if the US company fails to adequately address the regulator’s concerns. Following a preliminary investigation, the UK watchdog cited a “worrying failure” to identify and assess the privacy risks to children. Released in April 2023, ‘My AI’ is a chatbot powered by OpenAI’s ChatGPT. Read more