[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"blog-slug_blog_3_1":3,"blog-slug_blog_privacy-monthly-april-2024_1000_1":40},{"article":4,"articles":15,"meta":33,"languages":39},{"id":5,"title":6,"excerpt":7,"locale":8,"slug":9,"authorSlug":10,"automaticTranslated":11,"publishedAt":12,"updatedAt":13,"doFollowLinks":11,"showIndex":11,"showCallToActions":11,"articleType":14},3060,"The EU wants to kill cookie banners","The EU wants to end annoying cookie pop-ups by letting users set their consent once in their browser. If passed, websites will have to respect those choices.","en","the-eu-wants-to-kill-cookie-banners-by-moving-consent-to-your-browser","iron-brands",false,"2025-11-20T05:40:14.356Z","2025-11-20T06:13:15.812Z","blog",[4,16,26],{"id":17,"title":18,"excerpt":19,"locale":8,"slug":20,"authorSlug":10,"automaticTranslated":11,"publishedAt":21,"updatedAt":22,"ctaTitle":23,"ctaDescription":24,"doFollowLinks":11,"showIndex":25,"showCallToActions":11,"articleType":14},3019,"Google is tracking you (even when you use DuckDuckGo)","Google tracks users even on DuckDuckGo via Analytics and embeds. A new study shows how deep Google’s web tracking really goes.","google-is-tracking-you-even-when-you-use-duck-duck-go","2025-07-14T08:56:41.709Z","2025-07-14T11:26:01.386Z","If you care about privacy, you don't use Google Analytics","Ditch the tracking, keep the insights. Try Simple Analytics.",true,{"id":27,"title":28,"excerpt":29,"locale":8,"slug":30,"authorSlug":10,"automaticTranslated":11,"publishedAt":31,"updatedAt":32,"doFollowLinks":11,"showIndex":11,"showCallToActions":11,"articleType":14},3018," German court rules Meta’s tracking tech violates GDPR","German court rules Meta’s tracking tech violates GDPR, allowing lawsuits without proof of harm. Big risks ahead for sites using Meta pixels.","german-court-rules-meta-s-tracking-tech-violates-gdpr","2025-07-10T08:20:51.111Z","2025-07-10T12:16:26.327Z",{"pagination":34},{"page":35,"pageSize":36,"pageCount":37,"total":38},1,3,362,1084,{},{"article":41},{"contentHtml":42,"content":43,"inlineMedia":44,"id":46,"title":47,"excerpt":48,"locale":8,"slug":49,"authorSlug":50,"automaticTranslated":11,"publishedAt":51,"updatedAt":52,"doFollowLinks":11,"showIndex":25,"showCallToActions":25,"articleType":14,"languages":53},"\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2483\">So, the EU finally adopted its highly anticipated, widely discussed AI Act- the first regulation of its kind worldwide. In the meantime, the US is moving towards limitation of data transfers towards "countries of concern"- and possibly, even towards divesting TikTok from its Chinese ownership!\u003C/ContentEditable>\n\u003Col class=\"counters\">\u003Cli>\u003CNuxtLink to=\"#eu-passes-ai-act\">EU passes AI Act\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#congress-may-force-bytedance-to-divest-tiktok\">Congress may force Bytedance to divest TikTok\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#us-cracking-down-on-data-transfers-to-adversary-countries\">US cracking down on data transfers to adversary countries\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#mark-zuckerberg-involved-in-project-ghostbusters\">Mark Zuckerberg involved in project Ghostbusters\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#gm-cuts-ties-with-data-brokers\">GM cuts ties with data brokers\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#meta-to-lower-fees-for-no-ad-service\">Meta to lower fees for no-ad service\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#google-to-delete-user-data-after-incognito-lawsuit\">Google to delete user data after Incognito lawsuit\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#17-countries-issue-statement-on-controlling-commercial-spyware\">17 Countries issue statement on controlling commercial spyware\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#zoom-faces-damages-in-brazil\">Zoom faces damages in Brazil\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#fisa-702-expiring-shortly-still-pending-reauthorization\">Fisa 702 expiring shortly, still pending reauthorization\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#edps-to-suspend-office365-use-by-the-commission\">EDPS to suspend Office365 use by the Commission\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#tc-consent-strings-are-personal-data\">TC consent strings are personal data\u003C/NuxtLink>\u003C/li>\u003C/ol>\u003CCtaTwo />\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2483\">Our Privacy Monthly discusses all of this and more. Let's dive in!\u003C/ContentEditable>\n\u003CContentEditable  id=\"eu-passes-ai-act\" parent=\"\" tag=\"h2\" :articleId=\"2483\">\u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.europarl.europa.eu/news/en/press-room/20240308IPR19015/artificial-intelligence-act-meps-adopt-landmark-law?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">EU passes AI Act\u003C/a>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2483\">With the final vote of the Parliament, the EU passed the highly anticipated \u003Cstrong>AI Act\u003C/strong>. The Act will enter into force in 2026 but provides for different timelines for specific rules.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2483\">Under the AI Act, certain applications of AI such as social scoring are prohibited altogether, while high risk AI application and generative AI are subject to stringent rules. The Regulation also establishes an AI Office for enforcement.\u003C/ContentEditable>\n\u003CContentEditable  id=\"congress-may-force-bytedance-to-divest-tiktok\" parent=\"\" tag=\"h2\" :articleId=\"2483\">\u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.nbcnews.com/politics/congress/house-likely-pass-bill-ban-tiktok-sending-senate-rcna142797?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">Congress may force Bytedance to divest TikTok\u003C/a>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2483\">The House of Representative passed a bill that would force Bytedance to \u003Cstrong>divest TikTok\u003C/strong> in order to make the social network available in the US market.  The unprecedented and controversial proposal now needs the vote of the Senate to become a law.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2483\">Supporters of the bill claim that ByteDance’s ties to the Chinese Communist Party would allow China to use TikTok to both collect fine-grained data on US citizens and influence political discourse.\u003C/ContentEditable>\n\u003CContentEditable  id=\"us-cracking-down-on-data-transfers-to-adversary-countries\" parent=\"\" tag=\"h2\" :articleId=\"2483\">US cracking down on data transfers to adversary countries\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2483\">In closely related news, the US is becoming increasingly aware of the national security risk posed by the unrestricted trade of personal data. The US President issued \u003CNuxtLink to=\"https://iapp.org/news/a/us-house-unanimously-approves-bill-limiting-sensitive-data-transfers-to-foreign-adversaries/\">\u003Cstrong>an executive order\u003C/strong>\u003C/NuxtLink> limiting the transfer of personal data to “countries of concern”. Furthermore, a bill restricting data sales to certain countries (the Protecting Americans’ Data from Foreign Adversaries Act) was \u003CNuxtLink to=\"https://www.theverge.com/2024/3/20/24106991/house-data-broker-foreign-adversaries-bill-passes\">\u003Cstrong>voted unanimously by the House of Congress\u003C/strong>\u003C/NuxtLink> and will likely be confirmed by the Senate.\u003C/ContentEditable>\n\u003CContentEditable  id=\"mark-zuckerberg-involved-in-project-ghostbusters\" parent=\"\" tag=\"h2\" :articleId=\"2483\">\u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.businessinsider.com/mark-zuckerberg-facebook-execs-decrypt-rival-apps-usage-snap-youtube-2024-3?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">Mark Zuckerberg involved in project Ghostbusters\u003C/a>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2483\">Back in 2016 Meta (then Facebook) \u003Cstrong>intercepted encrypted analytics for users of Snapchat and Youtube\u003C/strong> on a large scale through a Facebook-owned app in an operation nicknamed “Project Ghostbusters” by Meta staff. Project Ghostbusters might well be one of Meta’s worst privacy blunders to date, on par with Cambridge Analytica. \u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2483\">While Project Ghostbusters itself is not news, recently unsealed documents prove \u003Cstrong>the direct involvement of top-level Meta executives\u003C/strong>, including \u003Cstrong>Mark Zuckerberg\u003C/strong> himself. According to internal emails, Zuckerberg found it unacceptable that Facebook lacked analytics about \u003Cem>users of other services\u003C/em>. Yup, you read that right.\u003C/ContentEditable>\n\u003CContentEditable  id=\"gm-cuts-ties-with-data-brokers\" parent=\"\" tag=\"h2\" :articleId=\"2483\">GM cuts ties with data brokers\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2483\">General motors \u003Cstrong>\u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.nytimes.com/2024/03/22/technology/gm-onstar-driver-data.html?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">stopped sharing driver data\u003C/a> with data brokers\u003C/strong> LexisNexis Risk Solutions and Verisk after the \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.nytimes.com/2024/03/11/technology/carmakers-driver-tracking-insurance.html?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">New York Times\u003C/a> reported on the company’s invasive data sharing practices. The two data brokers used fine-grained personal data to build \u003Cstrong>insurance risk profiles for drivers\u003C/strong> and sell them to insurance companies.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2483\">GM’s privacy blunder may not be an isolated case: months ago, a study by the Mozilla Foundation highlighted \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">awful privacy practices across the entire automotive industry\u003C/a>.\u003C/ContentEditable>\n\u003CContentEditable  id=\"meta-to-lower-fees-for-no-ad-service\" parent=\"\" tag=\"h2\" :articleId=\"2483\">Meta to lower fees for no-ad service\u003C/ContentEditable>\n\u003Cp>According to \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.reuters.com/technology/meta-offers-cut-facebook-instagram-monthly-fees-599-euros-2024-03-19/?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">Reuters\u003C/a>,\nMeta offered EU regulators to \u003Cstrong>lower the price\u003C/strong> of ad-free Facebook and Instagram subscriptions from €9.99 to €5.99, in an attempt to shield itself from ongoing legal challenge over its \u003Cstrong>pay-or-ok\u003C/strong> approach to privacy.\u003C/p>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2483\">noyb (one of the NGOs behind the legal challenges faced by Meta) was \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://noyb.eu/en/pay-or-okay-1500-eu-year-your-online-privacy?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">critical of the company’s decision\u003C/a> and noted that lowering the prices doesn’t address any of the severe concerns raised by paid subscriptions. We don’t expect Meta’s other critics to be impressed with the price cut, either.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2483\">Meta’s paid subscriptions have been controversial in the privacy community since day one. If you are curious about this hot topic and its implications for privacy rights, feel free to check out our \u003CNuxtLink to=\"/blog/meta-subscriptions-under-attack\"  >blog\u003C/NuxtLink>.\u003C/ContentEditable>\n\u003CContentEditable  id=\"google-to-delete-user-data-after-incognito-lawsuit\" parent=\"\" tag=\"h2\" :articleId=\"2483\">\u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://edition.cnn.com/2024/04/01/tech/google-to-delete-data-records-to-settle-incognito-lawsuit/index.html?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">Google to delete user data after Incognito lawsuit\u003C/a>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2483\">Following a class action in a federal court, Google pledged to delete user data about Incognito browsing on Google Chrome. According to the lawsuit, Google misrepresented data collection from Incognito mode.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2483\">Users will not receive damages as part of the class action, but may still take action individually against the company.\u003C/ContentEditable>\n\u003CContentEditable  id=\"17-countries-issue-statement-on-controlling-commercial-spyware\" parent=\"\" tag=\"h2\" :articleId=\"2483\">\u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.gov.uk/government/news/efforts-to-counter-the-proliferation-and-misuse-of-commercial-spyware-joint-statement?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">17 Countries issue statement on controlling commercial spyware\u003C/a>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2483\">Governments from 17 Countries (including the US, the UK, France, and Germany) issued a statement on the need to \u003Cstrong>control the distribution and proliferation of commercial spyware\u003C/strong>. The statement acknowledges that commercial spyware poses a \u003Cstrong>threat to democracy\u003C/strong> and that stricter regulation is needed to control its development and sale.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2483\">The statement did not come a moment too soon: in 2022 a \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.politico.eu/article/eu-spyware-probe-slams-government-leaders-as-perpetrators-of-abuse?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">special inquiry committee\u003C/a> from the EU Parliament found evidence of spyware abuse from \u003Cstrong>at least four EU governments\u003C/strong>. In more recent news, commercial spyware was found on the devices of \u003Cstrong>two EU MEPs\u003C/strong> during routine controls in February, as reported by \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.politico.eu/article/nathalie-loiseau-elena-yoncheva-pegasus-spyware-european-parliament-security-defense-subcommittee/?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">Politico\u003C/a>.\u003C/ContentEditable>\n\u003CContentEditable  id=\"zoom-faces-damages-in-brazil\" parent=\"\" tag=\"h2\" :articleId=\"2483\">\u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://brazilian.report/liveblog/politics-insider/2024/03/12/facebook-zoom-convicted-user-data/?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">Zoom faces damages in Brazil\u003C/a>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2483\">The Court of Maranhão found that \u003Cstrong>Zoom illegally shared user data with Meta\u003C/strong> by including a “log in with Facebook” option for its service. The company will pay BRL20M (about €3.5M) in collective damages, as well as BRL500M (about 90€) to users involved in the breach.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2483\">Zoom stated that the sharing of user data was unintended and that the company had no data sharing partnership with Meta.\u003C/ContentEditable>\n\u003CContentEditable  id=\"fisa-702-expiring-shortly-still-pending-reauthorization\" parent=\"\" tag=\"h2\" :articleId=\"2483\">\u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.nextgov.com/cybersecurity/2024/03/government-funding-bill-punts-extension-controversial-spying-power/395120/?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">Fisa 702 expiring shortly, still pending reauthorization\u003C/a>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2483\">Reauthorization of government surveillance under Section 702 of the Foreign Intelligence Surveillance Act (FISA) is due to expire on April 19. The controversial law authorizes broad government surveillance of foreign citizens but has frequently been abused to indirectly \u003Cstrong>wiretap the communications of US citizens without a warrant\u003C/strong>.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2483\">As one of the most problematic US surveillance laws, FISA has been at the center of the \u003Cstrong>Schrems ruling\u003C/strong> and the ensuing drama around EU-US data transfers.\u003C/ContentEditable>\n\u003CContentEditable  id=\"edps-to-suspend-office365-use-by-the-commission\" parent=\"\" tag=\"h2\" :articleId=\"2483\">\u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.edps.europa.eu/system/files/2024-03/EDPS-2024-05-European-Commission_s-use-of-M365-infringes-data-protection-rules-for-EU-institutions-and-bodies_EN.pdf?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">EDPS to suspend Office365 use by the Commission\u003C/a>\u003C/ContentEditable>\n\u003Cp>After a long investigation, the European Data Protection Supervisor ordered the Commission to \u003Cstrong>suspend the use of Office365\u003C/strong>. The decision is highly technical in nature and revolves around the Commission’s failure to comply with the \u003Cstrong>data transfer rules\u003C/strong> of Regulation\n2018/1725 (a privacy law that applies to EU institutions in lieu of the GDPR).\u003C/p>\n\u003CContentEditable  id=\"tc-consent-strings-are-personal-data\" parent=\"\" tag=\"h2\" :articleId=\"2483\">\u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://curia.europa.eu/jcms/upload/docs/application/pdf/2024-03/cp240044en.pdf?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">TC consent strings are personal data\u003C/a>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2483\">The Court of Justice found that the \u003Cstrong>TC strings\u003C/strong> employed by the IAB Transparency and Consent Framework are \u003Cstrong>personal data\u003C/strong>. The ruling may have an important impact on the ad tech market, as the IAB’s framework is one of the most widely employed by EU advertisers.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2483\">A summary for this highly technical decision can be found on the \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://gdprhub.eu/index.php?title=CJEU_-_C-604%2F22_-_IAB_Europe&utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">GDPRhub\u003C/a>. \u003C/ContentEditable>\n","So, the EU finally adopted its highly anticipated, widely discussed AI Act- the first regulation of its kind worldwide. In the meantime, the US is moving towards limitation of data transfers towards \"countries of concern\"- and possibly, even towards divesting TikTok from its Chinese ownership!\n\nOur Privacy Monthly discusses all of this and more. Let's dive in!\n\n## [EU passes AI Act](https://www.europarl.europa.eu/news/en/press-room/20240308IPR19015/artificial-intelligence-act-meps-adopt-landmark-law)\n\nWith the final vote of the Parliament, the EU passed the highly anticipated **AI Act**. The Act will enter into force in 2026 but provides for different timelines for specific rules.\n\nUnder the AI Act, certain applications of AI such as social scoring are prohibited altogether, while high risk AI application and generative AI are subject to stringent rules. The Regulation also establishes an AI Office for enforcement.\n\n## [Congress may force Bytedance to divest TikTok](https://www.nbcnews.com/politics/congress/house-likely-pass-bill-ban-tiktok-sending-senate-rcna142797)\n\nThe House of Representative passed a bill that would force Bytedance to **divest TikTok** in order to make the social network available in the US market.  The unprecedented and controversial proposal now needs the vote of the Senate to become a law.\n\nSupporters of the bill claim that ByteDance’s ties to the Chinese Communist Party would allow China to use TikTok to both collect fine-grained data on US citizens and influence political discourse.\n\n## US cracking down on data transfers to adversary countries\n\nIn closely related news, the US is becoming increasingly aware of the national security risk posed by the unrestricted trade of personal data. The US President issued [**an executive order**](https://iapp.org/news/a/us-house-unanimously-approves-bill-limiting-sensitive-data-transfers-to-foreign-adversaries/) limiting the transfer of personal data to “countries of concern”. Furthermore, a bill restricting data sales to certain countries (the Protecting Americans’ Data from Foreign Adversaries Act) was [**voted unanimously by the House of Congress**](https://www.theverge.com/2024/3/20/24106991/house-data-broker-foreign-adversaries-bill-passes) and will likely be confirmed by the Senate.\n\n## [Mark Zuckerberg involved in project Ghostbusters](https://www.businessinsider.com/mark-zuckerberg-facebook-execs-decrypt-rival-apps-usage-snap-youtube-2024-3)\n\nBack in 2016 Meta (then Facebook) **intercepted encrypted analytics for users of Snapchat and Youtube** on a large scale through a Facebook-owned app in an operation nicknamed “Project Ghostbusters” by Meta staff. Project Ghostbusters might well be one of Meta’s worst privacy blunders to date, on par with Cambridge Analytica. \n\nWhile Project Ghostbusters itself is not news, recently unsealed documents prove **the direct involvement of top-level Meta executives**, including **Mark Zuckerberg** himself. According to internal emails, Zuckerberg found it unacceptable that Facebook lacked analytics about _users of other services_. Yup, you read that right.\n\n## GM cuts ties with data brokers\nGeneral motors **[stopped sharing driver data](https://www.nytimes.com/2024/03/22/technology/gm-onstar-driver-data.html) with data brokers** LexisNexis Risk Solutions and Verisk after the [New York Times](https://www.nytimes.com/2024/03/11/technology/carmakers-driver-tracking-insurance.html) reported on the company’s invasive data sharing practices. The two data brokers used fine-grained personal data to build **insurance risk profiles for drivers** and sell them to insurance companies.\n\nGM’s privacy blunder may not be an isolated case: months ago, a study by the Mozilla Foundation highlighted [awful privacy practices across the entire automotive industry](https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/?utm_source=simpleanalytics.com).\n\n## Meta to lower fees for no-ad service\nAccording to [Reuters](https://www.reuters.com/technology/meta-offers-cut-facebook-instagram-monthly-fees-599-euros-2024-03-19/),\nMeta offered EU regulators to **lower the price** of ad-free Facebook and Instagram subscriptions from €9.99 to €5.99, in an attempt to shield itself from ongoing legal challenge over its **pay-or-ok** approach to privacy.\n\nnoyb (one of the NGOs behind the legal challenges faced by Meta) was [critical of the company’s decision](https://noyb.eu/en/pay-or-okay-1500-eu-year-your-online-privacy) and noted that lowering the prices doesn’t address any of the severe concerns raised by paid subscriptions. We don’t expect Meta’s other critics to be impressed with the price cut, either.\n\nMeta’s paid subscriptions have been controversial in the privacy community since day one. If you are curious about this hot topic and its implications for privacy rights, feel free to check out our [blog](https://www.simpleanalytics.com/blog/meta-subscriptions-under-attack).\n\n## [Google to delete user data after Incognito lawsuit](https://edition.cnn.com/2024/04/01/tech/google-to-delete-data-records-to-settle-incognito-lawsuit/index.html)\nFollowing a class action in a federal court, Google pledged to delete user data about Incognito browsing on Google Chrome. According to the lawsuit, Google misrepresented data collection from Incognito mode.\n\nUsers will not receive damages as part of the class action, but may still take action individually against the company.\n\n## [17 Countries issue statement on controlling commercial spyware](https://www.gov.uk/government/news/efforts-to-counter-the-proliferation-and-misuse-of-commercial-spyware-joint-statement)\nGovernments from 17 Countries (including the US, the UK, France, and Germany) issued a statement on the need to **control the distribution and proliferation of commercial spyware**. The statement acknowledges that commercial spyware poses a **threat to democracy** and that stricter regulation is needed to control its development and sale.\n\nThe statement did not come a moment too soon: in 2022 a [special inquiry committee](https://www.politico.eu/article/eu-spyware-probe-slams-government-leaders-as-perpetrators-of-abuse) from the EU Parliament found evidence of spyware abuse from **at least four EU governments**. In more recent news, commercial spyware was found on the devices of **two EU MEPs** during routine controls in February, as reported by [Politico](https://www.politico.eu/article/nathalie-loiseau-elena-yoncheva-pegasus-spyware-european-parliament-security-defense-subcommittee/).\n\n## [Zoom faces damages in Brazil](https://brazilian.report/liveblog/politics-insider/2024/03/12/facebook-zoom-convicted-user-data/)\nThe Court of Maranhão found that **Zoom illegally shared user data with Meta** by including a “log in with Facebook” option for its service. The company will pay BRL20M (about €3.5M) in collective damages, as well as BRL500M (about 90€) to users involved in the breach.\n\nZoom stated that the sharing of user data was unintended and that the company had no data sharing partnership with Meta.\n\n## [Fisa 702 expiring shortly, still pending reauthorization](https://www.nextgov.com/cybersecurity/2024/03/government-funding-bill-punts-extension-controversial-spying-power/395120/)\nReauthorization of government surveillance under Section 702 of the Foreign Intelligence Surveillance Act (FISA) is due to expire on April 19. The controversial law authorizes broad government surveillance of foreign citizens but has frequently been abused to indirectly **wiretap the communications of US citizens without a warrant**.\n\nAs one of the most problematic US surveillance laws, FISA has been at the center of the **Schrems ruling** and the ensuing drama around EU-US data transfers.\n\n## [EDPS to suspend Office365 use by the Commission](https://www.edps.europa.eu/system/files/2024-03/EDPS-2024-05-European-Commission_s-use-of-M365-infringes-data-protection-rules-for-EU-institutions-and-bodies_EN.pdf)\nAfter a long investigation, the European Data Protection Supervisor ordered the Commission to **suspend the use of Office365**. The decision is highly technical in nature and revolves around the Commission’s failure to comply with the **data transfer rules** of Regulation\n2018/1725 (a privacy law that applies to EU institutions in lieu of the GDPR).\n\n## [TC consent strings are personal data](https://curia.europa.eu/jcms/upload/docs/application/pdf/2024-03/cp240044en.pdf)\nThe Court of Justice found that the **TC strings** employed by the IAB Transparency and Consent Framework are **personal data**. The ruling may have an important impact on the ad tech market, as the IAB’s framework is one of the most widely employed by EU advertisers.\n\nA summary for this highly technical decision can be found on the [GDPRhub](https://gdprhub.eu/index.php?title=CJEU_-_C-604/22_-_IAB_Europe). \n",{"data":45},null,2483,"Privacy Monthly April 2024","EU adopts AI Act, US cracks down on data sales to countries of concern, Mark Zuckerberg involved in shady affair, and more","privacy-monthly-april-2024","carlo-cilento","2024-04-08T14:58:56.029Z","2025-04-02T13:36:32.906Z",{"en":54,"de":55,"fr":57,"it":59,"es":61,"nl":63},{"slug":49},{"slug":56},"datenschutz-monatlich-april-2024",{"slug":58},"privacy-monthly-avril-2024",{"slug":60},"mensile-sulla-privacy-aprile-2024",{"slug":62},"privacidad-mensual-abril-2024",{"slug":64},"privacy-maandelijks-april-2024"]