[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"blog-slug_blog_3_1":3,"blog-slug_blog_privacy-monthly-february-2023_1000_1":40},{"article":4,"articles":15,"meta":33,"languages":39},{"id":5,"title":6,"excerpt":7,"locale":8,"slug":9,"authorSlug":10,"automaticTranslated":11,"publishedAt":12,"updatedAt":13,"doFollowLinks":11,"showIndex":11,"showCallToActions":11,"articleType":14},3060,"The EU wants to kill cookie banners","The EU wants to end annoying cookie pop-ups by letting users set their consent once in their browser. If passed, websites will have to respect those choices.","en","the-eu-wants-to-kill-cookie-banners-by-moving-consent-to-your-browser","iron-brands",false,"2025-11-20T05:40:14.356Z","2025-11-20T06:13:15.812Z","blog",[4,16,26],{"id":17,"title":18,"excerpt":19,"locale":8,"slug":20,"authorSlug":10,"automaticTranslated":11,"publishedAt":21,"updatedAt":22,"ctaTitle":23,"ctaDescription":24,"doFollowLinks":11,"showIndex":25,"showCallToActions":11,"articleType":14},3019,"Google is tracking you (even when you use DuckDuckGo)","Google tracks users even on DuckDuckGo via Analytics and embeds. A new study shows how deep Google’s web tracking really goes.","google-is-tracking-you-even-when-you-use-duck-duck-go","2025-07-14T08:56:41.709Z","2025-07-14T11:26:01.386Z","If you care about privacy, you don't use Google Analytics","Ditch the tracking, keep the insights. Try Simple Analytics.",true,{"id":27,"title":28,"excerpt":29,"locale":8,"slug":30,"authorSlug":10,"automaticTranslated":11,"publishedAt":31,"updatedAt":32,"doFollowLinks":11,"showIndex":11,"showCallToActions":11,"articleType":14},3018," German court rules Meta’s tracking tech violates GDPR","German court rules Meta’s tracking tech violates GDPR, allowing lawsuits without proof of harm. Big risks ahead for sites using Meta pixels.","german-court-rules-meta-s-tracking-tech-violates-gdpr","2025-07-10T08:20:51.111Z","2025-07-10T12:16:26.327Z",{"pagination":34},{"page":35,"pageSize":36,"pageCount":37,"total":38},1,3,362,1084,{},{"article":41},{"contentHtml":42,"content":43,"coverImageWithoutText":44,"inlineMedia":52,"id":114,"title":115,"excerpt":116,"locale":8,"slug":117,"authorSlug":118,"automaticTranslated":11,"publishedAt":119,"updatedAt":120,"doFollowLinks":25,"showIndex":25,"showCallToActions":25,"articleType":14,"cover":44,"languages":121},"\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"338\">The privacy monthly is back with juicy news: the European Data Protection Board has been up to some important stuff, Google faces yet another antitrust lawsuit in the US, and more. Oh, and the US no-fly list was stolen- yup, you read that right.\u003C/ContentEditable>\n\u003Cp>\u003Cimg src=\"https://cms-assets.simpleanalytics.com/google_lawsuit_b974536c37.png\" alt=\"google-lawsuit.png\">\u003C/p>\n\u003Col class=\"counters\">\u003Cli>\u003CNuxtLink to=\"#crucial-data-transfer-case-goes-to-edpb\">Crucial data transfer case goes to EDPB\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#no-fly-list-stolen\">No Fly list stolen\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#antitrust-lawsuit-against-google\">Antitrust lawsuit against Google\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#dpc-fines-meta-announces-legal-action-against-edpb\">DPC fines Meta, announces legal action against EDPB\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#edpb-task-force-cracks-down-on-cookie-banners\">EDPB task force cracks down on cookie banners\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#european-commission-to-monitor-progress-of-large-scale-gdpr-cases\">European Commission to monitor progress of large-scale GDPR cases\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#french-watchdog-on-a-fining-spree\">French watchdog on a fining spree\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#eu-may-crack-down-on-political-advertising\">EU may crack down on political advertising\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#tiktok-ceo-to-testify-before-congress\">TikTok CEO to testify before Congress\u003C/NuxtLink>\u003C/li>\u003C/ol>\u003CCtaOne />\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"338\">Let’s dive in!\u003C/ContentEditable>\n\u003CContentEditable  id=\"crucial-data-transfer-case-goes-to-edpb\" parent=\"\" tag=\"h2\" :articleId=\"338\">\u003Ca referrerpolicy=\"unsafe-url\" href=\"https://iapp.org/news/a/metas-eu-data-transfer-case-faces-article-65-dispute-resolution-mechanism/?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener\">Crucial data transfer case goes to EDPB\u003C/a>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"338\">In yet another chapter of the data transfer saga, the European Data Protection Board  (the Board composed of all European data protection authorities as well as the European Data Protection Supervisor) will have the final word on the Irish data protection authority’s investigation of Meta Ireland’s data transfers. The authority already \u003CNuxtLink to=\"https://www.politico.eu/article/europe-faces-facebook-blackout-instagram-meta-data-protection/\">drafted a decision to \u003Cstrong>shut down data transfers for Facebook\u003C/strong>\u003C/NuxtLink> last July, but other data protection authorities objected, so the EDPB will settle the matter with a binding decision.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"338\">This is a high-profile case with EDPB involvement, so the outcome will surely have a \u003Cstrong>significant impact\u003C/strong> on the way DPAs will handle similar cases. The Board’s decision will make for an interesting read and give us some insight as to where individual DPAs stand on the controversial issue of data transfers.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"338\">The legal issues with data transfers are a long story by now. If you’re curious, we wrote about it \u003CNuxtLink to=\"/en/blog/how-to-move-forward-with-data-transfers-between-the-eu-us#us-data-transfers-a-long-story-short\"  >here\u003C/NuxtLink>.\u003C/ContentEditable>\n\u003CContentEditable  id=\"no-fly-list-stolen\" parent=\"\" tag=\"h2\" :articleId=\"338\">\u003Ca referrerpolicy=\"unsafe-url\" href=\"https://edition.cnn.com/2023/01/20/politics/tsa-no-fly-list-data-cybersecurity/index.html?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener\">No Fly list stolen\u003C/a>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"338\">The US Transportation Security Administration is currently investigating the leak of the 2019 version of the \u003Cstrong>federal No Fly list\u003C/strong>. The hacking was claimed by a Swiss hacktivist who allegedly found the list on an unsecured server of US airline CommuteAir. The hacktivist did not publish the list but said she will make it available to selected journalists and researchers.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"338\">The No Fly list is a list of \u003Cstrong>known or suspected terrorists\u003C/strong> who are not allowed to board flights. The list is highly controversial and has been \u003Cstrong>widely criticized\u003C/strong> for its lack of transparency and bias against the Muslim religious minority. According to the hacktivist, the version in her possession contains names and birthplaces for more than \u003Cstrong>one million individuals\u003C/strong>, both US nationals and foreigners.\u003C/ContentEditable>\n\u003CContentEditable  id=\"antitrust-lawsuit-against-google\" parent=\"\" tag=\"h2\" :articleId=\"338\">Antitrust lawsuit against Google\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"338\">The US Department of Justice and the Attorney Generals of eight States \u003Ca referrerpolicy=\"unsafe-url\" href=\"https://www.justice.gov/opa/pr/justice-department-sues-google-monopolizing-digital-advertising-technologies?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener\">filed an antitrust lawsuit\u003C/a> against Google’s parent company Alphabet Inc., seeking to \u003Cstrong>break up the company\u003C/strong> and lessen its control of the digital advertising market.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"338\">Google is not new to antitrust litigation: a lawsuit over Google’s monopoly over the Internet search market was filed by the DOJ in 2020 and dismissed. Other big tech companies are under fire as well: Meta is involved in two lawsuits over its \u003Ca referrerpolicy=\"unsafe-url\" href=\"https://www.cnbc.com/2020/12/09/ftc-and-several-states-launch-antitrust-lawsuits-against-facebook.html?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener\">dominant position on the social network market\u003C/a>, and the proposed acquisition of \u003Ca referrerpolicy=\"unsafe-url\" href=\"https://www.ftc.gov/news-events/news/press-releases/2022/07/ftc-seeks-block-virtual-reality-giant-metas-acquisition-popular-app-creator-within?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener\">VR company Within\u003C/a>. And recently the Federal Trade Commission brought Microsoft to court in an attempt to stop its acquisition of video game company Activision Blizzard, which includes popular games requiring robust \u003Ca referrerpolicy=\"unsafe-url\" href=\"https://dedicatedgamingservers.com/?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener\">game server\u003C/a> infrastructure.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"338\">Overall the DOJ seems to be taking a very proactive stance on antitrust issues under the Biden administration, which could lead to interesting developments in the future.\u003C/ContentEditable>\n\u003CContentEditable  id=\"dpc-fines-meta-announces-legal-action-against-edpb\" parent=\"\" tag=\"h2\" :articleId=\"338\">DPC fines Meta, announces legal action against EDPB\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"338\">As covered in the January privacy monthly, the Irish DPA (DPC) \u003Ca referrerpolicy=\"unsafe-url\" href=\"https://www.dataprotection.ie/en/news-media/data-protection-commission-announces-conclusion-two-inquiries-meta-ireland?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener\">fined Meta Ireland for €390M\u003C/a> for unlawfully targeting Facebook and Instagram users with personalized advertising. The DPC’s early (and very lenient) decisions were \u003Ca referrerpolicy=\"unsafe-url\" href=\"https://edpb.europa.eu/news/news/2023/facebook-and-instagram-decisions-important-impact-use-personal-data-behavioural_en?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener\">reviewed by the EDPB\u003C/a> under the dispute settlement mechanism and were mostly overturned, which led the authority to issue new decisions.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"338\">The story is not quite over yet. The EDPB later settled a third, almost identical dispute revolving around Whatsapp. This resulted in the DPC fining Meta-owned WhatsApp Ireland \u003CNuxtLink to=\"https://www.dataprotection.ie/en/news-media/press-releases/data-protection-commission-announces-decision-whatsapp-inquiry\">\u003Cstrong>for another €5M\u003C/strong>\u003C/NuxtLink> on 12 January- a rather small amount, given the number of users affected. The DPC also \u003Cstrong>announced legal action in the EU Court of Justice\u003C/strong>, as it seeks to annul the EDPB’s order to further investigate Meta’s data processing operations. According to the DPC, the order is a violation of its independence, as the EDPB lacks authority to direct a DPA’s investigation.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"338\">All decisions highlight \u003Cstrong>radical disagreement\u003C/strong> between the DPC and other DPAs, with numerous authorities objecting to the DPC’s views and pushing for a far stricter interpretation of the GDPR. Legal action from the DPC is likely to further increase the friction with its European counterparts.\u003C/ContentEditable>\n\u003CContentEditable  id=\"edpb-task-force-cracks-down-on-cookie-banners\" parent=\"\" tag=\"h2\" :articleId=\"338\">\u003Ca referrerpolicy=\"unsafe-url\" href=\"https://www.cnil.fr/en/edpb-adopts-final-report-outcome-cookie-banner-task-force?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener\">EDPB task force cracks down on cookie banners\u003C/a>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"338\">Yup, this was a busy month for the EDPB. Last year the Board established a \u003Cstrong>cookie banner task force\u003C/strong> to coordinate response to numerous complaints filed by NGO noyb against deceptive cookie banners. On January 17 the task force \u003Cstrong>published its\u003C/strong> \u003CNuxtLink to=\"https://edpb.europa.eu/our-work-tools/our-documents/report/report-work-undertaken-cookie-banner-taskforce_en\">\u003Cstrong>report\u003C/strong>\u003C/NuxtLink>.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"338\">The document deals with common instances of \u003Cstrong>deceptive design\u003C/strong> in cookie banners, such as forcing the user to go through extra steps to reject cookies or making the reject option scarcely visible. The task force largely agreed that such practices are \u003Cstrong>illegal\u003C/strong>. The document is not legally binding on DPAs, but in practice, it might be a step towards a \u003Cstrong>crackdown on deceptive banners\u003C/strong> on a European level.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"338\">If you want to know more, we covered the report \u003CNuxtLink to=\"/blog/eu-task-force-cracks-down-on-cookie-banners\"  >on our blog\u003C/NuxtLink>.\u003C/ContentEditable>\n\u003CContentEditable  id=\"european-commission-to-monitor-progress-of-large-scale-gdpr-cases\" parent=\"\" tag=\"h2\" :articleId=\"338\">\u003Ca referrerpolicy=\"unsafe-url\" href=\"https://techcrunch.com/2023/01/31/gdpr-enforcement-reform-dpa-oversight/?guccounter=1&utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener\">European Commission to monitor progress of large-scale GDPR cases\u003C/a>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"338\">After action from the \u003Ca referrerpolicy=\"unsafe-url\" href=\"https://www.iccl.ie/digital-data/europe-wide-overhaul-of-gdpr-monitoring-triggered-by-iccl/?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener\">Irish Council of Civil Liberties\u003C/a> and an exchange with the EU Ombudsman, the European commission committed to \u003Cstrong>regularly monitor the investigation of large-scale, cross-border GDPR cases\u003C/strong> throughout Europe. DPAs of each Member State will report their progress on such cases every two months. The Commission will publish a report of their own on the information they receive, offering the public some insight on the state of GDPR enforcement.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"338\">Many important privacy cases against big tech stem from cross-border complaints, and resolution often take ages. The DPC’s recent fines against Meta are a good example- the complaints were fined back in 2018! Hopefully the new reporting system will speed things up.\u003C/ContentEditable>\n\u003CContentEditable  id=\"french-watchdog-on-a-fining-spree\" parent=\"\" tag=\"h2\" :articleId=\"338\">French watchdog on a fining spree\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"338\">The French DPA (CNIL) has been quite active lately, and it has been bad news for big tech. Within one month both \u003Ca referrerpolicy=\"unsafe-url\" href=\"https://www.cnil.fr/en/cookies-cnil-fines-tiktok-5-million-euros?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener\">TikTok\u003C/a> and \u003Ca referrerpolicy=\"unsafe-url\" href=\"https://www.cnil.fr/en/cookies-microsoft-ireland-operations-limited-fined-60-million-euros?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener\">Microsoft\u003C/a> were fined over \u003Cstrong>non-compliant use of cookies and deceptive cookie banners\u003C/strong> (for €8M and €60M respectively), and \u003Ca referrerpolicy=\"unsafe-url\" href=\"https://www.cnil.fr/en/advertising-id-apple-distribution-international-fined-8-million-euros?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener\">Apple\u003C/a> were fined €8M for \u003Cstrong>illegally tracking users\u003C/strong> of iOS 14.6 for advertising purposes.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"338\">The timing is very appropriate: the decisions against TikTok and Microsoft perfectly line up with the recently published report from the EDPB cookie banner task force. The CNIL is an influential DPA and its decisions will hopefully \u003Cstrong>set an example\u003C/strong> for other authorities to handle cookie cases strictly.\u003C/ContentEditable>\n\u003CContentEditable  id=\"eu-may-crack-down-on-political-advertising\" parent=\"\" tag=\"h2\" :articleId=\"338\">\u003Ca referrerpolicy=\"unsafe-url\" href=\"https://www.europarl.europa.eu/news/en/press-room/20230130IPR70208/meps-vote-for-tougher-rules-on-political-advertising?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener\">EU may crack down on political advertising\u003C/a>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"338\">The Internal Market and Consumer Protection Committee (IMCO) of the European Parliament agreed on a draft regulation to \u003Cstrong>tighten the rules for political advertising\u003C/strong>. Members of the Parliament are also proposing to \u003Cstrong>ban non-EU entities from funding political advertising\u003C/strong> in the EU.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"338\">Should the Union follow through on the IMCO’s draft, political ads will only be allowed based on personal data expressly provided for that specific purpose. This would effectively kill targeted political advertising on social networks- and in light of the Cambridge Analytica scandal, that’s probably for the best.\u003C/ContentEditable>\n\u003CContentEditable  id=\"tiktok-ceo-to-testify-before-congress\" parent=\"\" tag=\"h2\" :articleId=\"338\">\u003Ca referrerpolicy=\"unsafe-url\" href=\"https://www.washingtonpost.com/politics/2023/01/31/what-tiktok-ceo-will-face-when-he-testifies-congress/?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener\">TikTok CEO to testify before Congress\u003C/a>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"338\">\u003Cstrong>TikTok CEO Shou Zi Chew agreed to testify\u003C/strong> before the House Energy and Commerce Committee of the US Congress in March. Mr. Chew will attempt to reassure the Congress and rebuke the claims that the app makes user data available to the \u003Cstrong>Chinese Communist Party\u003C/strong>.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"338\">TikTok’s alleged security issues have been a controversial topic for years now. The Trump administration attempted to ban TikTok, but his executive order was challenged in court and later revoked by the Biden Administration. TikTok’s alleged security issues have been a hot topic ever since. TikTok is banned in 24 States and on some government devices, and the U.S. House Foreign Affairs Committee \u003Cstrong>will hold a vote to ban TikTok\u003C/strong> this month.\u003C/ContentEditable>\n","The privacy monthly is back with juicy news: the European Data Protection Board has been up to some important stuff, Google faces yet another antitrust lawsuit in the US, and more. Oh, and the US no-fly list was stolen\\- yup, you read that right.\n\n![google-lawsuit.png](https://cms-assets.simpleanalytics.com/google_lawsuit_b974536c37.png)\n\nLet’s dive in!\n\n## [Crucial data transfer case goes to EDPB](https://iapp.org/news/a/metas-eu-data-transfer-case-faces-article-65-dispute-resolution-mechanism/)\n\nIn yet another chapter of the data transfer saga, the European Data Protection Board  (the Board composed of all European data protection authorities as well as the European Data Protection Supervisor) will have the final word on the Irish data protection authority’s investigation of Meta Ireland’s data transfers. The authority already [drafted a decision to **shut down data transfers for Facebook**](https://www.politico.eu/article/europe-faces-facebook-blackout-instagram-meta-data-protection/) last July, but other data protection authorities objected, so the EDPB will settle the matter with a binding decision.\n\nThis is a high-profile case with EDPB involvement, so the outcome will surely have a **significant impact** on the way DPAs will handle similar cases. The Board’s decision will make for an interesting read and give us some insight as to where individual DPAs stand on the controversial issue of data transfers.\n\nThe legal issues with data transfers are a long story by now. If you’re curious, we wrote about it [here](https://www.simpleanalytics.com/en/blog/how-to-move-forward-with-data-transfers-between-the-eu-us#us-data-transfers-a-long-story-short).\n\n## [No Fly list stolen](https://edition.cnn.com/2023/01/20/politics/tsa-no-fly-list-data-cybersecurity/index.html)\n\nThe US Transportation Security Administration is currently investigating the leak of the 2019 version of the **federal No Fly list**. The hacking was claimed by a Swiss hacktivist who allegedly found the list on an unsecured server of US airline CommuteAir. The hacktivist did not publish the list but said she will make it available to selected journalists and researchers.\n\nThe No Fly list is a list of **known or suspected terrorists** who are not allowed to board flights. The list is highly controversial and has been **widely criticized** for its lack of transparency and bias against the Muslim religious minority. According to the hacktivist, the version in her possession contains names and birthplaces for more than **one million individuals**, both US nationals and foreigners.\n\n## Antitrust lawsuit against Google\n\nThe US Department of Justice and the Attorney Generals of eight States [filed an antitrust lawsuit](https://www.justice.gov/opa/pr/justice-department-sues-google-monopolizing-digital-advertising-technologies) against Google’s parent company Alphabet Inc., seeking to **break up the company** and lessen its control of the digital advertising market.\n\nGoogle is not new to antitrust litigation: a lawsuit over Google’s monopoly over the Internet search market was filed by the DOJ in 2020 and dismissed. Other big tech companies are under fire as well: Meta is involved in two lawsuits over its [dominant position on the social network market](https://www.cnbc.com/2020/12/09/ftc-and-several-states-launch-antitrust-lawsuits-against-facebook.html), and the proposed acquisition of [VR company Within](https://www.ftc.gov/news-events/news/press-releases/2022/07/ftc-seeks-block-virtual-reality-giant-metas-acquisition-popular-app-creator-within). And recently the Federal Trade Commission brought Microsoft to court in an attempt to stop its acquisition of video game company Activision Blizzard, which includes popular games requiring robust [game server](https://dedicatedgamingservers.com/) infrastructure.\n\nOverall the DOJ seems to be taking a very proactive stance on antitrust issues under the Biden administration, which could lead to interesting developments in the future.\n\n## DPC fines Meta, announces legal action against EDPB\n\nAs covered in the January privacy monthly, the Irish DPA (DPC) [fined Meta Ireland for €390M](https://www.dataprotection.ie/en/news-media/data-protection-commission-announces-conclusion-two-inquiries-meta-ireland) for unlawfully targeting Facebook and Instagram users with personalized advertising. The DPC’s early (and very lenient) decisions were [reviewed by the EDPB](https://edpb.europa.eu/news/news/2023/facebook-and-instagram-decisions-important-impact-use-personal-data-behavioural_en) under the dispute settlement mechanism and were mostly overturned, which led the authority to issue new decisions.\n\nThe story is not quite over yet. The EDPB later settled a third, almost identical dispute revolving around Whatsapp. This resulted in the DPC fining Meta-owned WhatsApp Ireland [**for another €5M**](https://www.dataprotection.ie/en/news-media/press-releases/data-protection-commission-announces-decision-whatsapp-inquiry) on 12 January- a rather small amount, given the number of users affected. The DPC also **announced legal action in the EU Court of Justice**, as it seeks to annul the EDPB’s order to further investigate Meta’s data processing operations. According to the DPC, the order is a violation of its independence, as the EDPB lacks authority to direct a DPA’s investigation.\n\nAll decisions highlight **radical disagreement** between the DPC and other DPAs, with numerous authorities objecting to the DPC’s views and pushing for a far stricter interpretation of the GDPR. Legal action from the DPC is likely to further increase the friction with its European counterparts.\n\n## [EDPB task force cracks down on cookie banners](https://www.cnil.fr/en/edpb-adopts-final-report-outcome-cookie-banner-task-force)\n\nYup, this was a busy month for the EDPB. Last year the Board established a **cookie banner task force** to coordinate response to numerous complaints filed by NGO noyb against deceptive cookie banners. On January 17 the task force **published its** [**report**](https://edpb.europa.eu/our-work-tools/our-documents/report/report-work-undertaken-cookie-banner-taskforce_en).\n\nThe document deals with common instances of **deceptive design** in cookie banners, such as forcing the user to go through extra steps to reject cookies or making the reject option scarcely visible. The task force largely agreed that such practices are **illegal**. The document is not legally binding on DPAs, but in practice, it might be a step towards a **crackdown on deceptive banners** on a European level.\n\nIf you want to know more, we covered the report [on our blog](https://www.simpleanalytics.com/blog/eu-task-force-cracks-down-on-cookie-banners).\n\n## [European Commission to monitor progress of large-scale GDPR cases](https://techcrunch.com/2023/01/31/gdpr-enforcement-reform-dpa-oversight/?guccounter=1)\n\nAfter action from the [Irish Council of Civil Liberties](https://www.iccl.ie/digital-data/europe-wide-overhaul-of-gdpr-monitoring-triggered-by-iccl/) and an exchange with the EU Ombudsman, the European commission committed to **regularly monitor the investigation of large-scale, cross-border GDPR cases** throughout Europe. DPAs of each Member State will report their progress on such cases every two months. The Commission will publish a report of their own on the information they receive, offering the public some insight on the state of GDPR enforcement.\n\nMany important privacy cases against big tech stem from cross-border complaints, and resolution often take ages. The DPC’s recent fines against Meta are a good example- the complaints were fined back in 2018! Hopefully the new reporting system will speed things up.\n\n## French watchdog on a fining spree\n\nThe French DPA (CNIL) has been quite active lately, and it has been bad news for big tech. Within one month both [TikTok](https://www.cnil.fr/en/cookies-cnil-fines-tiktok-5-million-euros) and [Microsoft](https://www.cnil.fr/en/cookies-microsoft-ireland-operations-limited-fined-60-million-euros) were fined over **non-compliant use of cookies and deceptive cookie banners** (for €8M and €60M respectively), and [Apple](https://www.cnil.fr/en/advertising-id-apple-distribution-international-fined-8-million-euros) were fined €8M for **illegally tracking users** of iOS 14.6 for advertising purposes.\n\nThe timing is very appropriate: the decisions against TikTok and Microsoft perfectly line up with the recently published report from the EDPB cookie banner task force. The CNIL is an influential DPA and its decisions will hopefully **set an example** for other authorities to handle cookie cases strictly.\n\n## [EU may crack down on political advertising](https://www.europarl.europa.eu/news/en/press-room/20230130IPR70208/meps-vote-for-tougher-rules-on-political-advertising)\n\nThe Internal Market and Consumer Protection Committee (IMCO) of the European Parliament agreed on a draft regulation to **tighten the rules for political advertising**. Members of the Parliament are also proposing to **ban non-EU entities from funding political advertising** in the EU.\n\nShould the Union follow through on the IMCO’s draft, political ads will only be allowed based on personal data expressly provided for that specific purpose. This would effectively kill targeted political advertising on social networks- and in light of the Cambridge Analytica scandal, that’s probably for the best.\n\n## [TikTok CEO to testify before Congress](https://www.washingtonpost.com/politics/2023/01/31/what-tiktok-ceo-will-face-when-he-testifies-congress/)\n\n**TikTok CEO Shou Zi Chew agreed to testify** before the House Energy and Commerce Committee of the US Congress in March. Mr. Chew will attempt to reassure the Congress and rebuke the claims that the app makes user data available to the **Chinese Communist Party**.\n\nTikTok’s alleged security issues have been a controversial topic for years now. The Trump administration attempted to ban TikTok, but his executive order was challenged in court and later revoked by the Biden Administration. TikTok’s alleged security issues have been a hot topic ever since. TikTok is banned in 24 States and on some government devices, and the U.S. House Foreign Affairs Committee **will hold a vote to ban TikTok** this month.\n",{"alt":45,"caption":46,"small":47,"medium":48,"large":49,"original":50,"averageColorHex":51,"isDark":25},"Google Lawsuit.png",null,"https://cms-assets.simpleanalytics.com/small_google_lawsuit_b974536c37.png","https://cms-assets.simpleanalytics.com/medium_google_lawsuit_b974536c37.png","https://cms-assets.simpleanalytics.com/large_google_lawsuit_b974536c37.png","https://cms-assets.simpleanalytics.com/google_lawsuit_b974536c37.png","7c6454",{"data":53},[54],{"id":55,"attributes":56},119,{"name":57,"alternativeText":46,"caption":46,"width":58,"height":59,"url":50,"formats":60,"mime":64,"provider_metadata":110},"google-lawsuit.png",1024,575,{"large":61,"small":75,"medium":83,"xsmall":91,"thumbnail":100},{"ext":62,"url":49,"hash":63,"mime":64,"name":65,"path":46,"size":66,"width":67,"height":68,"provider_metadata":69},".png","large_google_lawsuit_b974536c37","image/png","large_google-lawsuit.png",994.42,1000,562,{"meta":70},{"page":71,"isOpaque":25,"averageColorHex":51,"dominantColorHex":72,"averageColorBrightness":73,"dominantColorBrightness":74},0,"080808",105,8,{"ext":62,"url":47,"hash":76,"mime":64,"name":77,"path":46,"size":78,"width":79,"height":80,"provider_metadata":81},"small_google_lawsuit_b974536c37","small_google-lawsuit.png",273.12,500,281,{"meta":82},{"page":71,"isOpaque":25,"averageColorHex":51,"dominantColorHex":72,"averageColorBrightness":73,"dominantColorBrightness":74},{"ext":62,"url":48,"hash":84,"mime":64,"name":85,"path":46,"size":86,"width":87,"height":88,"provider_metadata":89},"medium_google_lawsuit_b974536c37","medium_google-lawsuit.png",605.28,750,421,{"meta":90},{"page":71,"isOpaque":25,"averageColorHex":51,"dominantColorHex":72,"averageColorBrightness":73,"dominantColorBrightness":74},{"ext":62,"url":92,"hash":93,"mime":64,"name":94,"path":46,"size":95,"width":96,"height":97,"provider_metadata":98},"https://cms-assets.simpleanalytics.com/xsmall_google_lawsuit_b974536c37.png","xsmall_google_lawsuit_b974536c37","xsmall_google-lawsuit.png",6.69,64,36,{"meta":99},{"page":71,"isOpaque":25,"averageColorHex":51,"dominantColorHex":72,"averageColorBrightness":73,"dominantColorBrightness":74},{"ext":62,"url":101,"hash":102,"mime":64,"name":103,"path":46,"size":104,"width":105,"height":106,"provider_metadata":107},"https://cms-assets.simpleanalytics.com/thumbnail_google_lawsuit_b974536c37.png","thumbnail_google_lawsuit_b974536c37","thumbnail_google-lawsuit.png",74.06,245,138,{"meta":108},{"page":71,"isOpaque":25,"averageColorHex":109,"dominantColorHex":72,"averageColorBrightness":73,"dominantColorBrightness":74},"7d6554",{"meta":111},{"page":71,"isOpaque":25,"averageColorHex":51,"dominantColorHex":112,"averageColorBrightness":73,"dominantColorBrightness":113},"f8b898",195,338,"Privacy Monthly: February 2023","The privacy monthly is back with juicy news: the European Data Protection Board has been up to some important stuff, Google faces yet another antitrust lawsuit in the US, and more. Oh, and the US no-fly list was stolen\\- yup, you read that right.","privacy-monthly-february-2023","carlo-cilento","2023-02-03T08:42:42.853Z","2024-09-05T14:21:42.752Z",{"en":122,"de":123,"fr":125,"it":127,"es":129,"nl":131},{"slug":117},{"slug":124},"datenschutz-monatlich-februar-2023",{"slug":126},"mensuel-de-la-vie-privee-fevrier-2023",{"slug":128},"il-mensile-della-privacy-febbraio-2023",{"slug":130},"privacidad-mensual-febrero-2023",{"slug":132},"privacy-nieuws-februari-2023"]