[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"blog-slug_blog_3_1":3,"blog-slug_blog_privacy-monthly-january-2023_1000_1":40},{"article":4,"articles":15,"meta":33,"languages":39},{"id":5,"title":6,"excerpt":7,"locale":8,"slug":9,"authorSlug":10,"automaticTranslated":11,"publishedAt":12,"updatedAt":13,"doFollowLinks":11,"showIndex":11,"showCallToActions":11,"articleType":14},3060,"The EU wants to kill cookie banners","The EU wants to end annoying cookie pop-ups by letting users set their consent once in their browser. If passed, websites will have to respect those choices.","en","the-eu-wants-to-kill-cookie-banners-by-moving-consent-to-your-browser","iron-brands",false,"2025-11-20T05:40:14.356Z","2025-11-20T06:13:15.812Z","blog",[4,16,26],{"id":17,"title":18,"excerpt":19,"locale":8,"slug":20,"authorSlug":10,"automaticTranslated":11,"publishedAt":21,"updatedAt":22,"ctaTitle":23,"ctaDescription":24,"doFollowLinks":11,"showIndex":25,"showCallToActions":11,"articleType":14},3019,"Google is tracking you (even when you use DuckDuckGo)","Google tracks users even on DuckDuckGo via Analytics and embeds. A new study shows how deep Google’s web tracking really goes.","google-is-tracking-you-even-when-you-use-duck-duck-go","2025-07-14T08:56:41.709Z","2025-07-14T11:26:01.386Z","If you care about privacy, you don't use Google Analytics","Ditch the tracking, keep the insights. Try Simple Analytics.",true,{"id":27,"title":28,"excerpt":29,"locale":8,"slug":30,"authorSlug":10,"automaticTranslated":11,"publishedAt":31,"updatedAt":32,"doFollowLinks":11,"showIndex":11,"showCallToActions":11,"articleType":14},3018," German court rules Meta’s tracking tech violates GDPR","German court rules Meta’s tracking tech violates GDPR, allowing lawsuits without proof of harm. Big risks ahead for sites using Meta pixels.","german-court-rules-meta-s-tracking-tech-violates-gdpr","2025-07-10T08:20:51.111Z","2025-07-10T12:16:26.327Z",{"pagination":34},{"page":35,"pageSize":36,"pageCount":37,"total":38},1,3,362,1084,{},{"article":41},{"contentHtml":42,"content":43,"inlineMedia":44,"id":46,"title":47,"excerpt":48,"locale":8,"slug":49,"authorSlug":50,"automaticTranslated":11,"publishedAt":51,"updatedAt":52,"doFollowLinks":11,"showIndex":25,"showCallToActions":25,"articleType":14,"languages":53},"\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"265\">Welcome to the privacy monthly January 2023 edition. We will briefly cover some of the most important privacy news once a month.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"265\">So, what happened last month? Let’s find out!\u003C/ContentEditable>\n\u003Col class=\"counters\">\u003Cli>\u003CNuxtLink to=\"#european-commission-drafts-adequacy-decision\">European Commission drafts adequacy decision\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#eu-signs-declaration-of-digital-rights\">EU signs declaration of digital rights\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#more-legal-trouble-for-meta\">More legal trouble for Meta\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#slovenia-passes-personal-data-protection-act\">Slovenia passes Personal Data Protection Act\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#office-365-not-gdpr-compliant-according-to-german-watchdogs\">Office 365 not GDPR-compliant according to German watchdogs\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#us-senate-votes-to-bans-tiktok-on-federal-government-devices\">US Senate votes to bans TikTok on federal government devices\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#meta-bans-surveillance-for-hire-companies\">Meta bans surveillance-for-hire companies\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#record-settlements-for-epic-games\">Record settlements for Epic Games\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#uk-watchdog-naming-and-shaming-companies-for-data-breaches\">UK watchdog naming and shaming companies for data breaches\u003C/NuxtLink>\u003C/li>\u003C/ol>\u003CCtaOne />\n\u003CContentEditable  id=\"european-commission-drafts-adequacy-decision\" parent=\"\" tag=\"h2\" :articleId=\"265\">\u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://ec.europa.eu/commission/presscorner/detail/en/ip_22_7631?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">European Commission drafts adequacy decision\u003C/a>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"265\">On December 13,  the EU Commission published a draft for the \u003Cstrong>adequacy decision for the US\u003C/strong>. The next step in the procedure will be a non-binding opinion from the European Data Protection Board. Finally, the draft will be voted by Member States and formally adopted by the Commission.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"265\">Approval of the draft is virtually certain, given the lengthy negotiations between the EU and the US over the Trans-Atlantic Data Privacy framework. However, the upcoming adequacy decision is also virtually certain to \u003Cstrong>face legal scrutiny in the Court of Justice\u003C/strong>. The CJEU already invalidated two data transfer frameworks in the Schrems I and II cases, and it’s hard to say how a “Schrems III” case will play out- but the European Data Protection Board may give us some hindsight in their upcoming opinion.\u003C/ContentEditable>\n\u003CContentEditable  id=\"eu-signs-declaration-of-digital-rights\" parent=\"\" tag=\"h2\" :articleId=\"265\">\u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://digital-strategy.ec.europa.eu/en/policies/digital-principles?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">EU signs declaration of digital rights\u003C/a>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"265\">On January 15 the declaration on European digital rights and principle was signed by the European Commission, the Council of Europe, and the President of the European Parliament. The declaration aims to \u003Cstrong>promote a digital transition based on a human-centric vision\u003C/strong>.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"265\">The declaration is built upon six principles (people at the center, solidarity and inclusion, freedom of choice, participation, safety and security, sustainability) and is meant to complement the EU digital strategy. In practical terms, the declaration is not binding, but might serve as an inspiration and a point of reference for the interpretation of the GDPR and the EU data protection framework in general.\u003C/ContentEditable>\n\u003CContentEditable  id=\"more-legal-trouble-for-meta\" parent=\"\" tag=\"h2\" :articleId=\"265\">More legal trouble for Meta\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"265\">On December 22 Meta Platforms agreed to a \u003CNuxtLink to=\"https://www.reuters.com/legal/facebook-parent-meta-pay-725-mln-settle-lawsuit-relating-cambridge-analytica-2022-12-23/\">\u003Cstrong>$725 million settlement\u003C/strong>\u003C/NuxtLink> \u003Cstrong>for a class action over the Cambridge Analytica case\u003C/strong>. Facebook was already fined a staggering \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.theguardian.com/technology/2019/jul/24/facebook-to-pay-5bn-fine-as-regulator-files-cambridge-analytica-complaint?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">$5 billion\u003C/a> by the US Federal Trade Commission over the scandal, on top of paying a \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.theguardian.com/technology/2018/oct/25/facebook-fined-uk-privacy-access-user-data-cambridge-analytica?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">500.000 pound fine\u003C/a> to the British privacy watchdog.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"265\">Additionally, on January 4 the Irish watchdog \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.wsj.com/articles/metas-targeted-ad-model-faces-restrictions-in-europe-11670335772?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">fined Meta Platforms Ireland for a total €390 million\u003C/a> for \u003Cstrong>unlawfully targeting Facebook and Instagram users with personalized advertising\u003C/strong>. The fine follows a decision from the European Data Protection Board under the GDPR’s dispute resolution mechanism. We covered the EDPB’s decision in more depth on our \u003CNuxtLink to=\"/en/blog/meta-targeted-advertising-not-gdpr-compliant\"  >blog\u003C/NuxtLink>.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"265\">Finally, \u003Cstrong>the\u003C/strong> \u003CNuxtLink to=\"https://edpb.europa.eu/news/news/2022/general-court-whatsapp-annulment-action-inadmissible_en\">\u003Cstrong>EU Court of Justice rejected an action\u003C/strong>\u003C/NuxtLink> \u003Cstrong>by Meta subsidiary Whatsapp Ireland against an EDPB decision\u003C/strong>. The procedure relates to a €225 fine imposed by the DPC in 2021. The action was rejected on procedural grounds, as the EDPB’s decision is only binding for the DPC and does not directly concern Whatsapp.\u003C/ContentEditable>\n\u003CContentEditable  id=\"slovenia-passes-personal-data-protection-act\" parent=\"\" tag=\"h2\" :articleId=\"265\">\u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://iapp.org/news/a/slovenia-passes-personal-data-protection-act/?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">Slovenia passes Personal Data Protection Act\u003C/a>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"265\">On December 15 the National Assembly of the Republic of Slovenia adopted the Personal Data Protection Act.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"265\">Slovenia has been subject to the GDPR since its entry into force, as EU regulations are directly applicable. However, the GDPR calls for national implementation of specific rules, and the lack of implementation made enforcement problematic. With the new law, Slovenia finally became \u003Cstrong>the last EU Member State to implement the GDPR\u003C/strong> in its national legislation.\u003C/ContentEditable>\n\u003CContentEditable  id=\"office-365-not-gdpr-compliant-according-to-german-watchdogs\" parent=\"\" tag=\"h2\" :articleId=\"265\">\u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://techcrunch.com/2022/11/28/microsoft-365-faces-darkening-gdpr-compliance-clouds-after-german-report/?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">Office 365 not GDPR-compliant according to German watchdogs\u003C/a>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"265\">The German Data Protection Conference highlighted in a recent report that the Office 365 suite from Microsoft is not compliant with certain key provisions of the GDPR.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"265\">The German Data Protection Conference (DSK) is a committee formed by the federal data protection authority of Germany and by the data protection authorities from individual German states. The report was published in late November and is the result of two years of consultations between a DSK working group and Microsoft itself. The report highlights several compliance issues, including \u003Cstrong>insufficient safeguards for EU-US data transfers, lacking data retention policies, and an overall lack of clarity about Microsoft’s role\u003C/strong> as a controller or processor with regards to individual data processing operations.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"265\">Microsoft recently announced that they would roll out their \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://blogs.microsoft.com/eupolicy/2022/12/15/eu-data-boundary-cloud-rollout/?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">EU Data Boundary Program\u003C/a> in 2023 in order to reduce data transfers to the EU. Microsoft’s move might be key for compliance with the GDPR. However, Microsoft’s new policies for European data will surely require scrutiny- as some data transfers to the US will likely still be necessary in certain scenarios.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"265\">The working group’s \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://datenschutzkonferenz-online.de/media/dskb/2022_24_11_festlegung_MS365_zusammenfassung.pdf?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">report\u003C/a> is available on the DSK’s website (German only).\u003C/ContentEditable>\n\u003CContentEditable  id=\"us-senate-votes-to-bans-tiktok-on-federal-government-devices\" parent=\"\" tag=\"h2\" :articleId=\"265\">\u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://iapp.org/news/a/us-senate-passes-bill-to-ban-tiktok-on-federal-government-devices/?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">US Senate votes to bans TikTok on federal government devices\u003C/a>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"265\">On December 14 the US Senate unanimously voted a bill to ban federal employees from downloading the TikTok app on their devices. In order to become law, the proposal still needs to be approved by the Congress and signed by the US President.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"265\">US politicians from both parties are concerned that TikTok might be used by the Chinese government to collect intelligence information. Additionally, the app is undergoing security review before the Committee on Foreign Investment in the U.S. (CFIUS), after TikTok owner ByteDance bought the musical.ly app in 2019 and merged its user base with TikTok’s.\u003C/ContentEditable>\n\u003CContentEditable  id=\"meta-bans-surveillance-for-hire-companies\" parent=\"\" tag=\"h2\" :articleId=\"265\">\u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.cyberscoop.com/meta-surveillance-for-hire-government-action/?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">Meta bans surveillance-for-hire companies\u003C/a>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"265\">On December 14 Meta announced it \u003Cstrong>banned seven surveillance-for-hire companies from Facebook\u003C/strong>, preventing them from promoting their services through the social network. The company also presented a policy paper, urging governments to take action against the surveillance industry.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"265\">According to Meta, spyware and surveillance-for-hire businesses are a significant privacy and societal threat. Many such companies are present on Facebook, and some of them carry out their operations on the platform, using fake accounts and spyware links to spy on their marks. While Meta has been prioritizing anti-spyware action on their platform, it points out that action from policy-makers is needed in order to counter the threats posed by the surveillance-for-hire business.\u003C/ContentEditable>\n\u003CContentEditable  id=\"record-settlements-for-epic-games\" parent=\"\" tag=\"h2\" :articleId=\"265\">\u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.ftc.gov/news-events/news/press-releases/2022/12/fortnite-video-game-maker-epic-games-pay-more-half-billion-dollars-over-ftc-allegations?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">Record settlements for Epic Games\u003C/a>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"265\">The Federal Trade Commission and Fortnite creator Epic Games reached two agreements with the Federal Trade Commission for \u003Cstrong>a\u003C/strong> \u003Cstrong>record $520M\u003C/strong>. The sum covers a $275M fine for violating the Children’s Online Privacy Protection Act through Fortnite’s default privacy settings, as well as a large refund for unintentional purchases driven by deceptive design. Epic will also be required to change Fortnite’s default privacy settings, requiring an opt-in for the in-game text and voice chat for users under 13.\u003C/ContentEditable>\n\u003CContentEditable  id=\"uk-watchdog-naming-and-shaming-companies-for-data-breaches\" parent=\"\" tag=\"h2\" :articleId=\"265\">\u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.dacbeachcroft.com/en/gb/articles/2022/december/named-and-shamed-ico-now-publishing-names-of-organisations-suffering-data-breaches/?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">UK watchdog naming and shaming companies for data breaches\u003C/a>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"265\">In a rather unusual move, the UK data protection authority (ICO) started \u003Cstrong>publishing comprehensive lists of companies reprimanded for data breaches\u003C/strong>. Commissioner John Edwards explained the motives behind the decision \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2022/11/how-the-ico-enforces-a-new-strategic-approach-to-regulatory-action/?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">in a recent speech\u003C/a>, highlighting the need for transparency and certainty in rule enforcement, as well as the importance of accountability for companies.\u003C/ContentEditable>\n","Welcome to the privacy monthly January 2023 edition. We will briefly cover some of the most important privacy news once a month.\n\nSo, what happened last month? Let’s find out!\n\n{{tableofcontents}}\n\n## [European Commission drafts adequacy decision](https://ec.europa.eu/commission/presscorner/detail/en/ip_22_7631)\n\nOn December 13,  the EU Commission published a draft for the **adequacy decision for the US**. The next step in the procedure will be a non-binding opinion from the European Data Protection Board. Finally, the draft will be voted by Member States and formally adopted by the Commission.\n\nApproval of the draft is virtually certain, given the lengthy negotiations between the EU and the US over the Trans-Atlantic Data Privacy framework. However, the upcoming adequacy decision is also virtually certain to **face legal scrutiny in the Court of Justice**. The CJEU already invalidated two data transfer frameworks in the Schrems I and II cases, and it’s hard to say how a “Schrems III” case will play out- but the European Data Protection Board may give us some hindsight in their upcoming opinion.\n\n## [EU signs declaration of digital rights](https://digital-strategy.ec.europa.eu/en/policies/digital-principles)\n\nOn January 15 the declaration on European digital rights and principle was signed by the European Commission, the Council of Europe, and the President of the European Parliament. The declaration aims to **promote a digital transition based on a human-centric vision**.\n\nThe declaration is built upon six principles (people at the center, solidarity and inclusion, freedom of choice, participation, safety and security, sustainability) and is meant to complement the EU digital strategy. In practical terms, the declaration is not binding, but might serve as an inspiration and a point of reference for the interpretation of the GDPR and the EU data protection framework in general.\n\n## More legal trouble for Meta\n\nOn December 22 Meta Platforms agreed to a [**$725 million settlement**](https://www.reuters.com/legal/facebook-parent-meta-pay-725-mln-settle-lawsuit-relating-cambridge-analytica-2022-12-23/) **for a class action over the Cambridge Analytica case**. Facebook was already fined a staggering [$5 billion](https://www.theguardian.com/technology/2019/jul/24/facebook-to-pay-5bn-fine-as-regulator-files-cambridge-analytica-complaint) by the US Federal Trade Commission over the scandal, on top of paying a [500.000 pound fine](https://www.theguardian.com/technology/2018/oct/25/facebook-fined-uk-privacy-access-user-data-cambridge-analytica) to the British privacy watchdog.\n\nAdditionally, on January 4 the Irish watchdog [fined Meta Platforms Ireland for a total €390 million](https://www.wsj.com/articles/metas-targeted-ad-model-faces-restrictions-in-europe-11670335772) for **unlawfully targeting Facebook and Instagram users with personalized advertising**. The fine follows a decision from the European Data Protection Board under the GDPR’s dispute resolution mechanism. We covered the EDPB’s decision in more depth on our [blog](https://www.simpleanalytics.com/en/blog/meta-targeted-advertising-not-gdpr-compliant).\n\nFinally, **the** [**EU Court of Justice rejected an action**](https://edpb.europa.eu/news/news/2022/general-court-whatsapp-annulment-action-inadmissible_en) **by Meta subsidiary Whatsapp Ireland against an EDPB decision**. The procedure relates to a €225 fine imposed by the DPC in 2021. The action was rejected on procedural grounds, as the EDPB’s decision is only binding for the DPC and does not directly concern Whatsapp.\n\n## [Slovenia passes Personal Data Protection Act](https://iapp.org/news/a/slovenia-passes-personal-data-protection-act/)\n\nOn December 15 the National Assembly of the Republic of Slovenia adopted the Personal Data Protection Act.\n\nSlovenia has been subject to the GDPR since its entry into force, as EU regulations are directly applicable. However, the GDPR calls for national implementation of specific rules, and the lack of implementation made enforcement problematic. With the new law, Slovenia finally became **the last EU Member State to implement the GDPR** in its national legislation.\n\n## [Office 365 not GDPR-compliant according to German watchdogs](https://techcrunch.com/2022/11/28/microsoft-365-faces-darkening-gdpr-compliance-clouds-after-german-report/)\n\nThe German Data Protection Conference highlighted in a recent report that the Office 365 suite from Microsoft is not compliant with certain key provisions of the GDPR.\n\nThe German Data Protection Conference (DSK) is a committee formed by the federal data protection authority of Germany and by the data protection authorities from individual German states. The report was published in late November and is the result of two years of consultations between a DSK working group and Microsoft itself. The report highlights several compliance issues, including **insufficient safeguards for EU-US data transfers, lacking data retention policies, and an overall lack of clarity about Microsoft’s role** as a controller or processor with regards to individual data processing operations.\n\nMicrosoft recently announced that they would roll out their [EU Data Boundary Program](https://blogs.microsoft.com/eupolicy/2022/12/15/eu-data-boundary-cloud-rollout/) in 2023 in order to reduce data transfers to the EU. Microsoft’s move might be key for compliance with the GDPR. However, Microsoft’s new policies for European data will surely require scrutiny- as some data transfers to the US will likely still be necessary in certain scenarios.\n\nThe working group’s [report](https://datenschutzkonferenz-online.de/media/dskb/2022_24_11_festlegung_MS365_zusammenfassung.pdf) is available on the DSK’s website (German only).\n\n## [US Senate votes to bans TikTok on federal government devices](https://iapp.org/news/a/us-senate-passes-bill-to-ban-tiktok-on-federal-government-devices/)\n\nOn December 14 the US Senate unanimously voted a bill to ban federal employees from downloading the TikTok app on their devices. In order to become law, the proposal still needs to be approved by the Congress and signed by the US President.\n\nUS politicians from both parties are concerned that TikTok might be used by the Chinese government to collect intelligence information. Additionally, the app is undergoing security review before the Committee on Foreign Investment in the U.S. (CFIUS), after TikTok owner ByteDance bought the musical.ly app in 2019 and merged its user base with TikTok’s.\n\n## [Meta bans surveillance-for-hire companies](https://www.cyberscoop.com/meta-surveillance-for-hire-government-action/)\n\nOn December 14 Meta announced it **banned seven surveillance-for-hire companies from Facebook**, preventing them from promoting their services through the social network. The company also presented a policy paper, urging governments to take action against the surveillance industry.\n\nAccording to Meta, spyware and surveillance-for-hire businesses are a significant privacy and societal threat. Many such companies are present on Facebook, and some of them carry out their operations on the platform, using fake accounts and spyware links to spy on their marks. While Meta has been prioritizing anti-spyware action on their platform, it points out that action from policy-makers is needed in order to counter the threats posed by the surveillance-for-hire business.\n\n## [Record settlements for Epic Games](https://www.ftc.gov/news-events/news/press-releases/2022/12/fortnite-video-game-maker-epic-games-pay-more-half-billion-dollars-over-ftc-allegations)\n\nThe Federal Trade Commission and Fortnite creator Epic Games reached two agreements with the Federal Trade Commission for **a** **record $520M**. The sum covers a $275M fine for violating the Children’s Online Privacy Protection Act through Fortnite’s default privacy settings, as well as a large refund for unintentional purchases driven by deceptive design. Epic will also be required to change Fortnite’s default privacy settings, requiring an opt-in for the in-game text and voice chat for users under 13.\n\n## [UK watchdog naming and shaming companies for data breaches](https://www.dacbeachcroft.com/en/gb/articles/2022/december/named-and-shamed-ico-now-publishing-names-of-organisations-suffering-data-breaches/)\n\nIn a rather unusual move, the UK data protection authority (ICO) started **publishing comprehensive lists of companies reprimanded for data breaches**. Commissioner John Edwards explained the motives behind the decision [in a recent speech](https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2022/11/how-the-ico-enforces-a-new-strategic-approach-to-regulatory-action/), highlighting the need for transparency and certainty in rule enforcement, as well as the importance of accountability for companies.\n",{"data":45},null,265,"Privacy Monthly: January 2023","Every month Simple Analytics summarizes the most important privacy events. Here is our January recap","privacy-monthly-january-2023","carlo-cilento","2023-01-09T00:00:00.000Z","2023-08-15T11:51:42.434Z",{"en":54,"de":55,"fr":57,"it":59,"es":61,"nl":63},{"slug":49},{"slug":56},"datenschutz-monatlich-januar-2023",{"slug":58},"mensuel-de-la-vie-privee-janvier-2023",{"slug":60},"il-mensile-della-privacy-gennaio-2023",{"slug":62},"privacidad-mensual-enero-2023",{"slug":64},"privacy-maandelijks-januari-2023"]