[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"blog-slug_blog_3_1":3,"blog-slug_blog_privacy-monthly-june-2023_1000_1":40},{"article":4,"articles":15,"meta":33,"languages":39},{"id":5,"title":6,"excerpt":7,"locale":8,"slug":9,"authorSlug":10,"automaticTranslated":11,"publishedAt":12,"updatedAt":13,"doFollowLinks":11,"showIndex":11,"showCallToActions":11,"articleType":14},3060,"The EU wants to kill cookie banners","The EU wants to end annoying cookie pop-ups by letting users set their consent once in their browser. If passed, websites will have to respect those choices.","en","the-eu-wants-to-kill-cookie-banners-by-moving-consent-to-your-browser","iron-brands",false,"2025-11-20T05:40:14.356Z","2025-11-20T06:13:15.812Z","blog",[4,16,26],{"id":17,"title":18,"excerpt":19,"locale":8,"slug":20,"authorSlug":10,"automaticTranslated":11,"publishedAt":21,"updatedAt":22,"ctaTitle":23,"ctaDescription":24,"doFollowLinks":11,"showIndex":25,"showCallToActions":11,"articleType":14},3019,"Google is tracking you (even when you use DuckDuckGo)","Google tracks users even on DuckDuckGo via Analytics and embeds. A new study shows how deep Google’s web tracking really goes.","google-is-tracking-you-even-when-you-use-duck-duck-go","2025-07-14T08:56:41.709Z","2025-07-14T11:26:01.386Z","If you care about privacy, you don't use Google Analytics","Ditch the tracking, keep the insights. Try Simple Analytics.",true,{"id":27,"title":28,"excerpt":29,"locale":8,"slug":30,"authorSlug":10,"automaticTranslated":11,"publishedAt":31,"updatedAt":32,"doFollowLinks":11,"showIndex":11,"showCallToActions":11,"articleType":14},3018," German court rules Meta’s tracking tech violates GDPR","German court rules Meta’s tracking tech violates GDPR, allowing lawsuits without proof of harm. Big risks ahead for sites using Meta pixels.","german-court-rules-meta-s-tracking-tech-violates-gdpr","2025-07-10T08:20:51.111Z","2025-07-10T12:16:26.327Z",{"pagination":34},{"page":35,"pageSize":36,"pageCount":37,"total":38},1,3,362,1084,{},{"article":41},{"contentHtml":42,"content":43,"inlineMedia":44,"id":46,"title":47,"excerpt":48,"locale":8,"slug":49,"authorSlug":10,"automaticTranslated":11,"publishedAt":50,"updatedAt":51,"doFollowLinks":11,"showIndex":25,"showCallToActions":25,"articleType":14,"languages":52},"\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"607\">May was eventful. That one long-awaited decision on data transfers finally came along, wrapped in a ten-digit fine for Meta. Linkedin is next in line for the big GDPR fines. The EU Parliament opposed the Trans-Atlantic Data Privacy Framework and more.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"607\">And let’s not forget: There is a privacy and human rights mess going on in post-Dobbs v. Jackson America, and Big Tech is (unsurprisingly) on the wrong side.\u003C/ContentEditable>\n\u003Col class=\"counters\">\u003Cli>\u003CNuxtLink to=\"#facebook-hit-by-data-transfers-ban-and-record-fine\">Facebook hit by data transfers ban and record fine\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#eu-parliament-against-us-data-transfer-framework\">EU Parliament against US data transfer framework\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#google-promises-to-delete-sensitive-location-data-fails-to-deliver\">Google promises to delete sensitive location data, fails to deliver\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#linkedin-to-face-large-fine-over-targeted-advertising\">Linkedin to face large fine over targeted advertising\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#proposed-chat-control-regulation-likely-illegal\">Proposed chat control regulation likely illegal\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#two-more-us-privacy-laws\">Two more US privacy laws\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#ana-talus-voted-edpb-chair\">Ana Talus voted EDPB chair\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#twitter-cannot-quit-the-dsa\">Twitter cannot quit the DSA\u003C/NuxtLink>\u003C/li>\u003C/ol>\u003CCtaTwo />\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"607\">Let’s dive in!\u003C/ContentEditable>\n\u003CContentEditable  id=\"facebook-hit-by-data-transfers-ban-and-record-fine\" parent=\"\" tag=\"h2\" :articleId=\"607\">\u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.dataprotection.ie/en/news-media/press-releases/Data-Protection-Commission-announces-conclusion-of-inquiry-into-Meta-Ireland?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">Facebook hit by data transfers ban and record fine\u003C/a>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"607\">On May 22 the Irish Data Protection Commissioner ordered Meta Platforms Ireland to \u003Cstrong>suspend data transfers for Facebook\u003C/strong> and issued a record \u003Cstrong>€1.2 billion fine\u003C/strong>. Meta was also ordered to \u003Cstrong>delete\u003C/strong> personal data already transferred to the US.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"607\">The decision results from a \u003Cstrong>decade-long legal battle\u003C/strong> involving privacy advocate Max Schrems, the DPC, the Irish justice system, the EU Court of Justice, and the European Data Protection Board. The Board played a key role in the decision by \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://edpb.europa.eu/news/news/2023/12-billion-euro-fine-facebook-result-edpb-binding-decision_en?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">pushing the DPC to impose a fine\u003C/a> and to order the erasure of personal data.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"607\">Meta intends to challenge the decision and seek a stay of the DPC’s order. This buys the company some timeuntil the Trans-Atlantic Data Privacy Framework is fully implemented, thereby avoiding an \u003Cstrong>EU-wide Facebook blackout\u003C/strong>.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"607\">This is a \u003Cstrong>landmark case\u003C/strong> for the enforcement of the GDPR’s data transfer rules, and we discussed it in depth on \u003CNuxtLink to=\"/blog/meta-hit-with-record-breaking-1-3-billion-fine-over-facebook-data-transfers-to-the-us\"  >our blog\u003C/NuxtLink>.\u003C/ContentEditable>\n\u003CContentEditable  id=\"eu-parliament-against-us-data-transfer-framework\" parent=\"\" tag=\"h2\" :articleId=\"607\">EU Parliament against US data transfer framework\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"607\">The EU Parliament’s LIBE Committee unanimously rejected the proposed Trans-Atlantic Data Privacy Framework in April. On May 11, \u003CNuxtLink to=\"https://www.europarl.europa.eu/news/en/press-room/20230505IPR85012/meps-against-greenlighting-personal-data-transfers-with-the-u-s\">\u003Cstrong>the EU Parliament followed\u003C/strong>\u003C/NuxtLink>. Neither vote is legally binding on the European Commission.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"607\">The Parliament acknowledged that the framework is a step up from its predecessor (the Privacy Shield) but also voiced concerns over bulk intelligence collection and a lack of transparency in the redress mechanism, among others. The Parliament also questions whether the new framework will \u003Cstrong>survive scrutiny from the EU Court of Justice\u003C/strong>.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"607\">The Parliament’s vote is unlikely to stop the Commission from fully implementing the framework. In all likelihood, the predictable legal challenge before the Court of Justice will be a \u003Cstrong>baptism by fire\u003C/strong> for the new framework and the moment of truth for EU-US data transfers.\u003C/ContentEditable>\n\u003CContentEditable  id=\"google-promises-to-delete-sensitive-location-data-fails-to-deliver\" parent=\"\" tag=\"h2\" :articleId=\"607\">Google promises to delete sensitive location data, fails to deliver\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"607\">A recent investigation by \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.washingtonpost.com/technology/2023/05/09/google-privacy-abortion-data/?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">The Washington Post\u003C/a> found that Google is not delivering on its \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://blog.google/technology/safety-security/protecting-peoples-privacy-on-health-topics/?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">promise\u003C/a> to erase health clinics and other “sensitive” locations from location history\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"607\">The stakes are high: one year ago, the US Supreme Court overturned the landmark \u003Cstrong>Roe vs. Wade\u003C/strong> ruling, which allowed States to ban abortion. Conservative States quickly passed anti-abortion laws right away, and now the police are \u003Cstrong>prosecuting abortion seekers through data\u003C/strong> \u003CNuxtLink to=\"https://www.businessinsider.com/police-getting-help-social-media-to-prosecute-people-seeking-abortions-2023-2?r=US&IR=T\">\u003Cstrong>provided by Big Tech\u003C/strong>\u003C/NuxtLink>.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"607\">Privacy is a crucial issue for American women, and Big Tech is not helping- to put it mildly.\u003C/ContentEditable>\n\u003CContentEditable  id=\"linkedin-to-face-large-fine-over-targeted-advertising\" parent=\"\" tag=\"h2\" :articleId=\"607\">Linkedin to face large fine over targeted advertising\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"607\">According to \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.reuters.com/technology/microsoft-flags-over-400-mln-charge-irish-privacy-violation-fine-linkedin-2023-06-01/?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">Reuters\u003C/a>, Microsoft expects a fine in the range of \u003Cstrong>€400M\u003C/strong> from the Irish Data Protection Commission \u003Cstrong>for targeted advertising on the Linkedin social network\u003C/strong>. No other details about the decision are known.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"607\">Months ago, the DPC fined Meta Ireland for a total of €390M over illegal targeted advertising across its Facebook and Instagram platforms. The expected fine against Microsoft would make Linkedin the third social network to incur large fines over targeted advertising in a short time span.\u003C/ContentEditable>\n\u003CContentEditable  id=\"proposed-chat-control-regulation-likely-illegal\" parent=\"\" tag=\"h2\" :articleId=\"607\">Proposed chat control regulation likely illegal\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"607\">As reported by \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.theguardian.com/world/2023/may/08/eu-lawyers-plan-to-scan-private-messages-child-abuse-may-be-unlawful-chat-controls-regulation?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">The Guardian\u003C/a>, leaked internal EU legal advice suggests that the Commission’s controversial proposal for a \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://ec.europa.eu/commission/presscorner/detail/en/qanda_22_2977?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">Regulation against child sexual abuse\u003C/a> might be \u003Cstrong>illegal\u003C/strong>.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"607\">According to the documents, the draft violates the electronic surveillance standards established in the Court of Justice case law. This means the Court will likely invalidate a future Regulation upon judicial review.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"607\">The proposed Regulation requires providers of communication services to \u003Cstrong>scan videos and images\u003C/strong> to detect child pornography. But scanning systems cannot be implemented without compromising the \u003Cstrong>end-to-end encryption\u003C/strong> implemented by popular messaging services such as WhatsApp, Telegram, and Signal.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"607\">Because of its impact on encryption, the proposal is at the center of a \u003Cstrong>heated legal and political debate\u003C/strong> involving \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://edri.org/our-work/the-csa-regulation-how-did-it-reach-this-point/?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">advocacy organizations\u003C/a>, \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.politico.eu/article/germany-eu-damage-control-encryption-abuse-online/?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">governments\u003C/a>, and \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://edri.org/our-work/the-csa-regulation-how-did-it-reach-this-point/?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">European institutions\u003C/a>.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"607\">\u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.theregister.com/2023/04/18/wrong_time_to_weaken_encryption/?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">A similar debate\u003C/a> surrounds the draft for the UK Online Safety Bill, which is opposed by many advocacy organizations and service providers alike. WhatsApp even \u003CNuxtLink to=\"https://www.theverge.com/2023/3/10/23633601/uk-online-safety-bill-encryption-whatsapp-leave\">\u003Cstrong>threatened to leave the UK market\u003C/strong>\u003C/NuxtLink> should the draft become law.\u003C/ContentEditable>\n\u003CContentEditable  id=\"two-more-us-privacy-laws\" parent=\"\" tag=\"h2\" :articleId=\"607\">Two more US privacy laws\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"607\">On May 8, \u003Cstrong>the State of Florida passed a\u003C/strong> \u003CNuxtLink to=\"https://www.mediapost.com/publications/article/385144/florida-lawmakers-pass-privacy-bill-with-limited-o.html\">\u003Cstrong>new privacy bill\u003C/strong>\u003C/NuxtLink>. A \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.bakerbotts.com/thought-leadership/publications/2023/may/texas-may-soon-have-one-of-the-strongest-data-privacy-laws-in-the-us?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">data privacy bill\u003C/a> was also adopted by the \u003Cstrong>Texas\u003C/strong> legislator and is expected to become law on the weekend.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"607\">Both laws focus on businesses and data subject rights and contain exemptions for small businesses. Notably, this exemption is very broad under the Florida bill as opposed to the Texas draft.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"607\">\u003Cstrong>The US does not have a general federal privacy law\u003C/strong>. The only federal data protection rules are found in sectorial legislation such as HIPAA and COPPA. Negotiations over a federal privacy law (the ADPPA) have slowed down to a crawl, and in the meantime, more and more States are \u003Cstrong>adopting privacy bills of their own\u003C/strong>.\u003C/ContentEditable>\n\u003CContentEditable  id=\"ana-talus-voted-edpb-chair\" parent=\"\" tag=\"h2\" :articleId=\"607\">\u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://edpb.europa.eu/news/news/2023/anu-talus-elected-new-chair-european-data-protection-board_en?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">Ana Talus voted EDPB chair\u003C/a>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"607\">On May 25 \u003Cstrong>Ana Talus\u003C/strong>, head of the Finnish data protection authority, became \u003Cstrong>the new Chair of the European Data Protection Board\u003C/strong>. Cypriot \u003Cstrong>Irene Loizidou Nikolaidou\u003C/strong> will serve as Deputy Chair.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"607\">The EDPB has played a \u003Cstrong>pivotal role\u003C/strong> in the enforcement and interpretation of the GDPR so far. Guidance documents by the Board have deeply impacted the interpretation of the GDPR and of other sources of EU data protection law. And recently, the Board itself has been directly involved in several high-profile decisions involving Meta Ireland.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"607\">The former and first EDPB Chair was Andrea Jelinek, head of the Austrian data protection authority.\u003C/ContentEditable>\n\u003CContentEditable  id=\"twitter-cannot-quit-the-dsa\" parent=\"\" tag=\"h2\" :articleId=\"607\">Twitter cannot quit the DSA\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"607\">In a rather confusing move, \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.barrons.com/news/twitter-chose-confrontation-on-eu-disinformation-code-51a5dc9e?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">Twitter quit the EU Code of Practice on Disinformation\u003C/a> on May 26, months before the content moderation obligations rules of the \u003Cstrong>Digital Services Act\u003C/strong> will enter into force.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"607\">The move prompted snarky remarks from European Commissioners \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"http://politico.eu/article/eu-commissioner-thierry-breton-twitter-elon-musk-cant-hide-after-platform-ditches-disinformation-code/?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">Thierry Breton\u003C/a> and \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.barrons.com/news/twitter-chose-confrontation-on-eu-disinformation-code-51a5dc9e?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">Vera Jourova\u003C/a>. Considering that the Commission itself enforces the DSA, this is probably not the best start.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"607\">Compliance with the DSA will not be easy for online platforms, and considering the unpredictable and capricious management style of its new ownership, we expect Twitter to struggle more than others.\u003C/ContentEditable>\n","May was eventful. That one long-awaited decision on data transfers finally came along, wrapped in a ten-digit fine for Meta. Linkedin is next in line for the big GDPR fines. The EU Parliament opposed the Trans-Atlantic Data Privacy Framework and more.\n\nAnd let’s not forget: There is a privacy and human rights mess going on in post-Dobbs v. Jackson America, and Big Tech is (unsurprisingly) on the wrong side.\n\nLet’s dive in!\n\n## [Facebook hit by data transfers ban and record fine](https://www.dataprotection.ie/en/news-media/press-releases/Data-Protection-Commission-announces-conclusion-of-inquiry-into-Meta-Ireland)\n\nOn May 22 the Irish Data Protection Commissioner ordered Meta Platforms Ireland to **suspend data transfers for Facebook** and issued a record **€1.2 billion fine**. Meta was also ordered to **delete** personal data already transferred to the US.\n\nThe decision results from a **decade-long legal battle** involving privacy advocate Max Schrems, the DPC, the Irish justice system, the EU Court of Justice, and the European Data Protection Board. The Board played a key role in the decision by [pushing the DPC to impose a fine](https://edpb.europa.eu/news/news/2023/12-billion-euro-fine-facebook-result-edpb-binding-decision_en) and to order the erasure of personal data.\n\nMeta intends to challenge the decision and seek a stay of the DPC’s order. This buys the company some timeuntil the Trans-Atlantic Data Privacy Framework is fully implemented, thereby avoiding an **EU-wide Facebook blackout**.\n\nThis is a **landmark case** for the enforcement of the GDPR’s data transfer rules, and we discussed it in depth on [our blog](https://www.simpleanalytics.com/blog/meta-hit-with-record-breaking-1-3-billion-fine-over-facebook-data-transfers-to-the-us).\n\n## EU Parliament against US data transfer framework\n\nThe EU Parliament’s LIBE Committee unanimously rejected the proposed Trans-Atlantic Data Privacy Framework in April. On May 11, [**the EU Parliament followed**](https://www.europarl.europa.eu/news/en/press-room/20230505IPR85012/meps-against-greenlighting-personal-data-transfers-with-the-u-s). Neither vote is legally binding on the European Commission.\n\nThe Parliament acknowledged that the framework is a step up from its predecessor (the Privacy Shield) but also voiced concerns over bulk intelligence collection and a lack of transparency in the redress mechanism, among others. The Parliament also questions whether the new framework will **survive scrutiny from the EU Court of Justice**.\n\nThe Parliament’s vote is unlikely to stop the Commission from fully implementing the framework. In all likelihood, the predictable legal challenge before the Court of Justice will be a **baptism by fire** for the new framework and the moment of truth for EU-US data transfers.\n\n## Google promises to delete sensitive location data, fails to deliver\n\nA recent investigation by [The Washington Post](https://www.washingtonpost.com/technology/2023/05/09/google-privacy-abortion-data/) found that Google is not delivering on its [promise](https://blog.google/technology/safety-security/protecting-peoples-privacy-on-health-topics/) to erase health clinics and other “sensitive” locations from location history\n\nThe stakes are high: one year ago, the US Supreme Court overturned the landmark **Roe vs. Wade** ruling, which allowed States to ban abortion. Conservative States quickly passed anti-abortion laws right away, and now the police are **prosecuting abortion seekers through data** [**provided by Big Tech**](https://www.businessinsider.com/police-getting-help-social-media-to-prosecute-people-seeking-abortions-2023-2?r=US&IR=T).\n\nPrivacy is a crucial issue for American women, and Big Tech is not helping- to put it mildly.\n\n## Linkedin to face large fine over targeted advertising\n\nAccording to [Reuters](https://www.reuters.com/technology/microsoft-flags-over-400-mln-charge-irish-privacy-violation-fine-linkedin-2023-06-01/), Microsoft expects a fine in the range of **€400M** from the Irish Data Protection Commission **for targeted advertising on the Linkedin social network**. No other details about the decision are known.\n\nMonths ago, the DPC fined Meta Ireland for a total of €390M over illegal targeted advertising across its Facebook and Instagram platforms. The expected fine against Microsoft would make Linkedin the third social network to incur large fines over targeted advertising in a short time span.\n\n## Proposed chat control regulation likely illegal\n\nAs reported by [The Guardian](https://www.theguardian.com/world/2023/may/08/eu-lawyers-plan-to-scan-private-messages-child-abuse-may-be-unlawful-chat-controls-regulation), leaked internal EU legal advice suggests that the Commission’s controversial proposal for a [Regulation against child sexual abuse](https://ec.europa.eu/commission/presscorner/detail/en/qanda_22_2977) might be **illegal**.\n\nAccording to the documents, the draft violates the electronic surveillance standards established in the Court of Justice case law. This means the Court will likely invalidate a future Regulation upon judicial review.\n\nThe proposed Regulation requires providers of communication services to **scan videos and images** to detect child pornography. But scanning systems cannot be implemented without compromising the **end-to-end encryption** implemented by popular messaging services such as WhatsApp, Telegram, and Signal.\n\nBecause of its impact on encryption, the proposal is at the center of a **heated legal and political debate** involving [advocacy organizations](https://edri.org/our-work/the-csa-regulation-how-did-it-reach-this-point/), [governments](https://www.politico.eu/article/germany-eu-damage-control-encryption-abuse-online/), and [European institutions](https://edri.org/our-work/the-csa-regulation-how-did-it-reach-this-point/).\n\n[A similar debate](https://www.theregister.com/2023/04/18/wrong_time_to_weaken_encryption/) surrounds the draft for the UK Online Safety Bill, which is opposed by many advocacy organizations and service providers alike. WhatsApp even [**threatened to leave the UK market**](https://www.theverge.com/2023/3/10/23633601/uk-online-safety-bill-encryption-whatsapp-leave) should the draft become law.\n\n## Two more US privacy laws\n\nOn May 8, **the State of Florida passed a** [**new privacy bill**](https://www.mediapost.com/publications/article/385144/florida-lawmakers-pass-privacy-bill-with-limited-o.html). A [data privacy bill](https://www.bakerbotts.com/thought-leadership/publications/2023/may/texas-may-soon-have-one-of-the-strongest-data-privacy-laws-in-the-us) was also adopted by the **Texas** legislator and is expected to become law on the weekend.\n\nBoth laws focus on businesses and data subject rights and contain exemptions for small businesses. Notably, this exemption is very broad under the Florida bill as opposed to the Texas draft.\n\n**The US does not have a general federal privacy law**. The only federal data protection rules are found in sectorial legislation such as HIPAA and COPPA. Negotiations over a federal privacy law (the ADPPA) have slowed down to a crawl, and in the meantime, more and more States are **adopting privacy bills of their own**.\n\n## [Ana Talus voted EDPB chair](https://edpb.europa.eu/news/news/2023/anu-talus-elected-new-chair-european-data-protection-board_en)\n\nOn May 25 **Ana Talus**, head of the Finnish data protection authority, became **the new Chair of the European Data Protection Board**. Cypriot **Irene Loizidou Nikolaidou** will serve as Deputy Chair.\n\nThe EDPB has played a **pivotal role** in the enforcement and interpretation of the GDPR so far. Guidance documents by the Board have deeply impacted the interpretation of the GDPR and of other sources of EU data protection law. And recently, the Board itself has been directly involved in several high-profile decisions involving Meta Ireland.\n\nThe former and first EDPB Chair was Andrea Jelinek, head of the Austrian data protection authority.\n\n## Twitter cannot quit the DSA\n\nIn a rather confusing move, [Twitter quit the EU Code of Practice on Disinformation](https://www.barrons.com/news/twitter-chose-confrontation-on-eu-disinformation-code-51a5dc9e) on May 26, months before the content moderation obligations rules of the **Digital Services Act** will enter into force.\n\nThe move prompted snarky remarks from European Commissioners [Thierry Breton](http://politico.eu/article/eu-commissioner-thierry-breton-twitter-elon-musk-cant-hide-after-platform-ditches-disinformation-code/) and [Vera Jourova](https://www.barrons.com/news/twitter-chose-confrontation-on-eu-disinformation-code-51a5dc9e). Considering that the Commission itself enforces the DSA, this is probably not the best start.\n\nCompliance with the DSA will not be easy for online platforms, and considering the unpredictable and capricious management style of its new ownership, we expect Twitter to struggle more than others.\n",{"data":45},null,607,"Privacy Monthly: June 2023","Eventful May: Meta's €1.2B fine, Linkedin's GDPR woes, Big Tech & US abortion data, EU-US data transfer disputes, and Ana Talus as EDPB Chair.","privacy-monthly-june-2023","2023-06-09T15:17:26.216Z","2023-08-15T11:53:07.830Z",{"en":53,"de":54,"fr":56,"it":58,"es":60,"nl":62},{"slug":49},{"slug":55},"datenschutz-monatlich-juni-2023",{"slug":57},"mensuel-de-la-vie-privee-juin-2023",{"slug":59},"il-mensile-della-privacy-giugno-2023",{"slug":61},"privacidad-mensual-junio-2023",{"slug":63},"privacy-maandelijks-juni-2023"]