[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"blog-slug_blog_3_1":3,"blog-slug_blog_privacy-monthly-may-2024_1000_1":40},{"article":4,"articles":15,"meta":33,"languages":39},{"id":5,"title":6,"excerpt":7,"locale":8,"slug":9,"authorSlug":10,"automaticTranslated":11,"publishedAt":12,"updatedAt":13,"doFollowLinks":11,"showIndex":11,"showCallToActions":11,"articleType":14},3060,"The EU wants to kill cookie banners","The EU wants to end annoying cookie pop-ups by letting users set their consent once in their browser. If passed, websites will have to respect those choices.","en","the-eu-wants-to-kill-cookie-banners-by-moving-consent-to-your-browser","iron-brands",false,"2025-11-20T05:40:14.356Z","2025-11-20T06:13:15.812Z","blog",[4,16,26],{"id":17,"title":18,"excerpt":19,"locale":8,"slug":20,"authorSlug":10,"automaticTranslated":11,"publishedAt":21,"updatedAt":22,"ctaTitle":23,"ctaDescription":24,"doFollowLinks":11,"showIndex":25,"showCallToActions":11,"articleType":14},3019,"Google is tracking you (even when you use DuckDuckGo)","Google tracks users even on DuckDuckGo via Analytics and embeds. A new study shows how deep Google’s web tracking really goes.","google-is-tracking-you-even-when-you-use-duck-duck-go","2025-07-14T08:56:41.709Z","2025-07-14T11:26:01.386Z","If you care about privacy, you don't use Google Analytics","Ditch the tracking, keep the insights. Try Simple Analytics.",true,{"id":27,"title":28,"excerpt":29,"locale":8,"slug":30,"authorSlug":10,"automaticTranslated":11,"publishedAt":31,"updatedAt":32,"doFollowLinks":11,"showIndex":11,"showCallToActions":11,"articleType":14},3018," German court rules Meta’s tracking tech violates GDPR","German court rules Meta’s tracking tech violates GDPR, allowing lawsuits without proof of harm. Big risks ahead for sites using Meta pixels.","german-court-rules-meta-s-tracking-tech-violates-gdpr","2025-07-10T08:20:51.111Z","2025-07-10T12:16:26.327Z",{"pagination":34},{"page":35,"pageSize":36,"pageCount":37,"total":38},1,3,362,1084,{},{"article":41},{"contentHtml":42,"content":43,"inlineMedia":44,"id":46,"title":47,"excerpt":48,"locale":8,"slug":49,"authorSlug":50,"automaticTranslated":11,"publishedAt":51,"updatedAt":52,"doFollowLinks":11,"showIndex":25,"showCallToActions":25,"articleType":14,"languages":53},"\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2486\">Saying that April was a hot month, might very well be an understatement. There is \u003Cem>plenty\u003C/em> of news from US Congress, including unprecedented legislation against Tiktok and a new, bipartisan privacy bill. Meanwhile, Apple caved in to regulatory pressure in China and the EDPB took a stance against Meta in a key, high-profile legal battle.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2486\">There’s \u003Cem>a lot\u003C/em> to discuss, so let’s dive in!\u003C/ContentEditable>\n\u003Col class=\"counters\">\u003Cli>\u003CNuxtLink to=\"#us-congress-discusses-federal-privacy-bill-bans-tiktok\">US Congress discusses federal privacy bill, bans TikTok\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#more-from-congress-fisa-702-reauthorized-4th-amendment-not-for-sale-act\">More from Congress: FISA 702 reauthorized, 4th Amendment Not For Sale Act\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#personal-data-not-a-commodity-says-edpb\">Personal data not a commodity, says EDPB\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#apple-removes-encrypted-services-from-chinese-app-store\">Apple removes encrypted services from Chinese App Store\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#mass-us-data-leakage\">Mass US data leakage\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#bytedance-suspends-tiktok-rewards-program-in-europe\">ByteDance suspends TikTok Rewards program in Europe\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#us-government-tightens-hipaa-rules-for-reproductive-health-data\">US government tightens HIPAA rules for reproductive health data\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#google-delays-cookie-deprecation-again\">Google delays cookie deprecation-again.\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#grindr-faces-lawsuit-over-hiv-data\">Grindr faces lawsuit over HIV data\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#google-pays-62m-settlement-over-location-data\">Google pays $62M settlement over location data\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#ai-keeps-raising-privacy-issues\">AI keeps raising privacy issues\u003C/NuxtLink>\u003C/li>\u003C/ol>\u003CCtaTwo />\u003CContentEditable  id=\"us-congress-discusses-federal-privacy-bill-bans-tiktok\" parent=\"\" tag=\"h2\" :articleId=\"2486\">US Congress discusses federal privacy bill, bans TikTok\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2486\">A \u003Cstrong>bicameral federal privacy bill\u003C/strong> was unexpectedly \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://energycommerce.house.gov/posts/committee-chairs-rodgers-cantwell-unveil-historic-draft-comprehensive-data-privacy-legislation?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">proposed in Congress\u003C/a>. The bill, named \u003Cstrong>American Privacy Right Act\u003C/strong> (APRA), includes a comprehensive set of privacy protections, including data minimization and transparency requirements, new consumer rights, and a private right of action subject to certain limitations.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2486\">\u003Cstrong>State preemption\u003C/strong> is likely to be a thorny issue in future negotiations. Some States already afford strong privacy protections to their citizens and will not be happy to see federal law undermine them.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2486\">In the meantime, Congress finalized unprecedented legislation that forces Chinese giant ByteDance to \u003CNuxtLink to=\"https://www.nytimes.com/article/tiktok-ban.html\">\u003Cstrong>divest ownership in TikTok\u003C/strong>\u003C/NuxtLink> under threat of a \u003Cstrong>ban from the US market\u003C/strong>. According to \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.reuters.com/technology/bytedance-prefers-tiktok-shutdown-us-if-legal-options-fail-sources-say-2024-04-25/?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">Reuters\u003C/a>, ByteDance is ready to challenge the constitutionality of the law but would rather \u003Cstrong>leave the US market\u003C/strong> than divest ownership if push came to shove.\u003C/ContentEditable>\n\u003CContentEditable  id=\"more-from-congress-fisa-702-reauthorized-4th-amendment-not-for-sale-act\" parent=\"\" tag=\"h2\" :articleId=\"2486\">More from Congress: FISA 702 reauthorized, 4th Amendment Not For Sale Act\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2486\">In other news from the US Congress, FISA Section 702 was finally \u003CNuxtLink to=\"https://apnews.com/article/fisa-donald-trump-surveillance-congress-johnson-81e991c9f82e77b2fe13f8a3e0e25349\">\u003Cstrong>reauthorized for two years\u003C/strong>\u003C/NuxtLink> in the nick of time.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2486\">FISA authorizes surveillance over foreign citizens but has been abused in the past in order to monitor Americans’ communication without a warrant. Privacy and civil rights advocates have long criticized the weak safeguards surrounding the law and are \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.eff.org/deeplinks/2024/04/us-senate-and-biden-administration-shamefully-renew-and-expand-fisa-section-702-0?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">not happy\u003C/a> to see it extended without any amendment.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2486\">In happier news, the House passed the \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.congress.gov/bill/118th-congress/house-bill/4639?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">4t Amendment Is Not For Sale Act\u003C/a>, a bill that prohibits law enforcement and intelligence agencies from buying personal information from data brokers with no warrants of safeguards (\u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.dni.gov/files/ODNI/documents/assessments/ODNI-Declassified-Report-on-CAI-January2022.pdf?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">which they do all the time\u003C/a>). We hope to see this become law.\u003C/ContentEditable>\n\u003CContentEditable  id=\"personal-data-not-a-commodity-says-edpb\" parent=\"\" tag=\"h2\" :articleId=\"2486\">\u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.edpb.europa.eu/news/news/2024/edpb-consent-or-pay-models-should-offer-real-choice_en?utm_source=simpleanalytics.com#:~:text=As%20regards%20'consent%20or%20pay,personal%20data%20for%20behavioural%20advertising\" target=\"_blank\" rel=\"noopener nofollow\">Personal data not a commodity, says EDPB\u003C/a>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2486\">In its highly anticipated Opinion on pay-or-ok, the EDPB clarified that \u003Cstrong>personal data are not a commodity\u003C/strong> and took a \u003Cstrong>clear stance against Meta’s data mining\u003C/strong>. In all likelihood, the Court of Justice will have the last word in Meta’s long GDPR compliance saga, but the EDPB’s Opinion is a very good sign nonetheless.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2486\">This is \u003Cstrong>a really big deal for privacy\u003C/strong> because many services monetize on user data in similar ways to Meta. Check out \u003CNuxtLink to=\"/blog/meta-loses-key-privacy-battle\"  >our blog\u003C/NuxtLink> to learn more about the EDPB’s Opinion, the story behind it, and its potential impact on the privacy of EU citizens.\u003C/ContentEditable>\n\u003CContentEditable  id=\"apple-removes-encrypted-services-from-chinese-app-store\" parent=\"\" tag=\"h2\" :articleId=\"2486\">\u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.wsj.com/tech/apple-removes-whatsapp-threads-from-china-app-store-on-government-orders-a0c02100?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">Apple removes encrypted services from Chinese App Store\u003C/a>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2486\">Apple \u003Cstrong>removed four apps from the Chinese version of the App Store\u003C/strong> upon an order of Chinese authorities. The list includes the Threads platform and three popular \u003Cstrong>end-to-end encrypted messaging apps\u003C/strong> (WhatsApp, Telegram, and Signal).\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2486\">This is not the first time the Chinese government orders Apple to make software unavailable: the company was already forced to \u003CNuxtLink to=\"https://www.reuters.com/article/idUSKBN1AE0BX/\">\u003Cstrong>remove a VPN app\u003C/strong>\u003C/NuxtLink> in 2017. It is superfluous to highlight the possible harms to users when privacy-preserving apps are removed from the closed iOS environment, especially in a country like China.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2486\">As an Apple spokesperson told the WSJ, the company must comply with the laws even if it dislikes them. Still, none of this would have happened if it simply allowed Chinese iOS users to \u003Cstrong>sideload apps\u003C/strong>, as EU users are able to do \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.theverge.com/2024/1/25/24050200/apple-third-party-app-stores-allowed-iphone-ios-europe-digital-markets-act?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">under the Digital Markets Act\u003C/a>. By choosing to retain complete control over the iOS environment in China, Apple is knowingly putting itself in a position where it can be \u003Cstrong>bullied by the government into harming its users\u003C/strong>.\u003C/ContentEditable>\n\u003CContentEditable  id=\"mass-us-data-leakage\" parent=\"\" tag=\"h2\" :articleId=\"2486\">\u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.wsj.com/business/telecom/fcc-fines-wireless-carriers-about-200-million-for-sharing-customer-data-5207df8d?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">Mass US data leakage\u003C/a>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2486\">The \u003Cstrong>Federal Communications Commission\u003C/strong> fined several US wireless carriers for non-consensually \u003Cstrong>disclosing customers’ location data to data brokers\u003C/strong>. The fines amount to a total of \u003Cstrong>$200M\u003C/strong> between Verizon, AT&amp;T, T-Mobile, and Sprint (now owned by T-Mobile).\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2486\">This is a data leakage of catastrophic proportions. The carriers sanctioned by the FCC are some of the largest on the US market, with Verizon alone accounting for almost 150 million customers.\u003C/ContentEditable>\n\u003CContentEditable  id=\"bytedance-suspends-tiktok-rewards-program-in-europe\" parent=\"\" tag=\"h2\" :articleId=\"2486\">ByteDance suspends TikTok Rewards program in Europe\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2486\">As if the TikTok ultimatum from Congress wasn’t enough, the EU Commission \u003CNuxtLink to=\"https://ec.europa.eu/commission/presscorner/detail/en/ip_24_2227\">announced an \u003Cstrong>investigation into TikTok Lite’s reward program\u003C/strong> for potential infringements of the Digital Services Act\u003C/NuxtLink>. The investigation prompted ByteDance to \u003CNuxtLink to=\"https://www.theguardian.com/technology/2024/apr/24/tiktok-reward-to-watch-feature-suspended-after-eu-threats-to-block-it\">\u003Cstrong>suspend the program\u003C/strong>\u003C/NuxtLink> on the EU market.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2486\">TikTok Lite’s “Task and Reward Program” rewards users for engaging with the platform and performing certain tasks such as liking content and inviting friends to join TikTok. The Commission notes that ByteDance failed to \u003Cstrong>properly assess the risks\u003C/strong> of Task and Reward, and suspects that the program could have \u003Cstrong>addictive effects\u003C/strong> and cause \u003Cstrong>mental health harms\u003C/strong> to the platform’s (mostly quite young) audience .\u003C/ContentEditable>\n\u003CContentEditable  id=\"us-government-tightens-hipaa-rules-for-reproductive-health-data\" parent=\"\" tag=\"h2\" :articleId=\"2486\">US government tightens HIPAA rules for reproductive health data\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2486\">The Department of Human Health and Services \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.hhs.gov/hipaa/for-professionals/special-topics/reproductive-health/index.html?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">issued new rules\u003C/a> to \u003Cstrong>restrict data disclosures under HIPAA\u003C/strong> in order to \u003Cstrong>protect women seeking reproductive health care in sanctuary States\u003C/strong>. Crucially, the new rule forbids disclosures for the purpose of investigating reproductive health care that was lawfully provided.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2486\">The confidentiality of reproductive health care data became a key human rights issue in 2022, when the \u003CNuxtLink to=\"https://www.simpleanalytics.com/blog/dobbs-v-jackson-ruling-is-a-privacy-mess\">\u003Cstrong>Dobbs v. Jackson\u003C/strong> ruling\u003C/NuxtLink> opened the floodgates to \u003Cstrong>anti-abortion legislation\u003C/strong> in conservative States. Strengthening the HIPAA is a step in the right direction, but enormous amounts of health data still fall outside the narrow scope of the law and can be used by law enforcement and other actors in ways that harm women and health care providers.\u003C/ContentEditable>\n\u003CContentEditable  id=\"google-delays-cookie-deprecation-again\" parent=\"\" tag=\"h2\" :articleId=\"2486\">Google delays cookie deprecation-again.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2486\">Google \u003CNuxtLink to=\"https://privacysandbox.com/news/update-on-the-plan-for-phase-out-of-third-party-cookies-on-chrome/\">delayed \u003Cstrong>the deprecation of third-party\u003C/strong> cookies\u003C/NuxtLink> once again. The announcement came days after the Washington Post reported on \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.wsj.com/tech/google-cookies-replacement-not-enough-to-protect-uk-consumer-privacy-580d1b16?page=1&utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">regulatory pushback against the Sandbox\u003C/a> due to privacy vulnerabilities.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2486\">To learn more about the news and the Privacy Sandbox, head over to \u003CNuxtLink to=\"/blog/google-delays-cookie-phase-out-once-again\"  >our blog\u003C/NuxtLink>.\u003C/ContentEditable>\n\u003CContentEditable  id=\"grindr-faces-lawsuit-over-hiv-data\" parent=\"\" tag=\"h2\" :articleId=\"2486\">\u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.theguardian.com/technology/2024/apr/22/lawsuit-in-london-to-allege-grindr-shared-users-hiv-status-with-ad-firms?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">Grindr faces lawsuit over HIV data\u003C/a>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2486\">Grindr will face a class action in the UK over the \u003Cstrong>non-consensual disclosure of sensitive data, including HIV data\u003C/strong>. The lawsuit involves hundreds of users and revolves around personal data disclosures between 2018 and 2020.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2486\">Grindr, a popular dating app catering to the queer audience, was already \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://gdprhub.eu/index.php?title=Datatilsynet_%28Norway%29_-_20%2F02136&utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">fined in Norway\u003C/a> for non-consensually sharing sensitive data with advertisers. According to \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.grindr.com/privacy-policy?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">Grindr’s own policy\u003C/a>, such disclosures are still taking place, albeit with the user’s consent (or, in all likelihood, under a \u003Cem>fiction\u003C/em> of consent, as is typically the case for dating apps).\u003C/ContentEditable>\n\u003CContentEditable  id=\"google-pays-62m-settlement-over-location-data\" parent=\"\" tag=\"h2\" :articleId=\"2486\">\u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.mediapost.com/publications/article/395413/judge-approves-google-62-million-location-privacy.html?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">Google pays $62M settlement over location data\u003C/a>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2486\">Stop me if you’ve heard this before, but Google signed a settlement over location data.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2486\">You know the story by now: Google likes “giving user control” over their data by tying location data collection to multiple, unclear settings found in all sorts of different places on Android devices. This may or may not be done to \u003Cstrong>preventing users from entirely turning off location data collection\u003C/strong>. Google&#39;s settings are so intentionally obtuse, that \u003CNuxtLink to=\"https://twitter.com/jason_kint/status/1398359265807581189\">even \u003Cem>a Google engineer\u003C/em> was not able to disable tracking\u003C/NuxtLink>.\u003C/ContentEditable>\n\u003CContentEditable  id=\"ai-keeps-raising-privacy-issues\" parent=\"\" tag=\"h2\" :articleId=\"2486\">AI keeps raising privacy issues\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2486\">A recent report from \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.nytimes.com/2024/04/06/technology/tech-giants-harvest-data-artificial-intelligence.html?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">the New York Times\u003C/a> describes how OpenAI, Google, and Meta \u003Cstrong>plunder the Internet for training data\u003C/strong> to develop their cutting-edge AIs. As they race each other to build bigger and more powerful models, these giants scrape data comes from all sorts of sources, including Facebook and Youtube content.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2486\">The NYT has \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.nytimes.com/2023/12/27/business/media/new-york-times-open-ai-microsoft-lawsuit.html?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">an axe to grind\u003C/a> with OpenAI but still raises some fair points. Big Tech’s scraping of the Web skirts company policies, exploits gaps in copyright law, and raises severe privacy concerns which are yet to be addressed. Similar privacy concerns were raised by the Italian privacy watchdog in its \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.euronews.com/next/2024/01/29/italys-privacy-watchdog-warns-openai-that-chatgpt-breaches-europes-privacy-laws?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">pending investigation on Open AI\u003C/a> and in a \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.reuters.com/technology/italys-data-watchdog-looks-into-open-ai-tool-that-turns-text-into-video-2024-03-08/?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">parallel investigation on Sora\u003C/a>, OpenAI’s text-to-video tool.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2486\">In the meantime, privacy advocate noyb \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://noyb.eu/en/chatgpt-provides-false-information-about-people-and-openai-cant-correct-it?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">filed a complaint against OpenAI\u003C/a> after it failed to correct false personal information provided by ChatGPT. The complaint raises a thorny issue: under the GDPR, OpenAI has a duty to ensure that personal data are accurate, which entails ensuring that ChatGPT’s output is accurate. \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.nytimes.com/2023/11/06/technology/chatbots-hallucination-rates.html?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">Good luck with that\u003C/a>.\u003C/ContentEditable>\n","Saying that April was a hot month, might very well be an understatement. There is _plenty_ of news from US Congress, including unprecedented legislation against Tiktok and a new, bipartisan privacy bill. Meanwhile, Apple caved in to regulatory pressure in China and the EDPB took a stance against Meta in a key, high-profile legal battle.\n\nThere’s _a lot_ to discuss, so let’s dive in!\n## US Congress discusses federal privacy bill, bans TikTok\nA **bicameral federal privacy bill** was unexpectedly [proposed in Congress](https://energycommerce.house.gov/posts/committee-chairs-rodgers-cantwell-unveil-historic-draft-comprehensive-data-privacy-legislation). The bill, named **American Privacy Right Act** (APRA), includes a comprehensive set of privacy protections, including data minimization and transparency requirements, new consumer rights, and a private right of action subject to certain limitations.\n\n**State preemption** is likely to be a thorny issue in future negotiations. Some States already afford strong privacy protections to their citizens and will not be happy to see federal law undermine them.\n\nIn the meantime, Congress finalized unprecedented legislation that forces Chinese giant ByteDance to [**divest ownership in TikTok**](https://www.nytimes.com/article/tiktok-ban.html) under threat of a **ban from the US market**. According to [Reuters](https://www.reuters.com/technology/bytedance-prefers-tiktok-shutdown-us-if-legal-options-fail-sources-say-2024-04-25/), ByteDance is ready to challenge the constitutionality of the law but would rather **leave the US market** than divest ownership if push came to shove.\n## More from Congress: FISA 702 reauthorized, 4th Amendment Not For Sale Act\nIn other news from the US Congress, FISA Section 702 was finally [**reauthorized for two years**](https://apnews.com/article/fisa-donald-trump-surveillance-congress-johnson-81e991c9f82e77b2fe13f8a3e0e25349) in the nick of time.\n\nFISA authorizes surveillance over foreign citizens but has been abused in the past in order to monitor Americans’ communication without a warrant. Privacy and civil rights advocates have long criticized the weak safeguards surrounding the law and are [not happy](https://www.eff.org/deeplinks/2024/04/us-senate-and-biden-administration-shamefully-renew-and-expand-fisa-section-702-0) to see it extended without any amendment.\n\nIn happier news, the House passed the [4t Amendment Is Not For Sale Act](https://www.congress.gov/bill/118th-congress/house-bill/4639), a bill that prohibits law enforcement and intelligence agencies from buying personal information from data brokers with no warrants of safeguards ([which they do all the time](https://www.dni.gov/files/ODNI/documents/assessments/ODNI-Declassified-Report-on-CAI-January2022.pdf)). We hope to see this become law.\n## [Personal data not a commodity, says EDPB](https://www.edpb.europa.eu/news/news/2024/edpb-consent-or-pay-models-should-offer-real-choice_en#:~:text=As%20regards%20'consent%20or%20pay,personal%20data%20for%20behavioural%20advertising)\nIn its highly anticipated Opinion on pay-or-ok, the EDPB clarified that **personal data are not a commodity** and took a **clear stance against Meta’s data mining**. In all likelihood, the Court of Justice will have the last word in Meta’s long GDPR compliance saga, but the EDPB’s Opinion is a very good sign nonetheless.\n\nThis is **a really big deal for privacy** because many services monetize on user data in similar ways to Meta. Check out [our blog](https://www.simpleanalytics.com/blog/meta-loses-key-privacy-battle) to learn more about the EDPB’s Opinion, the story behind it, and its potential impact on the privacy of EU citizens.\n## [Apple removes encrypted services from Chinese App Store](https://www.wsj.com/tech/apple-removes-whatsapp-threads-from-china-app-store-on-government-orders-a0c02100)\nApple **removed four apps from the Chinese version of the App Store** upon an order of Chinese authorities. The list includes the Threads platform and three popular **end-to-end encrypted messaging apps** (WhatsApp, Telegram, and Signal).\n\nThis is not the first time the Chinese government orders Apple to make software unavailable: the company was already forced to [**remove a VPN app**](https://www.reuters.com/article/idUSKBN1AE0BX/) in 2017. It is superfluous to highlight the possible harms to users when privacy-preserving apps are removed from the closed iOS environment, especially in a country like China.\n\nAs an Apple spokesperson told the WSJ, the company must comply with the laws even if it dislikes them. Still, none of this would have happened if it simply allowed Chinese iOS users to **sideload apps**, as EU users are able to do [under the Digital Markets Act](https://www.theverge.com/2024/1/25/24050200/apple-third-party-app-stores-allowed-iphone-ios-europe-digital-markets-act). By choosing to retain complete control over the iOS environment in China, Apple is knowingly putting itself in a position where it can be **bullied by the government into harming its users**.\n## [Mass US data leakage](https://www.wsj.com/business/telecom/fcc-fines-wireless-carriers-about-200-million-for-sharing-customer-data-5207df8d)\nThe **Federal Communications Commission** fined several US wireless carriers for non-consensually **disclosing customers’ location data to data brokers**. The fines amount to a total of **$200M** between Verizon, AT&T, T-Mobile, and Sprint (now owned by T-Mobile).\n\nThis is a data leakage of catastrophic proportions. The carriers sanctioned by the FCC are some of the largest on the US market, with Verizon alone accounting for almost 150 million customers.\n## ByteDance suspends TikTok Rewards program in Europe\nAs if the TikTok ultimatum from Congress wasn’t enough, the EU Commission [announced an **investigation into TikTok Lite’s reward program** for potential infringements of the Digital Services Act](https://ec.europa.eu/commission/presscorner/detail/en/ip_24_2227). The investigation prompted ByteDance to [**suspend the program**](https://www.theguardian.com/technology/2024/apr/24/tiktok-reward-to-watch-feature-suspended-after-eu-threats-to-block-it) on the EU market.\n\nTikTok Lite’s “Task and Reward Program” rewards users for engaging with the platform and performing certain tasks such as liking content and inviting friends to join TikTok. The Commission notes that ByteDance failed to **properly assess the risks** of Task and Reward, and suspects that the program could have **addictive effects** and cause **mental health harms** to the platform’s (mostly quite young) audience .\n## US government tightens HIPAA rules for reproductive health data\nThe Department of Human Health and Services [issued new rules](https://www.hhs.gov/hipaa/for-professionals/special-topics/reproductive-health/index.html) to **restrict data disclosures under HIPAA** in order to **protect women seeking reproductive health care in sanctuary States**. Crucially, the new rule forbids disclosures for the purpose of investigating reproductive health care that was lawfully provided.\n\nThe confidentiality of reproductive health care data became a key human rights issue in 2022, when the [**Dobbs v. Jackson** ruling](https://www.simpleanalytics.com/blog/dobbs-v-jackson-ruling-is-a-privacy-mess) opened the floodgates to **anti-abortion legislation** in conservative States. Strengthening the HIPAA is a step in the right direction, but enormous amounts of health data still fall outside the narrow scope of the law and can be used by law enforcement and other actors in ways that harm women and health care providers.\n## Google delays cookie deprecation-again.\nGoogle [delayed **the deprecation of third-party** cookies](https://privacysandbox.com/news/update-on-the-plan-for-phase-out-of-third-party-cookies-on-chrome/) once again. The announcement came days after the Washington Post reported on [regulatory pushback against the Sandbox](https://www.wsj.com/tech/google-cookies-replacement-not-enough-to-protect-uk-consumer-privacy-580d1b16?page=1) due to privacy vulnerabilities.\n\nTo learn more about the news and the Privacy Sandbox, head over to [our blog](https://www.simpleanalytics.com/blog/google-delays-cookie-phase-out-once-again).\n## [Grindr faces lawsuit over HIV data](https://www.theguardian.com/technology/2024/apr/22/lawsuit-in-london-to-allege-grindr-shared-users-hiv-status-with-ad-firms)\nGrindr will face a class action in the UK over the **non-consensual disclosure of sensitive data, including HIV data**. The lawsuit involves hundreds of users and revolves around personal data disclosures between 2018 and 2020.\n\nGrindr, a popular dating app catering to the queer audience, was already [fined in Norway](https://gdprhub.eu/index.php?title=Datatilsynet_(Norway)_-_20/02136) for non-consensually sharing sensitive data with advertisers. According to [Grindr’s own policy](https://www.grindr.com/privacy-policy), such disclosures are still taking place, albeit with the user’s consent (or, in all likelihood, under a _fiction_ of consent, as is typically the case for dating apps).\n## [Google pays $62M settlement over location data](https://www.mediapost.com/publications/article/395413/judge-approves-google-62-million-location-privacy.html )\nStop me if you’ve heard this before, but Google signed a settlement over location data.\n\nYou know the story by now: Google likes “giving user control” over their data by tying location data collection to multiple, unclear settings found in all sorts of different places on Android devices. This may or may not be done to **preventing users from entirely turning off location data collection**. Google's settings are so intentionally obtuse, that [even _a Google engineer_ was not able to disable tracking](https://twitter.com/jason_kint/status/1398359265807581189).\n## AI keeps raising privacy issues\nA recent report from [the New York Times](https://www.nytimes.com/2024/04/06/technology/tech-giants-harvest-data-artificial-intelligence.html) describes how OpenAI, Google, and Meta **plunder the Internet for training data** to develop their cutting-edge AIs. As they race each other to build bigger and more powerful models, these giants scrape data comes from all sorts of sources, including Facebook and Youtube content.\n\nThe NYT has [an axe to grind](https://www.nytimes.com/2023/12/27/business/media/new-york-times-open-ai-microsoft-lawsuit.html) with OpenAI but still raises some fair points. Big Tech’s scraping of the Web skirts company policies, exploits gaps in copyright law, and raises severe privacy concerns which are yet to be addressed. Similar privacy concerns were raised by the Italian privacy watchdog in its [pending investigation on Open AI](https://www.euronews.com/next/2024/01/29/italys-privacy-watchdog-warns-openai-that-chatgpt-breaches-europes-privacy-laws) and in a [parallel investigation on Sora](https://www.reuters.com/technology/italys-data-watchdog-looks-into-open-ai-tool-that-turns-text-into-video-2024-03-08/), OpenAI’s text-to-video tool.\n\nIn the meantime, privacy advocate noyb [filed a complaint against OpenAI](https://noyb.eu/en/chatgpt-provides-false-information-about-people-and-openai-cant-correct-it) after it failed to correct false personal information provided by ChatGPT. The complaint raises a thorny issue: under the GDPR, OpenAI has a duty to ensure that personal data are accurate, which entails ensuring that ChatGPT’s output is accurate. [Good luck with that](https://www.nytimes.com/2023/11/06/technology/chatbots-hallucination-rates.html).\n\n\n",{"data":45},null,2486,"Privacy Monthly May","US Congress unveils privacy bill and bans TikTok, EDPB takes a stance against Meta, Apple pulls encrypted messagin apps from Chinese marketplace, and more","privacy-monthly-may-2024","carlo-cilento","2024-05-01T17:27:48.771Z","2025-02-13T12:34:14.262Z",{"en":54,"de":55,"fr":57,"it":59,"es":61,"nl":63},{"slug":49},{"slug":56},"datenschutz-monatlich-mai-de",{"slug":58},"vie-privee-mensuel-mai",{"slug":60},"privacy-mensile-maggio",{"slug":62},"privacidad-mensual-mayo-es",{"slug":64},"privacy-maand-mei"]