Privacy Monthly: September 2023

Image of Carlo Cilento

Published on Sep 8, 2023 by Carlo Cilento

Finland cracks down on EU-Russia data transfers, India passes data protection bill, Meta to offer paid subscriptions, and more!

  1. India passes data protection bill
  2. Finland and Norway halt data transfers for Russian taxi service
  3. Meta to offer paid, ad-free subscriptions
  4. Oslo court upholds suspension for Meta’s behavioral advertising
  5. DSA enforcement begins for the big fish
  6. HHS investigates tracking on healthcare websites
  7. Your car is spying on you
Logo of MichelinMichelin chose Simple AnalyticsJoin them

India passes data protection bill

After complex political negotiations, India published its long anticipated Digital Personal Data Protection Act. An overview of the law can be found on the website of India’s Ministry of Electronics and Information Technology.

The Act will surely draw the attention of privacy professionals worldwide, as India plays an important role in the digital economy.

Finland and Norway halt data transfers for Russian taxi service

The data protection authorities of Finland and Norway suspended data transfers for Russian taxi service Yango because of a new Russian law that allows the government to access passenger data.

It will be interesting to see whether the authorities will seek confirmation for their urgency decision from the European Data Protection Board. The situation is worth watching closely: if the Russian Federation passes other similar laws in the future, EU-Russia data transfers might very well become a broader problem.

Meta to offer paid, ad-free subscriptions

According to the New York Times, Metamay soon offer paid, ad-free subscription for Instagram and Facebook as an alternative to the current free, ad-powered model.

After the company’s current compliance strategy was shot down by EU regulators (as we explained on our blog), Meta announced its intention to provide targeted advertising based on user consent. Offering a paid, ad-free option could contribute to this strategy by helping Meta meet the high bar set by the GDPR for free and valid consent.

Oslo court upholds suspension for Meta’s behavioral advertising

In related news, the Oslo District Court upheld the Norwegian data protection authority's temporary ban on Meta’s behavioral advertising.

The authority urgently suspended Meta’s target advertising after the EU Court of Justice ruled it to be illegal. As a result of the Court of Justice’s ruling, Meta is now working on a new compliance policy based on user consent.

Because of the District Court’s decision, the company must either stop providing behavioral ads for Norway until it updates its privacy policy, or pay a daily fine of NORK 1M (a little less than €90.000).

DSA enforcement begins for the big fish

The Digital Services Act became enforceable on August 25 with regards to “very large online platforms” and “very large online search engines”- in other words, big fish such as Facebook, Youtube, and Google Search.

The DSA includes new rules on content moderation, transparency, and risk management. The Act also bans behavioral advertising based on sensitive data (such as health data or data relative to a user’s sexual orientation), and any behavioral advertising targeting minors.

The Act includes rules for smaller websites and platforms as well. Enforcement for these rules will start February 24 2024, giving companies some more time to prepare.

HHS investigates tracking on healthcare websites

The US Department of Health and Human Services warned 130 hospitals that the use of tracking technologies on their websites may result in large-scale HIPAA violations.

As the HHS itself explains in its recent guidance, the use of cookies and other tracking technologies on the websites of healthcare providers may lead to a violation of the HIPAA (Health Insurance Portability and Accountability Act) because such technologies can collect protected health information.

We are not surprised that the HHS is looking into trackers, as the confidentiality and proper handling of health information is more important than ever in the post-Dobbs privacy crisis.

Feel free to check out our blog on the HIPAA and web analytics if you are curious about the topic.

Your car is spying on you

A new study published by the Mozilla Foundation paints a drab picture of privacy practices across the automobile industry.

The study focused on 25 major car brands and found that all their vehicles collect excessive amounts of personal data, including sensitive data. To make things worse, most companies sell or share these data, and offer the customer little or no control over the information.

GA4 is complex. Try Simple Analytics

GA4 is like sitting in an airplane cockpit without a pilot license

Start 14-day trial