[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"blog-slug_blog_3_1":3,"blog-slug_blog_privacy-monthly-september-2023_1000_1":40},{"article":4,"articles":15,"meta":33,"languages":39},{"id":5,"title":6,"excerpt":7,"locale":8,"slug":9,"authorSlug":10,"automaticTranslated":11,"publishedAt":12,"updatedAt":13,"doFollowLinks":11,"showIndex":11,"showCallToActions":11,"articleType":14},3060,"The EU wants to kill cookie banners","The EU wants to end annoying cookie pop-ups by letting users set their consent once in their browser. If passed, websites will have to respect those choices.","en","the-eu-wants-to-kill-cookie-banners-by-moving-consent-to-your-browser","iron-brands",false,"2025-11-20T05:40:14.356Z","2025-11-20T06:13:15.812Z","blog",[4,16,26],{"id":17,"title":18,"excerpt":19,"locale":8,"slug":20,"authorSlug":10,"automaticTranslated":11,"publishedAt":21,"updatedAt":22,"ctaTitle":23,"ctaDescription":24,"doFollowLinks":11,"showIndex":25,"showCallToActions":11,"articleType":14},3019,"Google is tracking you (even when you use DuckDuckGo)","Google tracks users even on DuckDuckGo via Analytics and embeds. A new study shows how deep Google’s web tracking really goes.","google-is-tracking-you-even-when-you-use-duck-duck-go","2025-07-14T08:56:41.709Z","2025-07-14T11:26:01.386Z","If you care about privacy, you don't use Google Analytics","Ditch the tracking, keep the insights. Try Simple Analytics.",true,{"id":27,"title":28,"excerpt":29,"locale":8,"slug":30,"authorSlug":10,"automaticTranslated":11,"publishedAt":31,"updatedAt":32,"doFollowLinks":11,"showIndex":11,"showCallToActions":11,"articleType":14},3018," German court rules Meta’s tracking tech violates GDPR","German court rules Meta’s tracking tech violates GDPR, allowing lawsuits without proof of harm. Big risks ahead for sites using Meta pixels.","german-court-rules-meta-s-tracking-tech-violates-gdpr","2025-07-10T08:20:51.111Z","2025-07-10T12:16:26.327Z",{"pagination":34},{"page":35,"pageSize":36,"pageCount":37,"total":38},1,3,362,1084,{},{"article":41},{"contentHtml":42,"content":43,"inlineMedia":44,"id":46,"title":47,"excerpt":48,"locale":8,"slug":49,"authorSlug":50,"automaticTranslated":11,"publishedAt":51,"updatedAt":52,"doFollowLinks":11,"showIndex":25,"showCallToActions":25,"articleType":14,"languages":53},"\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"1743\">Finland cracks down on EU-Russia data transfers, India passes data protection bill, Meta to offer paid subscriptions, and more!\u003C/ContentEditable>\n\u003Col class=\"counters\">\u003Cli>\u003CNuxtLink to=\"#india-passes-data-protection-bill\">India passes data protection bill\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#finland-and-norway-halt-data-transfers-for-russian-taxi-service\">Finland and Norway halt data transfers for Russian taxi service\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#meta-to-offer-paid-ad-free-subscriptions\">Meta to offer paid, ad-free subscriptions\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#oslo-court-upholds-suspension-for-metas-behavioral-advertising\">Oslo court upholds suspension for Meta’s behavioral advertising\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#dsa-enforcement-begins-for-the-big-fish\">DSA enforcement begins for the big fish\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#hhs-investigates-tracking-on-healthcare-websites\">HHS investigates tracking on healthcare websites\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#your-car-is-spying-on-you\">Your car is spying on you\u003C/NuxtLink>\u003C/li>\u003C/ol>\u003CCtaTwo />\u003CContentEditable  id=\"india-passes-data-protection-bill\" parent=\"\" tag=\"h2\" :articleId=\"1743\">\u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.straitstimes.com/asia/south-asia/india-s-personal-data-protection-law-welcomed-but-concerns-raised-over-state-surveillance?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">India passes data protection bill\u003C/a>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"1743\">After complex political negotiations, India published its long anticipated \u003Cstrong>Digital Personal Data Protection Act\u003C/strong>. An overview of the law can be found on the \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://pib.gov.in/PressReleasePage.aspx?PRID=1947264&utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">website\u003C/a> of India’s Ministry of Electronics and Information Technology.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"1743\">The Act will surely draw the attention of privacy professionals worldwide, as India plays an important role in the digital economy.\u003C/ContentEditable>\n\u003CContentEditable  id=\"finland-and-norway-halt-data-transfers-for-russian-taxi-service\" parent=\"\" tag=\"h2\" :articleId=\"1743\">\u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://iapp.org/news/a/finland-norway-ban-taxi-customer-data-transfers-to-russia-in-response-to-new-law/?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">Finland and Norway halt data transfers for Russian taxi service\u003C/a>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"1743\">The data protection authorities of \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://tietosuoja.fi/en/-/finnish-dpa-bans-yango-taxi-service-transfers-of-personal-data-from-finland-to-russia-temporarily?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">Finland\u003C/a> and \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.datatilsynet.no/contentassets/229ffa763e7349dfbd00e16ca2772578/_-23_03080-1-yango-letter_final-419435_2_1.pdf?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">Norway\u003C/a> \u003Cstrong>suspended data transfers for Russian taxi service Yango\u003C/strong> because of a new Russian law that allows the government to \u003Cstrong>access passenger data\u003C/strong>.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"1743\">It will be interesting to see whether the authorities will seek confirmation for their urgency decision from the European Data Protection Board. The situation is worth watching closely: if the Russian Federation passes other similar laws in the future, EU-Russia data transfers might very well become a broader problem.\u003C/ContentEditable>\n\u003CContentEditable  id=\"meta-to-offer-paid-ad-free-subscriptions\" parent=\"\" tag=\"h2\" :articleId=\"1743\">Meta to offer paid, ad-free subscriptions\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"1743\">According to the \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.nytimes.com/2023/09/01/technology/meta-instagram-facebook-ads-europe.html?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">New York Times\u003C/a>, Metamay soon offer paid, \u003Cstrong>ad-free subscription for Instagram and Facebook\u003C/strong> as an alternative to the current free, ad-powered model.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"1743\">After the company’s current compliance strategy was \u003Cstrong>shot down by EU regulators\u003C/strong> (as we explained \u003CNuxtLink to=\"/blog/why-meta-is-in-a-world-of-trouble\"  >on our blog\u003C/NuxtLink>), Meta announced its intention to provide targeted advertising based on \u003Cstrong>user consent\u003C/strong>. Offering a paid, ad-free option could contribute to this strategy by helping Meta meet the high bar set by the GDPR for free and valid consent.\u003C/ContentEditable>\n\u003CContentEditable  id=\"oslo-court-upholds-suspension-for-metas-behavioral-advertising\" parent=\"\" tag=\"h2\" :articleId=\"1743\">Oslo court upholds suspension for Meta’s behavioral advertising\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"1743\">In related news, the Oslo District Court upheld the Norwegian data protection authority&#39;s \u003Cstrong>temporary ban on Meta’s behavioral advertising\u003C/strong>.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"1743\">The authority urgently suspended Meta’s target advertising after the EU Court of Justice ruled it to be illegal. As a result of the Court of Justice’s ruling, Meta is now working on a new compliance policy based on user consent.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"1743\">Because of the District Court’s decision, the company must either stop providing behavioral ads for Norway until it updates its privacy policy, or pay a daily fine of NORK 1M (a little less than €90.000).\u003C/ContentEditable>\n\u003CContentEditable  id=\"dsa-enforcement-begins-for-the-big-fish\" parent=\"\" tag=\"h2\" :articleId=\"1743\">DSA enforcement begins for the big fish\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"1743\">\u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.euractiv.com/section/law-enforcement/news/eu-digital-services-act-challenges-remain-as-enforcement-begins/?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">The Digital Services Act became enforceable on August 25\u003C/a> with regards to “very large online platforms” and “very large online search engines”- in other words, \u003Cstrong>big fish\u003C/strong> such as Facebook, Youtube, and Google Search.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"1743\">The DSA includes new rules on content moderation, transparency, and risk management. The Act also bans behavioral advertising based on sensitive data (such as health data or data relative to a user’s sexual orientation), and any behavioral advertising targeting minors.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"1743\">The Act includes rules for smaller websites and platforms as well. Enforcement for these rules will start February 24 2024, giving companies some more time to prepare.\u003C/ContentEditable>\n\u003CContentEditable  id=\"hhs-investigates-tracking-on-healthcare-websites\" parent=\"\" tag=\"h2\" :articleId=\"1743\">HHS investigates tracking on healthcare websites\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"1743\">The US Department of Health and Human Services \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.hhs.gov/sites/default/files/use-online-tracking-technologies.pdf?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">warned 130 hospitals\u003C/a> that the use of tracking technologies on their websites may result in \u003Cstrong>large-scale HIPAA violations\u003C/strong>.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"1743\">As the HHS itself explains in its recent guidance, the use of cookies and other tracking technologies on the websites of healthcare providers may lead to a violation of the HIPAA (Health Insurance Portability and Accountability Act) because such technologies can collect protected health information. \u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"1743\">We are not surprised that the HHS is looking into trackers, as the confidentiality and proper handling of health information is more important than ever in the \u003CNuxtLink to=\"/blog/dobbs-v-jackson-ruling-is-a-privacy-mess\"  >post-Dobbs privacy crisis\u003C/NuxtLink>.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"1743\">Feel free to check out \u003CNuxtLink to=\"/blog/hipaa-compliant-website-analytics\"  >our blog on the HIPAA and web analytics\u003C/NuxtLink> if you are curious about the topic.\u003C/ContentEditable>\n\u003CContentEditable  id=\"your-car-is-spying-on-you\" parent=\"\" tag=\"h2\" :articleId=\"1743\">Your car is spying on you\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"1743\">\u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">A new study\u003C/a> published by the Mozilla Foundation paints a drab picture of privacy practices across the automobile industry.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"1743\">The study focused on 25 major car brands and found that all their vehicles \u003Cstrong>collect excessive amounts of personal data\u003C/strong>, including sensitive data.  To make things worse, most companies sell or share these data, and offer the customer little or no control over the information.\u003C/ContentEditable>\n","Finland cracks down on EU-Russia data transfers, India passes data protection bill, Meta to offer paid subscriptions, and more!\n\n## [India passes data protection bill](https://www.straitstimes.com/asia/south-asia/india-s-personal-data-protection-law-welcomed-but-concerns-raised-over-state-surveillance)\n\nAfter complex political negotiations, India published its long anticipated **Digital Personal Data Protection Act**. An overview of the law can be found on the [website](https://pib.gov.in/PressReleasePage.aspx?PRID=1947264) of India’s Ministry of Electronics and Information Technology.\n\nThe Act will surely draw the attention of privacy professionals worldwide, as India plays an important role in the digital economy.\n\n## [Finland and Norway halt data transfers for Russian taxi service](https://iapp.org/news/a/finland-norway-ban-taxi-customer-data-transfers-to-russia-in-response-to-new-law/)\n\nThe data protection authorities of [Finland](https://tietosuoja.fi/en/-/finnish-dpa-bans-yango-taxi-service-transfers-of-personal-data-from-finland-to-russia-temporarily) and [Norway](https://www.datatilsynet.no/contentassets/229ffa763e7349dfbd00e16ca2772578/_-23_03080-1-yango-letter_final-419435_2_1.pdf) **suspended data transfers for Russian taxi service Yango** because of a new Russian law that allows the government to **access passenger data**.\n\nIt will be interesting to see whether the authorities will seek confirmation for their urgency decision from the European Data Protection Board. The situation is worth watching closely: if the Russian Federation passes other similar laws in the future, EU-Russia data transfers might very well become a broader problem.\n\n## Meta to offer paid, ad-free subscriptions\n\nAccording to the [New York Times](https://www.nytimes.com/2023/09/01/technology/meta-instagram-facebook-ads-europe.html), Metamay soon offer paid, **ad-free subscription for Instagram and Facebook** as an alternative to the current free, ad-powered model.\n\nAfter the company’s current compliance strategy was **shot down by EU regulators** (as we explained [on our blog](https://www.simpleanalytics.com/blog/why-meta-is-in-a-world-of-trouble)), Meta announced its intention to provide targeted advertising based on **user consent**. Offering a paid, ad-free option could contribute to this strategy by helping Meta meet the high bar set by the GDPR for free and valid consent.\n\n## Oslo court upholds suspension for Meta’s behavioral advertising\n\nIn related news, the Oslo District Court upheld the Norwegian data protection authority's **temporary ban on Meta’s behavioral advertising**.\n\nThe authority urgently suspended Meta’s target advertising after the EU Court of Justice ruled it to be illegal. As a result of the Court of Justice’s ruling, Meta is now working on a new compliance policy based on user consent.\n\nBecause of the District Court’s decision, the company must either stop providing behavioral ads for Norway until it updates its privacy policy, or pay a daily fine of NORK 1M (a little less than €90.000).\n\n## DSA enforcement begins for the big fish\n\n[The Digital Services Act became enforceable on August 25](https://www.euractiv.com/section/law-enforcement/news/eu-digital-services-act-challenges-remain-as-enforcement-begins/) with regards to “very large online platforms” and “very large online search engines”- in other words, **big fish** such as Facebook, Youtube, and Google Search.\n\nThe DSA includes new rules on content moderation, transparency, and risk management. The Act also bans behavioral advertising based on sensitive data (such as health data or data relative to a user’s sexual orientation), and any behavioral advertising targeting minors.\n\nThe Act includes rules for smaller websites and platforms as well. Enforcement for these rules will start February 24 2024, giving companies some more time to prepare.\n\n## HHS investigates tracking on healthcare websites\n\nThe US Department of Health and Human Services [warned 130 hospitals](https://www.hhs.gov/sites/default/files/use-online-tracking-technologies.pdf) that the use of tracking technologies on their websites may result in **large-scale HIPAA violations**.\n\nAs the HHS itself explains in its recent guidance, the use of cookies and other tracking technologies on the websites of healthcare providers may lead to a violation of the HIPAA (Health Insurance Portability and Accountability Act) because such technologies can collect protected health information. \n\nWe are not surprised that the HHS is looking into trackers, as the confidentiality and proper handling of health information is more important than ever in the [post-Dobbs privacy crisis](https://www.simpleanalytics.com/blog/dobbs-v-jackson-ruling-is-a-privacy-mess).\n\nFeel free to check out [our blog on the HIPAA and web analytics](https://www.simpleanalytics.com/blog/hipaa-compliant-website-analytics) if you are curious about the topic.\n\n## Your car is spying on you\n\n[A new study](https://foundation.mozilla.org/en/privacynotincluded/articles/its-official-cars-are-the-worst-product-category-we-have-ever-reviewed-for-privacy/) published by the Mozilla Foundation paints a drab picture of privacy practices across the automobile industry.\n\nThe study focused on 25 major car brands and found that all their vehicles **collect excessive amounts of personal data**, including sensitive data.  To make things worse, most companies sell or share these data, and offer the customer little or no control over the information.\n",{"data":45},null,1743,"Privacy Monthly: September 2023","Finland cracks down on EU-Russia data transfers, India passes data protection bill, Meta to offer paid subscriptions, and more!","privacy-monthly-september-2023","carlo-cilento","2023-09-08T08:02:21.396Z","2023-09-14T10:10:03.089Z",{"en":54,"de":55,"fr":57,"it":59,"es":61,"nl":63},{"slug":49},{"slug":56},"datenschutz-monatlich-september-2023",{"slug":58},"mensuel-de-la-vie-privee-septembre-2023",{"slug":60},"il-mensile-della-privacy-settembre-2023",{"slug":62},"privacidad-mensual-septiembre-2023",{"slug":64},"privacy-maandelijks-september-2023"]