[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"blog-slug_blog_3_1":3,"blog-slug_blog_privacy-perspectives-june-2024_1000_1":40},{"article":4,"articles":15,"meta":33,"languages":39},{"id":5,"title":6,"excerpt":7,"locale":8,"slug":9,"authorSlug":10,"automaticTranslated":11,"publishedAt":12,"updatedAt":13,"doFollowLinks":11,"showIndex":11,"showCallToActions":11,"articleType":14},3060,"The EU wants to kill cookie banners","The EU wants to end annoying cookie pop-ups by letting users set their consent once in their browser. If passed, websites will have to respect those choices.","en","the-eu-wants-to-kill-cookie-banners-by-moving-consent-to-your-browser","iron-brands",false,"2025-11-20T05:40:14.356Z","2025-11-20T06:13:15.812Z","blog",[4,16,26],{"id":17,"title":18,"excerpt":19,"locale":8,"slug":20,"authorSlug":10,"automaticTranslated":11,"publishedAt":21,"updatedAt":22,"ctaTitle":23,"ctaDescription":24,"doFollowLinks":11,"showIndex":25,"showCallToActions":11,"articleType":14},3019,"Google is tracking you (even when you use DuckDuckGo)","Google tracks users even on DuckDuckGo via Analytics and embeds. A new study shows how deep Google’s web tracking really goes.","google-is-tracking-you-even-when-you-use-duck-duck-go","2025-07-14T08:56:41.709Z","2025-07-14T11:26:01.386Z","If you care about privacy, you don't use Google Analytics","Ditch the tracking, keep the insights. Try Simple Analytics.",true,{"id":27,"title":28,"excerpt":29,"locale":8,"slug":30,"authorSlug":10,"automaticTranslated":11,"publishedAt":31,"updatedAt":32,"doFollowLinks":11,"showIndex":11,"showCallToActions":11,"articleType":14},3018," German court rules Meta’s tracking tech violates GDPR","German court rules Meta’s tracking tech violates GDPR, allowing lawsuits without proof of harm. Big risks ahead for sites using Meta pixels.","german-court-rules-meta-s-tracking-tech-violates-gdpr","2025-07-10T08:20:51.111Z","2025-07-10T12:16:26.327Z",{"pagination":34},{"page":35,"pageSize":36,"pageCount":37,"total":38},1,3,362,1084,{},{"article":41},{"contentHtml":42,"content":43,"inlineMedia":44,"id":46,"title":47,"excerpt":48,"locale":8,"slug":49,"authorSlug":50,"automaticTranslated":11,"publishedAt":51,"updatedAt":52,"doFollowLinks":11,"showIndex":25,"showCallToActions":25,"articleType":14,"languages":53},"\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2489\">\u003Cem>Welcome to the first installment of the Privacy Perspectives. This is a new space for  for deeper dives on Privacy Monthly material, and for other material that doesn&#39;t quite fit the Privacy Monthly. Every story comes with a direct link to the source, some commentary for context, and sometimes a personal take.\u003C/em>\u003C/ContentEditable>\n\u003Col class=\"counters\">\u003Cli>\u003CNuxtLink to=\"#edpb-cuts-ai-no-slack\">EDPB cuts AI no slack\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#youtube-drops-the-ball-on-political-ads\">Youtube drops the ball on political ads\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#how-do-apps-protect-female-health-data\">How do apps protect female health data?\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#the-markup-on-car-tracking-and-mortgage-brokers\">The Markup on car tracking and mortgage brokers\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#sdks-and-the-ftc\">SDKs and the FTC\u003C/NuxtLink>\u003C/li>\u003Cli>\u003CNuxtLink to=\"#how-gps-changed-location-data\">How GPS changed location data\u003C/NuxtLink>\u003C/li>\u003C/ol>\u003CCtaOne />\u003CContentEditable  id=\"edpb-cuts-ai-no-slack\" parent=\"\" tag=\"h2\" :articleId=\"2489\">\u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.edpb.europa.eu/our-work-tools/our-documents/other/report-work-undertaken-chatgpt-taskforce_en?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">EDPB cuts AI no slack\u003C/a>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2489\">The AI Act is stealing the media spotlight, and for good reason: it is the first act of its kind and is likely to set the tone for AI policy discourse worldwide, much like the GDPR did for privacy law. But the privacy people are also discussing other AI-related news that flew under the radar of the general media: the European Data Protection Board (EDPB) published its \u003Cstrong>report on the work of the ChatGPT taskforce\u003C/strong>.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2489\">Here is some context: in 2023 the Italian privacy watchdog banned ChatGPT for about a month over privacy concerns. This prompted the EDPB (that is, the committee where all privacy regulators sit) to launch a broader investigation through the so-called “ChatGPT taskforce”. The result is a report that lays out the common ground found by European regulators.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2489\">The report is very important because ChatGPT’s issues are largely \u003Cstrong>common to all foundational models\u003C/strong>: for instance, they hallucinate, they cannot be made to forget data, and they are mostly trained on nonconsensually scraped data. All of these are serious issues that regulators will need to tackle in the near future and their approach will heavily impact foundational models on the EU market.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2489\">The report doesn’t beat around the bush and states quite clearly that regulators expect \u003Cstrong>full compliance\u003C/strong> from the providers of AI and that technical impossibility is no excuse for non-compliance. In other words, the EDPB is not willing to cut OpenAI (and other players) any slack on the grounds that complying with the GDPR is technically impossible.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2489\">The report stresses that implementing \u003Cstrong>safeguards\u003C/strong> can help with compliance. But we should be realistic here: many safeguards that are commonplace in other industries simply do not work for AI- at least within the current state of the art. If your training data is \u003Cem>the entire open Web\u003C/em>, things like anonymization and sanitization of sensitive data are simply not possible, nor is any serious work to improve data quality.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2489\">Individual regulators may very well stray from the stance of the EDPB as the report is not binding in nature. And of course, there is no saying where the Court Justice will stand when it finally deals with AI and the GDPR.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2489\">Nonetheless, should the line in the report prevail, foundational models might be in trouble on the EU market.\u003C/ContentEditable>\n\u003CContentEditable  id=\"youtube-drops-the-ball-on-political-ads\" parent=\"\" tag=\"h2\" :articleId=\"2489\">\u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.accessnow.org/wp-content/uploads/2024/04/Votes-will-not-be-counted_YouTube-Disinformation-Ads-Report.pdf?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">Youtube drops the ball on political ads\u003C/a>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2489\">An investigation by Access Now and Global Witness highlights that YouTube is doing little or nothing to address election disinformation in India.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2489\">The two groups uploaded 48 video ads containing grossly false electoral information in three languages, including English- which should be the easiest one for Google to work with. All of them passed YouTube’s review. The only reason they were not broadcasted is that Access Now pulled them beforehand.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2489\">Maybe those \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://www.bloomberg.com/news/articles/2024-03-01/google-trims-jobs-in-trust-and-safety-while-others-work-around-the-clock?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">mass layoffs from Google’s trust and safety team\u003C/a> weren’t such a great idea after all?\u003C/ContentEditable>\n\u003CContentEditable  id=\"how-do-apps-protect-female-health-data\" parent=\"\" tag=\"h2\" :articleId=\"2489\">\u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://healthlawpulse.wordpress.com/2024/05/17/do-apps-protect-female-health-data/?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">How do apps protect female health data?\u003C/a>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2489\">Writing for The Pulse, Matt Fisher covers and summarizes a recent study on \u003Cstrong>privacy in female mhealth apps\u003C/strong> in the US market. Spoiler alert: privacy practices are terrible across the industry. To no small extent, this is due to the fact that \u003Cstrong>many mhealth apps are not covered by HIPAA\u003C/strong>- a US health care sector law that protects health information.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2489\">As Matt correctly points out, \u003Cstrong>HIPAA can be confusing\u003C/strong> for non-lawyers. Whether data fall under the HIPAA depends not only on their nature but also on the context in which they were collected. To grossly simplify, health data collected outside the health care system do not fall under HIPAA no matter how sensitive they might be.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2489\">So, “Alice’s menstrual cycle stopped” is protected health information when Alice tells her doctor but not when she types it into her mhealh app. This is counterintuitive and, therefore, confusing for Alice. She may mistakenly think that the information is always covered by HIPAA and believe her data to be safer than they actually are.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2489\">It is worth noting that health data privacy has been incredibly important since \u003Cstrong>Dobbs v. Jackson\u003C/strong>. After the ruling, residents of certain States risk prosecution and imprisonment for seeking health care and mhealth apps are a treasure trove of potentially incriminating evidence. The FTC is doing it best to control the damage but there will be no real fix until the US protects health data with \u003Cstrong>a federal privacy law\u003C/strong>.\u003C/ContentEditable>\n\u003CContentEditable  id=\"the-markup-on-car-tracking-and-mortgage-brokers\" parent=\"\" tag=\"h2\" :articleId=\"2489\">\u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://themarkup.org/privacy/2024/04/30/car-tracking-can-enable-domestic-abuse-turning-it-off-is-easier-said-than-done?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">The Markup on car tracking and mortgage brokers\u003C/a>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2489\">When the harms of surveillance are discussed, people usually think of future dystopias and spy story scenarios. The reality is often more mundane- think less “1984” and more “dangerous ex stalking you”.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2489\">An excellent article co-published by The Markup and CalMatters explains how car tracking \u003Cstrong>enable domestic abuse\u003C/strong> by allowing the abuser to locate the driver. As the author correctly notes, cars are often a lifeline for victims of abuse- which makes car-enabled stalking all the more problematic. Sometimes even a restraining order is not enough to stop the tracking.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2489\">The Markup also investigated the use of Meta’s pixel from US mortage brokers and found that many of them- including some heavyweights- \u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://themarkup.org/pixel-hunt/2024/05/15/mortgage-brokers-sent-peoples-estimated-credit-address-and-veteran-status-to-facebook?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">share users’ financial data with Facebook\u003C/a> without their consent or even their knowledge.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2489\">Meta bans businesses from sending sensitive information via its pixel and claims that it uses automated tools to block sensitive information from being sent. That being said, the results of The Markup’s investigation suggest that Meta is probably not enforcing its policies too strictly.\u003C/ContentEditable>\n\u003CContentEditable  id=\"sdks-and-the-ftc\" parent=\"\" tag=\"h2\" :articleId=\"2489\">\u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://iapp.org/news/a/pursuit-of-app-iness-the-legal-considerations-of-sdks/?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">SDKs and the FTC\u003C/a>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2489\">Andrew Folks takes an in-depth look at some of the legal issues of software development kits (SDK) and offers an overview of recent \u003Cstrong>FTC enforcement against illegal SDK\u003C/strong> tracking.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2489\">Software developer kids (SDKs) is a bundle of software-building tools. Typically, the owners of an SDK will incorporate \u003Cstrong>tracking technology\u003C/strong> in the code and make it available to third party developers. As a result, developers get to use the SDK for free and the SDK owners get to collect data from the end user.\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2489\">SDKs are the privacy catastrophe that hardly anyone is talking about. Just about everyone has this spyware on their phones. This happens even on the EU market and despite the strict opt-in consent required by the ePrivacy Directive for such tracking. In fact, many companies essentially side-step the law by requiring consent to tracking for the app to work at all.\u003C/ContentEditable>\n\u003CContentEditable  id=\"how-gps-changed-location-data\" parent=\"\" tag=\"h2\" :articleId=\"2489\">\u003Ca referrerpolicy=\"strict-origin-when-cross-origin\" href=\"https://iapp.org/news/a/a-view-from-dc-fcc-geolocation-orders-show-privacys-lost-waypoint/?utm_source=simpleanalytics.com\" target=\"_blank\" rel=\"noopener nofollow\">How GPS changed location data\u003C/a>\u003C/ContentEditable>\n\u003CContentEditable  parent=\"\" tag=\"p\" :articleId=\"2489\">Writing about the recent FCC fines against mobile carriers, Cobun Zweifel-Keegan provides an interesting overview of how GPS changed the economic value of location data. In a nutshell, GPS created new and profitable revenue streams for communication carriers but also generated new expectations of privacy among customers.\u003C/ContentEditable>\n","_Welcome to the first installment of the Privacy Perspectives. This is a new space for  for deeper dives on Privacy Monthly material, and for other material that doesn't quite fit the Privacy Monthly. Every story comes with a direct link to the source, some commentary for context, and sometimes a personal take._\n\n## [EDPB cuts AI no slack](https://www.edpb.europa.eu/our-work-tools/our-documents/other/report-work-undertaken-chatgpt-taskforce_en)\nThe AI Act is stealing the media spotlight, and for good reason: it is the first act of its kind and is likely to set the tone for AI policy discourse worldwide, much like the GDPR did for privacy law. But the privacy people are also discussing other AI-related news that flew under the radar of the general media: the European Data Protection Board (EDPB) published its **report on the work of the ChatGPT taskforce**.\n\nHere is some context: in 2023 the Italian privacy watchdog banned ChatGPT for about a month over privacy concerns. This prompted the EDPB (that is, the committee where all privacy regulators sit) to launch a broader investigation through the so-called “ChatGPT taskforce”. The result is a report that lays out the common ground found by European regulators.\n\nThe report is very important because ChatGPT’s issues are largely **common to all foundational models**: for instance, they hallucinate, they cannot be made to forget data, and they are mostly trained on nonconsensually scraped data. All of these are serious issues that regulators will need to tackle in the near future and their approach will heavily impact foundational models on the EU market.\n\nThe report doesn’t beat around the bush and states quite clearly that regulators expect **full compliance** from the providers of AI and that technical impossibility is no excuse for non-compliance. In other words, the EDPB is not willing to cut OpenAI (and other players) any slack on the grounds that complying with the GDPR is technically impossible.\n\nThe report stresses that implementing **safeguards** can help with compliance. But we should be realistic here: many safeguards that are commonplace in other industries simply do not work for AI- at least within the current state of the art. If your training data is _the entire open Web_, things like anonymization and sanitization of sensitive data are simply not possible, nor is any serious work to improve data quality.\n\nIndividual regulators may very well stray from the stance of the EDPB as the report is not binding in nature. And of course, there is no saying where the Court Justice will stand when it finally deals with AI and the GDPR.\n\nNonetheless, should the line in the report prevail, foundational models might be in trouble on the EU market.\n\n## [Youtube drops the ball on political ads](https://www.accessnow.org/wp-content/uploads/2024/04/Votes-will-not-be-counted_YouTube-Disinformation-Ads-Report.pdf )\nAn investigation by Access Now and Global Witness highlights that YouTube is doing little or nothing to address election disinformation in India.\n\nThe two groups uploaded 48 video ads containing grossly false electoral information in three languages, including English- which should be the easiest one for Google to work with. All of them passed YouTube’s review. The only reason they were not broadcasted is that Access Now pulled them beforehand.\n\nMaybe those [mass layoffs from Google’s trust and safety team](https://www.bloomberg.com/news/articles/2024-03-01/google-trims-jobs-in-trust-and-safety-while-others-work-around-the-clock) weren’t such a great idea after all?\n\n## [How do apps protect female health data?](https://healthlawpulse.wordpress.com/2024/05/17/do-apps-protect-female-health-data/)\nWriting for The Pulse, Matt Fisher covers and summarizes a recent study on **privacy in female mhealth apps** in the US market. Spoiler alert: privacy practices are terrible across the industry. To no small extent, this is due to the fact that **many mhealth apps are not covered by HIPAA**- a US health care sector law that protects health information.\n\nAs Matt correctly points out, **HIPAA can be confusing** for non-lawyers. Whether data fall under the HIPAA depends not only on their nature but also on the context in which they were collected. To grossly simplify, health data collected outside the health care system do not fall under HIPAA no matter how sensitive they might be.\n\nSo, “Alice’s menstrual cycle stopped” is protected health information when Alice tells her doctor but not when she types it into her mhealh app. This is counterintuitive and, therefore, confusing for Alice. She may mistakenly think that the information is always covered by HIPAA and believe her data to be safer than they actually are.\n\nIt is worth noting that health data privacy has been incredibly important since **Dobbs v. Jackson**. After the ruling, residents of certain States risk prosecution and imprisonment for seeking health care and mhealth apps are a treasure trove of potentially incriminating evidence. The FTC is doing it best to control the damage but there will be no real fix until the US protects health data with **a federal privacy law**.\n\n## [The Markup on car tracking and mortgage brokers](https://themarkup.org/privacy/2024/04/30/car-tracking-can-enable-domestic-abuse-turning-it-off-is-easier-said-than-done)\nWhen the harms of surveillance are discussed, people usually think of future dystopias and spy story scenarios. The reality is often more mundane- think less “1984” and more “dangerous ex stalking you”.\n\nAn excellent article co-published by The Markup and CalMatters explains how car tracking **enable domestic abuse** by allowing the abuser to locate the driver. As the author correctly notes, cars are often a lifeline for victims of abuse- which makes car-enabled stalking all the more problematic. Sometimes even a restraining order is not enough to stop the tracking.\n\nThe Markup also investigated the use of Meta’s pixel from US mortage brokers and found that many of them- including some heavyweights- [share users’ financial data with Facebook](https://themarkup.org/pixel-hunt/2024/05/15/mortgage-brokers-sent-peoples-estimated-credit-address-and-veteran-status-to-facebook) without their consent or even their knowledge.\n\nMeta bans businesses from sending sensitive information via its pixel and claims that it uses automated tools to block sensitive information from being sent. That being said, the results of The Markup’s investigation suggest that Meta is probably not enforcing its policies too strictly.\n\n## [SDKs and the FTC](https://iapp.org/news/a/pursuit-of-app-iness-the-legal-considerations-of-sdks/)\nAndrew Folks takes an in-depth look at some of the legal issues of software development kits (SDK) and offers an overview of recent **FTC enforcement against illegal SDK** tracking.\n\nSoftware developer kids (SDKs) is a bundle of software-building tools. Typically, the owners of an SDK will incorporate **tracking technology** in the code and make it available to third party developers. As a result, developers get to use the SDK for free and the SDK owners get to collect data from the end user.\n\nSDKs are the privacy catastrophe that hardly anyone is talking about. Just about everyone has this spyware on their phones. This happens even on the EU market and despite the strict opt-in consent required by the ePrivacy Directive for such tracking. In fact, many companies essentially side-step the law by requiring consent to tracking for the app to work at all.\n\n## [How GPS changed location data](https://iapp.org/news/a/a-view-from-dc-fcc-geolocation-orders-show-privacys-lost-waypoint/ )\nWriting about the recent FCC fines against mobile carriers, Cobun Zweifel-Keegan provides an interesting overview of how GPS changed the economic value of location data. In a nutshell, GPS created new and profitable revenue streams for communication carriers but also generated new expectations of privacy among customers.",{"data":45},null,2489,"Privacy Perspectives June 2024","Privacy insights in plain English with context and commentary","privacy-perspectives-june-2024","carlo-cilento","2024-06-12T08:40:12.581Z","2025-02-13T12:35:08.879Z",{"en":54,"de":55,"fr":57,"it":59,"es":61,"nl":63},{"slug":49},{"slug":56},"datenschutz-perspektiven-juni-2024",{"slug":58},"perspectives-en-matiere-de-protection-de-la-vie-privee-juin-2024",{"slug":60},"privacy-perspectives-giugno-2024",{"slug":62},"perspectivas-de-privacidad-junio-de-2024",{"slug":64},"privacyperspectieven-juni-2024"]