PrivacyDesigner’s Post

Google Chrome's new tracking method sparks privacy complaint Noyb has filed a complaint with Austrian regulators against Google Chrome's "Privacy Sandbox," accusing Google of deceiving users about their tracking methods. Max Schrems, Noyb's founder, claims that Google misled users into thinking they were enabling a privacy feature, while in reality, they were agreeing to extensive tracking through a method called Topics. Instead of third-party cookies, Topics tracks user interests based on browsing behavior and shares this data with websites and ad partners, raising privacy concerns. Noyb argues that Google's approach does not meet the GDPR's standards for informed and transparent user consent, as users are not clearly informed about the extent of data tracking. Noyb requests that regulators enforce GDPR compliance, stop unauthorized data processing, inform ad partners to cease using improperly obtained data, and impose a significant fine on Google. Privacy management system, consultancy and training: https://privacy.partners #nyob #chrome #google #gdpr #privacy #sandbox #informedconsent #advertising #tracking

Google's Privacy Sandbox has been given a bad rep since its launch. 🔏 But there's another outlook here. 💻 As major browsers have left behind third-party cookies, the Sandbox could offer a space for advertisers to engage in healthy competition and utilise its open-source capabilities whilst appealing to privacy regulations. What do you think about Google's Privacy Sandbox? #Google #Privacy #Data #PrivacySandbox

Imagine the situation: you've meticulously crafted a game, prepared it for launch on platforms like Google Play or the App Store, and even composed a detailed Privacy Policy. Everything appears to be proceeding smoothly until one day, a million-dollar fine notice lands in your inbox. ❓How did this happen, and why? It turns out that simply drafting a Privacy Policy isn't always sufficient. This reality was reinforced by the case of French game developer and publisher VOODOO, which incurred a hefty €3 million fine on December 1, 2022. 📌The French Commission examined VOODOO's game "Helix Jump" and discovered a major issue. Upon app download, users receive a unique ID called "IDentifier For Vendors" (IDFV) to track in-app interactions. When opening the game, users saw an Apple-generated pop-up to allow or deny activity tracking. Opting out led to a VOODOO pop-up explaining ads would be non-personalized. Despite opting out, VOODOO used IDFV for tracking against user preferences and the pop-up message, but companies like VOODOO need to respect user choices and data integrity. ❓Could these errors and fines have been prevented? Yes, with a thorough GDPR audit. Initially, VOODOO should've created a detailed data flow map, reviewing each stage for violations. Unfortunately, this was skipped, leading to a breach during player consent for data handling. Next, focus on the privacy policy, clearly outlining data collection purposes and methods in user-friendly terms for easy comprehension. Lastly, enact solutions like consent pop-ups, encryption, automatic data deletion, and responsive support. These steps ensure sustainable game monetization, trust-building, and penalty avoidance. #StalirovCoBlog #itlawyer #stalirovco #privacypolicy #privacynotice #gdpr #ccpa #dataprotection #privacylawyer

🚀 Big News in Privacy! 🚀 Google has agreed to destroy or de-identify billions of records of web browsing data collected in its private browsing "Incognito mode" as part of a proposed class action settlement. The settlement aims for greater transparency about data collection practices and could apply to 136 million Google users. 💻💡 [Source: www.theverge.com] #Privacy #Google #IncognitoMode #DataProtection

🔒🍫🔍 Ah, the sweet taste of privacy concerns in the tech world! 🍫🔍🔒 #ainews #automatorsolutions 🔍 Did you hear about the latest clash in the tech town? The Chocolate Factory 🍫 isn't looking so sweet after being accused of misleading Chrome users by noyb. 🍬 #PrivacyMatters 🚦 Turning on a Privacy Feature in Chrome only to have unwanted tracking follow you around? 🧐 Sounds like a twisted plot from a tech thriller! #DataPrivacyDrama 📉 It's a sticky situation for Google's Privacy Sandbox and GDPR compliance. Will they emerge unscathed or face the consequences of the cookie crumble? 🍪 #TechEthics 🔍 As the tech industry navigates choppy privacy waters, are we witnessing the rise of users demanding transparency and control over their data? 🌊 #TransparencyRevolution 🔐 Stay vigilant, tech wizards! Let's keep our eyes on the data prize and the privacy puzzles ahead. 🧙♂️✨ #PrivacyFirst #TechHeroes 💬 Share your thoughts, predictions, or privacy tales in the comments! Let's decode this tech mystery together. 🔍💭 #CyberSleuths #TechTalks #CyberSecurityAINews ----- Original Publish Date: 2024-06-13 06:39

Do you think Cybersecurity is expensive? Think again. Here are the Top 10 GDPR Penalty Fines recorded so far. 1. Meta - €1.3B, 2023: Fined for GDPR violation in transferring EU/EEA Facebook data to the US. 2. Amazon - €746M, 2021: Penalized for tracking user data without consent in Luxembourg. 3. Meta (Instagram) - €405M, 2022: Fined for mishandling children's personal data. 4. Meta (Facebook & Instagram) - €390M, 2023: Fined for unclear data processing based on user contacts. 5. TikTok - €345M, 2021: Penalized for collecting and processing under-13s' data, setting accounts to public by default. 6. Meta (Facebook) - €265M, 2022: Fined for exposing personal data online, violating data protection principles. 7. WhatsApp - €225M, 2021: Fined for unclear privacy policies and data usage transparency. 8. Google LLC - €90M, 2021: Fined by CNIL for complicating cookie refusal for YouTube users in France. 9. Google Ireland - €60M, 2021: Same-day fine as Google LLC for google.fr site. 10. Facebook Ireland - €60M, 2021: Fined for difficult cookie refusal mechanisms and misleading labeling. GDPR compliance is crucial for EU operations, with fines of up to €20M or 4% of global turnover. No matter how small your organization is, if you're operating in the EU, you need to remain compliant with the GDPR. ♻Help spread the word by reposting this to your network. ______________________ Thank you for reading! If you enjoyed this post, follow me, Liviu Munteanu, for more content and tips about #cybersecurity, #careeradvice, #productivity, and #personaldevelopment. #informationsecurity #gdpr #gdprcompliance #penalties #regulatorycompliance #infosectraining #securityawarenesstraining

In my recent blog post I look at some important take-aways from the Irish Data Protection Commissioner’s decision to fine TikTok. Whilst most businesses aren’t running a global social media platform with a billion users consisting mostly of children and young people, there are some interesting points in the decision that really drill down into the nitty-gritty of data protection compliance and provide some practical warnings and guidance for people involved in designing apps/platforms/websites and writing privacy notices and data protection impact assessments (DPIAs). This includes: 👉 Avoiding dark patterns / nudge techniques in privacy pop-ups 👉 Accounting for bad actors in DPIAs and privacy by design 👉 Assuming the worst when framing DPIA scope, including users breaching user terms and cheating verification processes 👉 Words to avoid in privacy notices See post for detail: https://lnkd.in/eQFhPGf3 and get in touch if you want help making changes to your DPIAs, privacy notices, pop-up notices, user options, platform/website/app design/settings or data processing practices: hannah@claydenlaw.co.uk.

Google Chrome's "Privacy Feature" Is Actually an Invasive Ad-Tracking Tool Barbara Calderini Google announced the phase-out of third-party cookies in Chrome to address criticism over invasive ad tracking. Instead, users are now being misled into enabling a so-called "ad privacy feature" that tracks them within the browser. Marketed as an improvement, the "Privacy Sandbox" still involves tracking, just done by Google itself. This shift supposedly requires informed user consent, but Google is accused of deceitfully presenting this tracking as a privacy enhancement. As a result, noyb has filed a complaint with the Austrian Data Protection Authority. Max Schrems of noyb highlighted that true consent must be informed, transparent, and fair—none of which Google provided. The Privacy Sandbox may be less intrusive than third-party tracking, but it doesn't bypass European data protection laws. Chrome now tracks every site visited to generate advertising topics, sharing this data with advertisers. Schrems called this a case of illegal “privacy washing,” urging authorities to enforce GDPR compliance and impose penalties on Google. Read more about this here: 

Another important piece of research from #PrivacyCon24 - this one presented by Patrick Parham, looking at "privacy-preserving" attribution solutions, and how they "fail to achieve meaningful privacy but also leverage privacy rhetoric to advance commercial interests." Deep-dive analysis of Google’s attribution reporting API, Apple’s SKAdNetwork & private click measurement, and Meta/Mozilla’s Interoperable Private Attribution can be found in the paper, which is definitely worth a read. Paper: https://lnkd.in/eT_M82bD #privacy #consumerprotection #competition #adtech  

Privacy Vs. Users Safety Happy to see that british regulator just published new rules to crack down on illegal ads and protect children online. However, the alarming reality is that malicious campaigns pose a constant threat to children and innocent citizens. In fact, at GeoEdge we stop more than 200,000 of these harmful campaigns every day!   Taking a global perspective, some countries have excelled in protecting their online users, while others are still facing challenges. Why? A successful strategy shall have a long-term commitment with dedicated budgets, clear regulations, and robust enforcement mechanisms. The best example is privacy. Both the EU and the US fines Google, FB and twitter in millions due to violation of the various privacy laws.   I wish we had seen the same dedication to user protection and child safety. I am certain that if the EU and the US were to allocate the same resources to these issues as they do to the GDPR and CCPA, the online space would be a much safer place. Would we all agree that child protection is at least as important as privacy?