SypherPrivacyTalks - April 2024 - Week 15

by Sypher - April 06, 2024

Welcome to #SypherPrivacyTalks — Your news and article roundup. Bringing you the top privacy & compliance stories of the week.

Google agrees to delete billions of records of browsing data as part of proposed “Incognito Mode” settlement • 5 min read
😎 The 'incognito' mode of Google's Chrome browser has come under heavy fire for failing to fully disclose the company's internal tracking of users. A proposed settlement of a class-action lawsuit would see the company delete the browsing data of around 136 million users, or "billions" of records in total.

The settlement would also limit Google's data collection in the future and require the company to be more transparent about how it tracks users through third-party websites. But while the settlement is expected to cost Google around $5 billion in lost advertising revenue, it would not pay any damages to the plaintiffs.

The settlement would affect all Incognito Mode data collected between 1 June 2016 and the beginning of 2024… read more

CNIL: The economic impact of GDPR, 5 years on • 4 min read

📜France's data protection authority, the CNIL, has published a report on data protection progress since the EU's General Data Protection Regulation came into force. 
The CNIL also looked at the economic impact studies of the GDPR, which have been carried out over the five years of the law's implementation, and found that they have mostly focused on costs and did not adequately capture the benefits for businesses and welfare gains for individuals.

Finally, the CNIL notes that these studies show that the GDPR tends to favour large economic operators, which have more resources to devote to compliance, but are also audited more regularly. The regulator intends to actively combat this trend by taking a demanding stance towards large actors in the future… read more

EU Policy. Lawmakers to approve updated GDPR rules despite companies' concerns • 4 min read

🇪🇺 On 10 April, EU lawmakers are set to adopt rules under the General Data Protection Regulation (GDPR) that will make it easier for national data protection authorities to work together across borders.

However, tech lobby bodies are concerned that the updated GDPR rules will increase the number of abusive complaints and slow down even more lengthy procedures.

The procedural rules, proposed by the European Commission in July 2023 as an addition to the GDPR, aim to ensure data protection complaints involving multiple member states are resolved quickly and give businesses more legal certainty. The rules also aim to give complainants, as well as those under investigation, more rights in disputes… read more

ICO joins global data protection and privacy programme • 2 min read

🌎 The UK's Information Commissioner's Office (ICO) has signed up to a new international multilateral agreement, the Global Cooperation Arrangement for Privacy Enforcement (Global CAPE), to work together on cross-border data protection and privacy enforcement.

As part of the Global CAPE, the ICO will be able to assist with investigations and share information with member countries without having to enter into separate agreements with each country. Global CAPE members include the United States, Australia, Canada, Mexico, Japan, the Republic of Korea, the Philippines, Singapore and Chinese Taipei… read more

CJEU rules on joint controllership in TCF marketing related data processing • 3 min read

👩‍⚖️ The Court of Justice of the European Union ("CJEU") has recently issued a preliminary ruling on joint controllership and the definition of personal data. The CJEU held in "IAB Europe" (C-604/22) that IAB Europe and its members are joint controllers with respect to the processing of Transparency and Consent Framework ("TCF") related to marketing data. It also considered TC strings as personal data. 

IAB Europe is an European level association for the digital marketing and advertising ecosystem. The TC string enables communication of transparency and consent information to entities, or “vendors”, that process a user's personal data. Vendors decode a TC String to determine whether they have the necessary legal bases to process a user's personal data for their purposes. For implications to businesses that participate in the TCF... read more


Get connected with us on LinkedIn or by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.

Photo by Arthur Osipyan on Unsplash