Fall 2022 Newsroom: Instagram and Criteo fines, GDPRexit, and the Data Privacy Framework

Fall 2022 Newsroom: Instagram and Criteo fines, GDPRexit, and the Data Privacy Framework

With Nina Müller, Ethical Commerce Alliance Director and host of the Ethical Allies podcast.

References:

Selected updates:

Enforcement

Starting with Europe, the most discussed recent case, and perhaps the most complex, is Ireland’s 405m EUR fine to Meta for the manner in which it exposed contact details for 13-17 year olds on Instagram business accounts. At its core: the European Data Protection Board (EDPB)’s intervention to find a compromise between the Data Protection Commissioner (leading supervisory authority for most US tech giants) and other Data Protection Agencies accusing it of resting on its laurels.

Perhaps even more relevant to the interplay that we mostly care about (MarTech/AdTech + Privacy) was the French DPA’s announcement of a potential 60m EUR fine for Criteo. All hints point to a lack of proper oversight in the obtention of valid consent through publishers and advertisers. The role of these two was instrumental in building what the company had once claimed were “IDs and interests for 72% of all internet users”, so this case could bring us full circle into the Consent Management Platforms debate and whether they can be relied upon. All in all, it is no wonder that Criteo has moved firmly into first-party data territory, now calling itself a Commerce Media platform.

The Digital Analytics space got its own share of excitement too. Denmark became (with Austria, France, and Italy) the fourth country to make it clear that Google Analytics breached the GDPR unless additional measures are taken. As explained in detail by France’s CNIL, the only way to avoid scrutiny was using a reverse proxy (a company’s own EU-based server, filtering out important pieces of information prior to forwarding calls to Google’s servers). As many will remember, this was only the tip of the iceberg of the 101 complaints filed by NYOB against companies using either Google Analytics or the Facebook pixel.

Next in line was TikTok, quickly catching up with Meta/Facebook and Google in terms of privacy violations, penalties, privacy lawsuits and privacy-related scandals. Its latest trophies: the UK’s DPA (ICO)’s proposed 27m GBP fines for its mishandling of children’s data (they were allowed to sign up without parental consent, information provided was insufficient, and special categories of data were being processed), a 92 million settlement in Illinois (under the State’s Biometric Information Privacy Law on which every major social media platform has stumbled before) and recent coverage of the manner in which its tracking pixels follow everyone around the web.

Legal updates

It may not be a new law or court case, but Joe Biden’s Executive Order to make room for the EU-US Data Privacy Framework (Privacy Shield 2.0) is the biggest piece of news on this front. All going well in Brussels, it could put an end to the nightmare currently faced by the millions of customers of US-based SaaS MarTech and AdTech solutions that happen to process data on US soil, including Google Analytics, Mailchimp, HubSpot, or Salesforce Marketing Cloud.

For its part, the UK wants out of the GDPR and this could actually result in a more dynamic environment (it relied on an Oxford University research that claimed that the GDPR is costing UK businesses 8% of their profits). For one thing, they are proposing to let small businesses get on with their lives.

Future of media

Elon Musk completed his acquisition of Twitter, announcing monthly charges to its heaviest users - starting with those displaying a “verified” blue icon, who happen to be the ones caring the most about the status their identity or following confers to them. This was criticized as a “misinformation nightmare”, in very timely Halloween fashion.

Det här avsnittet är hämtat från ett öppet RSS-flöde och publiceras inte av Podme. Det kan innehålla reklam.

Avsnitt(124)

Erica Irvin (Lowe’s): the new boundaries of the discipline

Erica Irvin (Lowe’s): the new boundaries of the discipline

Are privacy compliance and AI governance poised to remain stand-alone practices within the large enterprise? What is their interplay with an all-encompassing compliance effort? How will we deal with c...

3 Aug 202525min

Christine Desrosiers (Boltive): Privacy Tech spotlight V - understanding Manipulative Design and rolling out comprehensive client-side monitoring

Christine Desrosiers (Boltive): Privacy Tech spotlight V - understanding Manipulative Design and rolling out comprehensive client-side monitoring

What is “manipulative design”? How does this concept differ from “dark patterns”? How could we expand website and mobile app monitoring to a company’s ad stack?  Boltive’s Christine Desrosiers has joi...

27 Juli 202532min

Ansuman Acharya (Airbnb): What is Privacy UX?

Ansuman Acharya (Airbnb): What is Privacy UX?

Could transparency and control requirements be seamlessly integrated within delightful customer journeys? How has a famously design-led company (Airbnb) mastered Privacy User Experience? Ansuman Achar...

19 Juli 202529min

Nathalie Barrera: NIS2 (EU) and the interplay between cybersecurity, privacy, AI, and IoT data laws

Nathalie Barrera: NIS2 (EU) and the interplay between cybersecurity, privacy, AI, and IoT data laws

Will EU cybersecurity laws result in new global standards? Should companies handle NIS2 compliance in concert with GDPR, AI Act, or Data Act requirements? Does it make sense to take data localization ...

13 Juli 202530min

Vaibhav Antil (Privado): Privacy Tech spotlight IV - from trust to evidence

Vaibhav Antil (Privado): Privacy Tech spotlight IV - from trust to evidence

How do we move from mere words to actual baked-in privacy? Can built-in alerts, code scanning tools, or server-side auditing make life much easier for DPOs and legal teams?  We are joined by Vaibhav A...

7 Juli 202528min

John Pavolotsky: How successful can US privacy laws be at regulating AI models and systems?

John Pavolotsky: How successful can US privacy laws be at regulating AI models and systems?

John Pavolotsky is a partner at Stoel Rives in San Francisco. He is co-chair of the firm's AI, Privacy & Cybersecurity group and focuses his practice on data privacy, information security, and complex...

30 Juni 202527min

Thomas Ghys: The privacy engineer as a translator, an auditor, and a programmer

Thomas Ghys: The privacy engineer as a translator, an auditor, and a programmer

Who can really claim to be a privacy engineer? Does this change in the digital marketing arena? What is the winning formula to integrate this role within the company’s privacy practice? Thomas Ghys ha...

21 Juni 202528min

Cillian Kieran (Ethyca): Privacy Tech spotlight III - compliance as an engineering challenge

Cillian Kieran (Ethyca): Privacy Tech spotlight III - compliance as an engineering challenge

Can we shift the focus from documentation to technical implementation? How can we bridge the cultural differences between legal teams and engineers? What do we mean with open-source data classificatio...

14 Juni 202527min

Populärt inom Business & ekonomi

badfluence
framgangspodden
varvet
dynastin
svd-tech-brief
rss-borsens-finest
avanzapodden
uppgang-och-fall
bathina-en-podcast
rss-inga-dumma-fragor-om-pengar
fill-or-kill
lastbilspodden
rss-dagen-med-di
rss-dominoeffekten
borsmorgon
market-makers
rss-svart-marknad
rss-hos-psykologen
rss-kort-lang-analyspodden-fran-di
montrosepodden