Ad Tech Is 'Easy Pickings' For Data Privacy Regulators
Even companies that make good-faith efforts to comply with data protection laws can unwittingly end up with front-row seats to the privacy theater.
Even companies that make good-faith efforts to comply with data protection laws can unwittingly end up with front-row seats to the privacy theater.
European regulators are losing their patience with companies that attempt to use legitimate interest as their legal basis for processing personal data. Meta is learning this the hard way.
Something ostensibly “good” (consumer privacy protection) could also be an antitrust violation. Weird world. Which is why data protection authorities and their antitrust counterparts must collaborate and compare notes.
Roughly three years after the Schrems II case invalidated Privacy Shield overnight – and with it the legal basis for data transfers between Europe and the US – the European Commission adopted its “adequacy decision” for the EU-US Data Privacy Framework.
There are certain privacy-related phrases companies use when they’re talking about their products that should make your antennae twitch. If you hear them, it’s a signal to ask questions.
There’s been such a deluge of data privacy-related news over the past few weeks – from the TikTok ban in Montana to the $1.3 billion GDPR fine against Meta in Europe – I hardly know what to focus on.
The FTC is proposing a series of modifications to its 2020 consent decree with Facebook (from the pre-Meta days) that would have a tremendous impact on how the company does business – including a “blanket prohibition” against monetizing the data of children under 18 across all of Meta’s services.
Apple’s ATT spurred Meta to shore up its ad platform and make it less vulnerable to future changes on other platforms – but that doesn’t change the fact that regulators remain ready and raring to crack down.
Although it’s not legally required, many websites in the US have started using cookie banners in a misguided attempt to protect themselves from lawyers who smell blood in the water.
Regulators have made it clear that they have their eye on how data flows between first parties and their partners – and that first parties are responsible for what happens when the data they collect is shared with others.