noyb’s privacy complaint characterizes PPA as an improvement over traditional user tracking via cookies, but says that it is insufficient to meet GDPR standards.
The coalition suggests that if privacy regulators sign off on Meta’s ad-free scheme, it will immediately be adopted by every other service that monetizes via personalized advertising. That could undo a great deal of the work GDPR decisions have done.
The EU’s recent negotiated agreement over the A.I. Act is one of the world’s first comprehensive attempts to govern the use of AI. Enforcement won’t kick in until 2025, but IT leaders are already trying to stay ahead lest they risk falling behind.
A recent change to its EU terms of service and an email sent out to some ChatGPT users indicates that OpenAI is now formally under the watch of the Irish DPC in terms of its responsibility to EU data privacy regulations.
Fine imposed by the Norwegian data protection authority in August could be expanded to the entirety of the EU, subjecting Meta to extensive daily penalties until it makes big changes to tracking ads. Decision could potentially spark an EU ban.
Since the GDPR went into effect in 2018, Meta has done nearly everything possible to claim legitimate interest to avoid user consent for collecting personal information for targeted ads. The company appears to have finally reached the end of its rope in this area, though a recently announced changeover to a consent basis.
Meta has now lost that case in the EU's highest court, opening the door for other antitrust law investigations in the bloc to incorporate data privacy violations and frame them as part of a systemic abuse of market position.
The central objection raised is a predictable one, and one that some analysts believe will inevitably cause the EU-US data transfer proposal to fail yet another court challenge if it makes it to implementation: the lack of a federal-level data privacy law in the US.
A new paper from global law multinational DLA Piper lays out the case for a risk-based approach to GDPR international data transfers, arguing that the status quo is too onerous and that data exporters are suffering.
Losing Ireland "main establishment" status means that any national DPA in the EU could bring direct GDPR action against Twitter on behalf of its citizens without the standard collaborative process that ultimately funnels everything through the Irish DPC.