The Data Drop News for Friday, January 28, 2022
Updated: Feb 8, 2022
Does Google Analytics Violate the GDPR? Lawmakers Plan Legislation to ‘Ban Surveillance Advertising’. Judge rejects Facebook's request to dismiss FTC antitrust complaint. RS will require taxpayers to sign up with ID.me to access their online accounts. Europe's top privacy regulator calls for ban on political microtargeting. Startpage Search Engine launches Privacy Protection extension. Plus, the latest in privacy-enhancing technology.
Pro tip: listen to The Data Drop at the gym, car, or while walking the dog by subscribing to our podcast. Data pros can also join the Node Zero community to access, query and bookmark our global dataset of stories from our Privacy Newsfeed tool.
Does Google Analytics Violate the GDPR?
A decision by Austria’s data protection watchdog upholding a complaint against a website related to its use of Google Analytics does not bode well for use of US cloud services in Europe. The decision raises a big red flag over routine use of tools that require transferring Europeans’ personal data to the US for processing — with the watchdog finding that IP address and identifiers in cookie data are the personal data of site visitors, meaning these transfers fall under the purview of EU data protection law.
Lawmakers Plan Legislation to ‘Ban Surveillance Advertising’
The Banning Surveillance Advertising Act has been introduced by US Congressional representatives Anna G. Eshoo of California, Jan Schakowsky of Illinois, and Sen. Cory Booker of New Jersey. The legislation would target the underlying practice of targeted or personalized ads that facilitates surveillance-based advertising itself.
Judge rejects Facebook's request to dismiss FTC antitrust complaint
A US Federal judge has ruled that antitrust officials can continue their case to break up Meta, Facebook's parent company. The decision deals a blow to the social media giant, which had argued the complaint should be dismissed. The decision allows federal prosecutors to try to prove their allegations that Meta has illegally abused a monopoly in the marketplace for social media — and that its subsidiaries Instagram and WhatsApp should be spun off.
IRS will require taxpayers to sign up with ID.me to access their online accounts
Starting this summer, taxpayers wanting to access their online accounts on IRS.gov will soon be required to take a selfie and verify their identity with ID.me. Existing online accounts with IRS.gov, which require only an email and password to access, will no longer work as of the middle of 2022, the agency says. The IRS says the move is necessary to protect taxpayers from potential identity theft, but privacy advocates say it's invasive and point out that the company behind ID.me has a spotty record in verifying people's identities.
Europe's top privacy regulator calls for ban on political microtargeting
The European Union’s chief privacy and data protection regulator has urged EU policymakers to strengthen proposed ‘transparency’ rules for political ads — calling instead for meaningful limits that would fully ban microtargeting for political purposes. The European Data Protection Supervisor stated: "“Political communication is essential for citizens, political parties and candidates in order to fully participate in democratic life. To preserve our democracy, we also need strong rules to combat disinformation, voter manipulation and interferences with our elections."
Apple patches Safari bug that leaked user data
Apple has pushed iOS 15.3 RC and macOS Monterey 12.2 RC to developers and beta users as part of a plan to fix a Safari flaw that leaked browsing history and some Google data. This follows recent news that cybersecurity researchers from FingerprintJS had found a problem in an Apple API - IndexedDB, used to store data in the browser.
Congressional Drunk Driver Detection Mandate Raises Privacy Questions
In 2021, the US Congress has mandated that starting later this decade, all cars must have a built-in ability to detect drunk drivers and to disable their cars. However, Congress left the Department of Transportation wide latitude to figure out how best to implement such a technology, creating a very real potential that we’ll end up with a system that could be a privacy disaster. The measure was included in the $1.5 trillion infrastructure bill signed by President Biden and says that vehicles must be equipped with “advanced drunk and impaired driving prevention technology."
NSA Can Now Order Other Agencies to Fix Their IT Systems
US President Joe Biden has signed a national security memorandum granting new authorities to the National Security Agency to order updates and fixes to national security systems through binding directives modeled after those employed by the Cybersecurity and Information Security Agency. The new memorandum sets out a schedule for updating policies and plans on zero trust, multifactor authentication and cloud security. The document also sets out requirements for encryption of classified systems, with a focus on transitioning to quantum-resistant encryption standards.
The memo calls for new guidance on minimum security standards for national security systems in the cloud to be developed and published within 90 days of its issuance.