The Privacy Corner

Send us a text

📢 Privacy Corner Newsletter: May 8, 2025

🔹 Meta’s Court Challenge Rejected – The EU’s General Court dismissed Meta’s attempt to annul the EDPB’s 'consent or pay' opinion, stating it lacks binding legal effect. Meta also failed in its claim for compensation.

🔹 Todd Snyder Fined $345K Under CCPA – A broken cookie consent mechanism and excessive ID verification led the California Privacy Protection Agency to fine fashion retailer Todd Snyder and demand major privacy practice changes.

🔹 EDPB Approves Short-Term UK Adequacy Extension – The Board endorsed...

Send us a text

📢 Privacy Corner Newsletter: April 24, 2025

🔹 EU Fines Meta & Apple Under DMA – 

The European Commission hits Meta with a €200M fine and Apple with €500M for violating the Digital Markets Act. This challenges the future of “consent-or-pay” models across Europe.

🔹 UK Law Firm Fined Over Ransomware Handling –

ICO fines a UK law firm £60,000 for poor response to a ransomware incident. The breach left sensitive data inaccessible reaffirming that loss of availability is a serious privacy violation.

🔹 NOYB Criticizes GDPR Refor...

Send us a text

Privacy engineering is a growing field that requires a blend of regulatory knowledge and technical skills. Privacy engineers are tasked with collaborating across privacy and engineering teams to ensure compliance while maintaining technical excellence.

In this panel, experienced privacy engineers share how they built their expertise, overcame organizational challenges, and delivered tangible value across both privacy and engineering teams. Gain insights into how privacy engineering drives ROI while ensuring privacy compliance in a fast-evolving tech landscape.

Speakers: 
➡️ Alon Levy, Engineering Manager, Uber
➡️ Luke Oglesbee, Senior Software Engineer, Remitly

Send us a text

Privacy fines in adtech are skyrocketing, with regulators targeting non-compliant data sharing between marketers and partners. Many businesses still rely on outdated tracking methods, exposing them to legal and financial risks.

This panel shares the latest enforcement trends, the biggest compliance gaps in marketing data practices, and how privacy teams can enforce technical controls to mitigate risks. Learn actionable strategies to align adtech with evolving privacy laws and avoid regulatory penalties.

Speakers: 
➡️ Robert Bateman-Data Protection Consultant at KnowData Ltd, 
➡️ Daniel Goldberg-Partner, Privacy & Security Attorney at FKKS, 
➡️ Andrea Wheeler...

Send us a text

Privacy Corner Newsletter: April 10, 2025

🔹 EU Advocate General Backs Conditional Consent –

A new opinion from the EU’s top legal advisor says offering a newsletter in exchange for personal data can be lawful, as long as users are informed and the service is genuinely optional.

🔹 CCPA Narrows Scope of ADMT Rules –

California’s privacy regulator has clarified that targeted advertising does not count as automated decision-making under the CCPA, easing compliance pressure on businesses that rely on behavioral data.

🔹 UK Justice Ministry Develops Predictive Policing Tool –<...

Send us a text

▶ UK ICO Investigates TikTok, Reddit & Imgur – 

The UK’s privacy regulator is investigating TikTok’s content recommendations for minors and Reddit and Imgur’s age verification measures, signaling a crackdown on children’s data protection.

▶ CJEU Clarifies ‘Meaningful Information’ in AI Decisions – 

The EU’s top court ruled that companies using automated decision-making must provide clear, intelligible explanations of how personal data influences outcomes, even if trade secrets are involved.

▶ California AG Targets Location Data Sharing – 

The California Attorney General is probing mobile apps, ad networks, and data b...

Send us a text

As AI and LLMs become deeply embedded in products, privacy leaders must move fast to address privacy, security, and ethical risks.

In this episode, industry experts share their hands-on strategies, lessons learned, and best practices for:
✅ Building AI governance frameworks that scale
✅ Managing compliance with GDPR, CCPA, and emerging regulations
✅ Addressing security risks in AI-driven products
✅ Navigating ethical challenges in automated decision-making
✅ Mitigating third-party risks and vendor accountability

🎙 Featuring:
🔹 Henri Kujala – Global Head of Privacy by Design, Vodafone
🔹 Jon Adams – Senior Director, Legal (AI + Data), Link...

Send us a text

Leading privacy experts discuss why trust-based compliance is no longer enough and how product-driven privacy is the key to scalable compliance.

Here's what the Keynote covers:

🔹 Why teams can no longer rely on trust-based privacy mechanisms

🔹 How product privacy management enables evidence-based privacy and compliance at scale

🔹 Lessons from HP & Grindr on moving to evidence-based privacy

🔹 Privado.ai’s roadmap and vision for product privacy management

Huge thanks to Aaron Weller, Kelly Peterson, Vaibhav Antil, Prashant Mahajan for 

Send us a text

Privacy Corner Newsletter: February 13, 2025

🔹 EU’s AI Act Guidelines Clarify Compliance Risks – 
The European Commission releases two sets of AI Act guidelines, breaking down the definition of AI systems and outlining nine prohibited AI practices, including emotional manipulation and biometric categorization.

🔹 UK’s Secret Demand for Apple’s Encrypted Data – 
The UK government issues a confidential order under the Investigatory Powers Act, demanding Apple create a backdoor for accessing encrypted iCloud data, sparking concerns over user privacy and global implications.

Send us a text

Privacy Corner Newsletter: Jan 30, 2025
By Robert Bateman and Privado.ai

In this edition:

▶ UK Court Ruling: Invalid Consent in Gambling Case
A UK gambling firm unlawfully tracked users for marketing, despite their supposed consent. The court ruled that consent must be informed, freely given, and valid, emphasizing the importance of assessing users’ ability to provide meaningful agreement—especially in vulnerable groups.

▶ Google’s RTB System Accused of Sharing Data with China & Russia
A new complaint...

Send us a text

Privacy Corner Newsletter: Jan 16, 2025

In this edition:

▶ European Commission must pay damages for Facebook Login feature violation

▶ Texas sues Allstate under new privacy law for illegal data collection

▶ CJEU rules gender data collection not lawful for personalization under ‘contract’ basis

Send us a text

Privacy Corner Newsletter: January 2, 2025

In this edition:

▶ OpenAI faces penalties for GDPR breaches linked to ChatGPT, including transparency failures and inadequate age verification.

▶ California Privacy Protection Agency settles with two more data brokers
PayDae and The Data Group fined for failing to register under California’s Delete Act, with further enforcement anticipated.

▶ Google will permit device fingerprinting starting February 16, 2025, despite ICO objections.

Before we wrap up…

Privado.ai is thrilled to announce Bridge 2025: A Technical Privacy Summit, happening virtually from February 5...

Send us a text

Privacy Corner Newsletter: December 19, 2024

In this edition:

The Irish DPA fines Meta €251 million over a 2018 data breach, the Dutch DPA fines Netflix €4.75 million for transparency failings, and the French DPA cracks down on non-compliant cookie banners.

▶ Irish DPA fines Meta €251 million over 2018 data breach
The fine follows a breach affecting 29 million Facebook accounts. The DPC found violations of GDPR’s data protection by design, breach reporting obligations, and more.

▶ Dutch DPA fines Netflix €4.75 million for transparency failures
Netflix failed...

Send us a text

Privacy Corner Newsletter: Dec 5, 2024

In this edition:

The FTC proposes orders targeting sensitive data misuse, Australia bans kids from social media, and noyb gains new powers for collective GDPR actions.

▶ FTC targets sensitive location data misuse in proposed orders:
Gravy Analytics and Mobilewalla face sanctions for selling sensitive location data, including segments like “New Parents” and “LGBTQ+ Community.”

▶ Australia bans kids from social media and reforms privacy laws:
New laws require stricter age verification, ban accounts for under-16s, and introduce a tort for serious...

Send us a text

Privacy Corner Newsletter: November 21, 2024

▶ German Court Opens the Door to Mass Data Breach Lawsuits:

Germany’s Federal Court rules that "loss of control" over personal data qualifies for damages under GDPR Article 82—no proof of distress or financial loss required.

▶ Meta’s ‘Unskippable Ads’ Solution Gains EDPB Attention

Meta launches a free tier with ads using minimal data and unskippable formats in response to EU demands.

▶ Cyber Resilience Act Imposes New Rules on Digital Products

The EU’s Cyber Resilience Act sets strict cybers...

Send us a text

Privacy Corner Newsletter: November 7, 2024

In this edition, we dive into the latest updates on GDPR fines, data broker enforcement, and the EU-US Data Privacy Framework review:

▶ Ireland fines LinkedIn €310 million, six years after a complaint—with full EDPB support:
The Irish DPC issues a €310 million fine against LinkedIn for GDPR violations, marking a significant shift in enforcement under new leadership.

▶ California prepares for a data broker enforcement sweep:
The California Privacy Protection Agency targets non-compliant data brokers, enforcing new registration and deletion requirements under the Delete Act...

Send us a text

Privacy Corner Newsletter: October 24, 2024

This week, we dive into the UK’s resurrected data reform bill, ePrivacy Directive guidelines, and a new complaint against Pinterest. 

▶ Back from the Dead: Comparing the UK’s New and Old Data Reform Bills

The UK has introduced a new Data (Use and Access) Bill (DUAB), which incorporates several proposals from the previously scrapped Data Protection and Digital Information Bill (DPDIB). The DUAB revives and reshapes key provisions, such as legitimate interests and cookie consent exemptions, while dropping several controversial aspects...

Send us a text

Privacy Corner Newsletter: October 10, 2024

▶ Court ruling on credit card data: The UK tribunal rules that credit card numbers alone may not always qualify as personal data, challenging the ICO’s interpretation. This decision could reshape how companies assess their data protection obligations after a breach. How will this impact your approach to classifying sensitive data?

▶ EDPB clarifies processor responsibilities: New guidance outlines the extent to which controllers are accountable for sub-processors. Critical insights for your GDPR compliance strategy.

▶ CJEU redefines legitimate interest: A com...

Send us a text

Privacy Corner Newsletter: September 26, 2024

This week’s Privacy Corner highlights key developments in EU data protection:

▶ French CNIL: New guidelines set to affect over 10,000 mobile app developers; enforcement sweep scheduled for Spring 2025.
▶ UK ICO: Issued a reprimand to SkyBet, marking their most significant cookie action to date; 99% of top websites now comply with cookie regulations.
▶ EU Advocate General: Emphasized the need for clear and concise explanations of automated decisions; data sub...

Send us a text

Privacy Corner Newsletter: September 5, 2024

This newsletter covers key privacy developments, including:
▶ Uber's €290 Million GDPR Fine: The Dutch DPA fined Uber for failing to use appropriate safeguards when transferring personal data from its EU entity to the US, despite Uber's claim it wasn't necessary. This case highlights the confusion around international data transfers under GDPR.
▶ Swedish Pharmacies Fined for Using Meta Pixel (Even with Consent): These pharmacies demonstrate that getting user consent for tracking isn't enough. Organizations must also implement proper security measures and assess risks before using tracking tools.
▶...

Send us a text

Privacy Corner Newsletter: August 15, 2024

Top Stories: 🚀 

▶ Meta Challenges EDPB's "Consent or Pay" Opinion: Meta is suing the European data protection authorities over their opinion on "consent or pay" models, arguing it violates EU law.
▶ US Sues TikTok for Children's Privacy Violations: The US Department of Justice accuses TikTok of illegally collecting and using personal data from children under 13.
▶ The UK Information Commissioner's Office proposes a multi-million dollar fine against a data processor for a security breach.

Send us a text

Privacy Corner Newsletter: August 1, 2024

Top Stories:
▶️ Google Backtracks on Cookie Ban: Privacy Concerns or Regulatory Pressure? We explore Google's reversal on phasing out third-party cookies and the potential reasons behind it.
▶️ FTC Clarifies: Hashing Doesn't Anonymize Data The FTC reminds companies that masking data with hashing doesn't guarantee anonymity.
▶️ New York Pushes for Strict Tracking Regulations: But What's the Law? New York's Attorney General issues guidance on online tracking compliance, raising questions about legal grounds.

Send us a text

Privacy Corner Newsletter: July 18, 2024

Top Stories:

Send us a text

This Week's Privacy News:

US Privacy Update:
Comprehensive privacy laws in Texas and Oregon are now in effect.
Colorado's privacy law's opt-out mechanism for targeted ads is now active.
Federal privacy law seems unlikely in the near future.

Meta in Hot Water:
The EU is investigating Meta's "pay-or-OK" policy under the Digital Markets Act (DMA) for potentially violating user consent.
A potential fine of up to 10% of global turnover is on the table.

Grindr Loses GDPR Battle:
The dating app must...

Send us a text

This Week in Privacy: Stalled Law, Meta's AI U-Turn, and Snap Appeasement

This edition of the Privacy Corner Newsletter dives into three key privacy headlines:

- Vermont's ambitious privacy bill, H.121, gets vetoed due to concerns about its impact on businesses. The bill included strong consumer rights and data minimization requirements.
- Meta delays its plan to train AI models on user posts following intervention from the Irish DPC. Privacy group noyb claims a "preliminary win" due to their complaints.
- The UK ICO reveals why it...

Send us a text

This Week's Privacy News Roundup: GDPR, Privacy Sandbox, and Child Data Protection

This week's Privacy Corner dives into key data privacy developments:

- UK Court Considers EU Law in GDPR Case: A UK court judgement clarifies the "household exemption" and "right of access" under the UK GDPR, referencing relevant EU law.
- Noyb Challenges Google Chrome's Privacy Sandbox Consent Flow: Privacy group noyb argues Google's method of obtaining consent for Topics ad targeting violates the GDPR.
- New York Enacts Strict Child Data Protection Act: New York...

Send us a text

This week's Privacy Corner dives into several data privacy battles:

- EU privacy group noyb filed complaints against Meta alleging its AI training policy violates GDPR rules on transparency, data subject rights, and lawful processing.
- Noyb also targeted Microsoft, accusing them of misleading schools about their role in data processing for Microsoft 365 Education products and secretly tracking student data.
- The Australian privacy regulator dropped its investigation into TikTok's use of tracking pixels due to limitations in the outdated Privacy Act, but launched proceedings against healthcare provider Medibank...

Send us a text

Privacy Corner Newsletter Summary

This week's newsletter covers several key privacy topics:

- EDPB vs OpenAI: The European Data Protection Board (EDPB) is investigating OpenAI's ChatGPT software to ensure it complies with GDPR regulations.

- UK's GDPR reforms are dead: The UK's attempt to reform data protection laws has stalled due to upcoming elections. The proposed changes, including a new "recognized legitimate interests" legal basis and relaxed data subject rights, are unlikely to be revived soon.

- Irish DPC's 2023...

Send us a text

This week's newsletter covers developments in AI regulation, enforcement actions by the ICO, and updates on the APRA draft.

Key takeaways:

Send us a text

This week's Privacy Corner dives into the latest data privacy developments:

🇬🇧 US: Maryland and Vermont passed groundbreaking privacy laws with strong data minimization requirements and a private right of action in Vermont (similar to California's CCPA).
🇬🇧 UK: The ICO is seeking views on how to uphold data subject rights in generative AI but avoids the right to rectification challenge.
🇪🇺 EU: The European Commission is investigating Meta (Facebook & Instagram) under the Digital Services Act (DSA) for potentially harming children and failing to meet age verification requirements.

Send us a text

This Week in Privacy: AGs Block US Privacy Bill, China Blamed for UK Hack, Finnish Retailer Fined Heavily

US: Attorneys General from 15 states oppose the American Privacy Rights Act (APRA) due to concerns about preemption of state privacy laws.
UK: Government suspects China of a cyberattack on the military payroll system, exposing names and bank details.
Finland: Data Protection Authority fines online store €856,000 for requiring account creation and indefinitely storing customer data.

Send us a text

This week's Privacy Corner newsletter covers a range of important topics:

Send us a text

In this week’s Privacy Corner Newsletter:

Send us a text

In this week’s Privacy Corner Newsletter:

Send us a text

Privacy News Roundup by Robert Bateman

California just released stricter guidelines for businesses. They can't ask for unnecessary personal info when you request access to your data. 

Google agreed to delete billions of browsing records following a lawsuit claiming "Incognito Mode" wasn't truly private. 

The UK is prioritizing children's online privacy! They'll be checking social media platforms like Facebook & YouTube to ensure they comply with child protection laws. 

Send us a text

In this episode of The Privacy Corner, we cover three major privacy news from this week:

First, WorldCoin, a digital identity and cryptocurrency project by Sam Altman, faces legal challenges in Portugal and other countries due to its biometric data processing practices. 

Second, the UK attributes a significant data breach of the Electoral Commission and an attempted cyber attack on its parliamentarians to China, raising concerns about national security. 

Third, the FTC releases a report showcasing its vigorous privacy and security enforcement activities in 2023, including notable cases an...

Send us a text

Join us for a special episode of the Privacy Corner as Robert Bateman, Data Privacy Expert, hosts Keir Lamont, Director for U.S. Legislation at the Future of Privacy Forum, on the My Health My Data Act, scheduled to take effect in Washington on March 31, 2024, for regulated entities.

This legislation stands as one of the most comprehensive and significant privacy laws enacted in the United States that explicitly aims to protect consumer health data.

Lamont shares his expert insights on how this law integrates into the broader framework of...

Send us a text

This week's episode of The Privacy Corner, with Robert Bateman and sponsored by Privado AI, covers three major privacy-related developments. Firstly, the OCR's updated guidance on tracking technologies for HIPAA covered entities, emphasizing strict regulations to avoid disclosing Protected Health Information (PHI) to vendors like Facebook and Google. Secondly, the Belgian DPA's decision supporting the use of legitimate interests in AI model training by analyzing a case involving Bank Y's discount scheme and the handling of transaction data. Lastly, the ICO's enforcement notice to the UK Home Office for failing to conduct a...

Send us a text

In this episode of Privacy Corner, Robert Bateman discusses three major privacy-related developments. Firstly, the EU AI Act has been passed by the parliament, detailing the gradual enforcement of prohibited AI practices, general purpose AI system rules, and high risk AI system obligations. Secondly, Kentucky has passed a comprehensive privacy law, similar to Virginia's, encompassing data processing guidelines, consumer rights, and GDPR-inspired principles. Lastly, the European Commission has been sanctioned under data protection law for its use of Microsoft 365, highlighting issues in data processing agreements and data transfers. 

Send us a text

In this episode of The Privacy Corner, Robert Bateman highlights the week's top privacy developments. He discusses a complex CJEU case related to the Transparency and Consent Framework in digital advertising, highlights bold statements from the FTC on privacy and data collection following significant enforcement cases, and examines the ICO's call for views on 'consent or pay' models. The episode covers the implications of these developments for data privacy and the responsibilities of companies in handling personal data.