Privacy Law Update: December 20, 2021
Parliament gave its green light to begin negotiations with member states on rules setting out what big online platforms will be allowed to do and not do in the EU. The Digital Markets Act (DMA) proposal blacklists certain practices used by large platforms acting as “gatekeepers” and enables the Commission to carry out market investigations and sanction non-compliant behaviours. The text approved by Parliament with 642 votes in favour, 8 against and 46 abstentions sets new obligations and prohibitions directly applicable to such platforms, with a view to ensuring fair and open markets.
The California Privacy Protection Agency published the public comments from its stakeholder consultation on California Privacy Rights Act regulations. The comment periods were conducted Sep. 22 to Nov. 8 and broken up into four sections. The CPPA intends to have additional informational hearings to gather more feedback toward its rulemaking process. Formal rulemaking activities will begin at the conclusion of the agency’s fact gathering, which has no set timetable.
Mozilla has expanded its implementation of Global Privacy Control (GPC) to all users after rolling it out on a limited basis in October. The feature — which tells websites not to sell or share your personal data — was only available in Firefox Nightly, their pre-release channel. GPC will be available for all Firefox users to turn on if they wish to. Unfortunately for most US users, this feature may not have much effect. The GPC is required under the California Consumer Protection Act (CCPA) and Europe’s Global Data Protection Regulation (GDPR), as well as Colorado’s privacy law, but no other states have laws that will enforce it.
As the debate rages on regarding whether the U.S. Federal Trade Commission should or could begin rulemaking on privacy, the commission has signaled it is not willing to wait for a consensus. On Dec. 10, the FTC filed an Advanced Notice of Proposed Rulemaking with the Office of Management and Budget that initiates consideration of a rulemaking process on privacy and artificial intelligence.
State lawmakers are considering a bill that’s meant to protect data of Ohioans. The legislation spells out who can access data and how they can do it. But the bill has been put on hold right now.
Third-party cookies have long been “the glue that holds together the independent ad tech world.” Far surpassing their original purpose of giving “memory” to websites, these cookies are heavily relied upon by marketers to analyze and track online users. Indeed, cookie-based targeted advertisements are the reason why websites can sustain their “free” business models. But what’s good for industry has not been good for user privacy—and the tide is starting to turn.