Hello all, and happy Thursday!
This week, Firefox rolled out a new feature that follows the major trend in browsers: blocking the functionality of third-party cookies by default.
I wanted to draw attention to this for a few reasons. First, it demonstrates that data privacy truly is becoming a cornerstone of the next generation of the internet. The major technologies that underpin how users interact with the internet are baking privacy principles into their design, and while Big Tech is also developing new ways to collect and process data, these methods aren’t quite as invasive, blatant, and widespread as they were in the past.
Second, this story is an opportunity to clarify a common misconception I’ve run into when speaking with professionals outside of the privacy world. When people hear about Mozilla Firefox or Google Chrome blocking third-party cookies, they often misinterpret this to mean that all cookies are going away forever. If this were true, a great deal of the internet would cease to function in the manner we’ve grown accustomed to.
You may have interacted with consent banners (perhaps an Osano banner!) that provide you with the option of accepting only “necessary cookies.” Some cookies are necessary for you to log into your account, add products to your cart, and so on.
Third-party cookies are a narrow category of cookies that are especially egregious in terms of user privacy. But that doesn’t mean first-party cookies or other data trackers can’t violate your privacy. They can! That’s why data privacy regulations require businesses to inform website visitors when they use data trackers (including first- and third-party cookies) and give them the option of opting in or out of that data collection.
If you’re not familiar with how various data trackers like cookies function, we’ve put together a helpful blog post on the subject.
Best,
Arlo
EDPB resolves dispute on transfers by Meta
The European Data Protection Board (EDPB) has resolved a dispute over data transfers with the technology company Meta, The EDPB decided that Meta inappropriately relied on contract as a legal basis to process personal data in the context of Facebook’s Terms of Service and Instagram’s Terms of Use for the purpose of behavioral advertising
Firefox rolls out Total Cookie Protection by default to more users worldwide
Mozilla's Firefox web browser has implemented "total cookie protection" as the default setting for all users worldwide. The feature prevents websites from accessing cross-site tracking cookies and improves privacy protection for users, although first-party cookies are still allowed.
Where parental snooping is becoming the law
State lawmakers across the US are drafting and passing bills that create new guardrails for social media platforms and kids. Some states, such as Maryland and California, are proposing laws that would require parental oversight of children’s social media accounts. Privacy groups and children’s mental health advocates, however, are concerned that such laws could create real-life harm for children, as parents could see online discussions on a range of subjects including sexual abuse, reproductive rights and parental abuse.
UK Data Protection Law reform: Battle lines drawn?
The UK’s Data Protection and Digital Information Bill has passed its second reading in the House of Commons, moving into the committee stage for detailed scrutiny. The Bill is intended to provide a business-friendly regime for data regulation, with the intention of maintaining adequacy following the enactment of the Bill.
WhatsApp and other messaging apps oppose 'surveillance'
WhatsApp, Signal, and other messaging service providers have written an open letter to the UK government to express concerns over the Online Safety Bill (OSB). The bill could lead to an end to end-to-end encryption, a measure that would weaken the encryption standard and enable companies to more easily monitor messages sent via their platforms.
Vietnam decree details personal data protections
Vietnam's government issued a new decree on personal data protection that outlines regulations for the collection, storage, processing, and use of personal data by individuals and organizations. The new decree will take effect on July 1, 2023.
DSA enforcement: Commission launches European Centre for Algorithmic Transparency
The European Centre for Algorithmic Transparency (ECAT) is being inaugurated in Seville, Spain by the Commission's Joint Research Centre. ECAT will provide technical and scientific expertise to ensure that algorithmic systems used by social media and search engines comply with risk management, mitigation, and transparency requirements in the Digital Services Act (DSA).
Osano Blog: Keeping Privacy Top of Mind at 2023’s Global Privacy Summit
The Osano team had a blast at the IAPP’s 2023 Global Privacy Summit. Check out what insights we gleaned from Osano’s very own Head of Privacy, Rachael Ormiston, in this blog post.
If you’re interested in working at Osano, check out our Careers page! We might have the perfect opportunity for you.