For its part, Google released a statement explaining analytics and saying, in part, that it applies numerous safety measures to protect data transferred outside of the EU. "Our infrastructure and encryption is designed to protect data and safeguard it from any government access."
What's a company to do? I don't know yet. But as this story plays out, I'll keep you updated. I promise!
For now, enjoy a round-up of this week's major privacy news, and I'll see you next week!
This week's top privacy news
Austrian data protection authority rules site's use of Google Analytics violates GDPR
Austria’s data protection authority has found that a website using Google Analytics (and thus exporting its visitors’ data to the U.S.) violated the EU’s GDPR. The regulator said the IP addresses are considered personal data. Despite Google’s assertion that it implemented protections for data, such as such as encryption-at-rest in its data centers, the Austrian regulator said he did not find “sufficient safeguards had been put in place to effectively block U.S. intelligence services from accessing the data, as required to meet the GDPR’s standard,” TechCrunch reports.
FTC threatens to enforce again organizations that neglect to patch Log4j
On Dec. 9, a vulnerability in Log4j disrupted organizations around the globe. A vulnerability in the widely used logging tool for the popular Java programing language allowed attackers to remotely gain control of a device or system using the utility. It’s been over a month, but “the crisis shows no sign of abating,” Brookings Institution reports. Because the U.S. doesn’t have broad rules on how to handle the risk, the Federal Trade Commission has told companies they have a legal duty to take “reasonable steps to mitigate.” It also threatened to come down on companies that fail to do so, citing its $700 million settlement with Equifax in 2017 when it failed to patch a known security risk.
German telecom law contains new rules on tracking cookies
On Dec. 1, 2021, Germany passed the Telecommunications-Telemedia Data Protection Act. The law regulates services like email and messaging services and codifies into national law that organizations deploying tracking technologies must gain consent – regardless of whether the data is processed. Here’s what you need to know about how the rule applies to cookies.
US lawmakers introduce TLDR Act
The Washington Post reports that a bipartisan group of lawmakers has introduced legislation that would require websites to make their terms of service agreements easy for users to digest. There’s plenty of data suggesting users don’t read a website’s terms before agreeing to them. They’re long and filled with legalese. But the TLDR Act would require sites to display a “summary statement” that not only discloses their terms in an “easy to understand” manner but also whether they’ve had a data breach recently and what sensitive personal data they collect.”
VR headsets are fun, but could help your employer spy ... so
The Washington Post reports on virtual reality headsets, which pundits say will become part of everyday working life within the next few years. But a headset can collect more data about the person wearing it than the average computer screen can, which gives “companies more opportunities to take and share that data for profiling and advertising.” The Washington Post reports that it could provide both employers and the government the ability to monitor behavior.
Upcoming webinar: How to build a privacy program
It can be a daunting task to be assigned "privacy" at your organization. Depending on the resources and budget your company is willing to spend, there's not a one-size-fits-all checklist to follow. But there are steps you can take – whether you're an office of one or at a later stage on the privacy maturity spectrum – toward building a sophisticated and agile privacy program. This free webinar features three privacy experts who've built their own programs to give you some concrete strategies and actions items you can take whether you're a beginner or advanced.
Register for Webinar