Privacy group Nyob has filed hundreds of complaints against companies that it accuses of deliberately making it difficult to opt-out of tracking cookies.  Nyob – which is led by privacy advocate Max Schrems – says companies are legally obligated to provide a "clear yes/no option" but have failed to do so since the introduction of the EU's General Data Protection Regulation (GDPR) in 2018.

More:

• Nyob developed an automated system that locates violations and files a complaint. Fines can reach €20M ($24.3M) or 4% of a company's revenue.
• Marketing groups have blamed the EU's privacy rules for creating this issue.
• Nyob said it will provide draft complaints to Europe's 10,000 most popular websites and share instructions on how to change settings. It will file a formal complaint against any site that doesn't cooperate within a month.
• There have been calls for cookies to be replaced, and Google has begun to stop support for them on its Chrome browser due to privacy concerns.

Mobile payment app Venmo has added new privacy features after Buzzfeed reporters were able to find President Joe Biden's personal account within 10 minutes. Users will now be able to set their friends list public, visible to friends, or private. They can also control if they want to appear in other users' friend lists.

More:

• Venmo's default option will continue to make the friends list public, hence users will have to adjust their settings.
• Reporters also found the personal accounts of Biden's children and grandchildren.
• The changes address a key privacy hole that existed in Venmo for years, as there was previously no way for users to make their friends list private.

It's looking unlikely that Congress will pass a national data privacy law as lawmakers haven't held any hearings, and none are currently scheduled, recaps Politico’s Alexandra Levine. Both parties believe there should be limits on what data companies can take, and users should be given control over how and whether it can be shared. There's bipartisan agreement that companies should be transparent over how the data will be collected and used.

More:

• As states such as California introduce new privacy laws and COVID-19 related scams increase, pressure continues to mount on Congress.
• The tech industry has lobbied lawmakers to establish a national data privacy law to ensure easier compliance.
• There was hope President Biden would prioritize data privacy, however, he has been slow to appoint individuals to fill key positions such as the chair for the Federal Trade Commission.
• One potential reason for the lack of progress is lawmakers are focused on protecting American citizens' data from the Chinese government.

Not waiting on U.S. Congress, the Colorado Senate unanimously passed SB21-190 last week, which could make it only the third state to pass a data privacy law behind California and Virginia. The bill would go into effect in July 2023 and enable users to block companies from tracking specific information such as the websites they visit. Users would also be able to deny them access to sensitive information, including health conditions.

More:

• Companies would have to be transparent about what data they'll aggregate and how long it will be stored.
• Privacy groups have said the bill isn't sufficient, while businesses have expressed compliance concerns due to different regulations in various states.
• What's next: The bill must clear the House before Gov. Jared Polis can sign it. It's attracted bipartisan support in the House but must be passed before the Colorado Legislature closes on June 12

WhatsApp announced users who don't accept its new privacy policy won't lose functionality, backtracking a previous announcement. Last month, WhatsApp warned users would gradually lose functionality if they didn't accept the changes by May 15.

More:

• The new policy sparked fears that WhatsApp would share more personal data with its parent company Facebook. WhatsApp has denied this claim.
• The company revealed the new changes had been accepted by most users who have seen the update. WhatsApp said it would continue to issue periodic reminders to users who haven't accepted the new policy.
• Countries such as India, which is WhatsApp's largest market, have urged the company to remove the new policy.

EU Justice Commissioner Didier Reynders revealed the bloc is trying to accelerate rulings for time-sensitive data privacy investigations. Reynders cited an April data leak of more than 500 million Facebook accounts, including his own, as an example of a case he feels should be prioritized.

More:

• Last year, the EU's Court of Justice nullified Privacy Shield, the EU-U.S. data sharing agreement. However, Reynders is optimistic a new agreement could be reached within months.
• If the U.K. amends its data protection standards, Reynders warned the EU could reverse its decision to move its data there.
• He rejected his predecessor Viviane Reding's suggestion that the enforcement mechanism in the bloc's privacy code needs to be reformed.

Several privacy groups filed complaints across Europe against facial recognition company Clearview AI. Clearview takes photos from public websites and has built a database of more than three billion images. It sells access to the database to law enforcement and private agencies.

More:

• The groups say Clearview's methods violate European privacy laws, and they filed complaints in Austria, France, Greece, Italy, and the U.K.
• Last year the U.K. and Australia launched a joint privacy investigation into Clearview's data collection practices.
• In February, Canada's privacy commissioners declared Clearview's methods to be illegal.

other privacy news:

• Automakers such as BMW, Daimler, and Ford have established centers in China to store data locally as they face greater scrutiny from the government.
• German food delivery service Lieferando has been accused of violating privacy laws by illegally tracking and collecting workers' personal data.
• A European human-rights tribunal ruled the U.K. violated its privacy laws after it engaged in a largescale interception of online communication, following leaks by whistleblower Edward Snowden.
• Foreign tech giants such as Facebook, Twitter, and LinkedIn are in full or partial compliance with India's new IT rules according to TechCrunch.