Email
Banner Image
qoute Image

Because consent has so many broader benefits for the business and not just monetization.

- Mario Lamaa, director of revenue operations at Immediate Media

Welcome to Snippets 👋 Microsoft subsidiary Xandr is facing potential fines after a complaint was filed alleging the company failed to fulfill users' right to access under GDPR, as well as the law's requirements around data use transparency.

Plus, Amazon is the latest tech giant to go under the microscope for compliance with the Digital Services Act, experts are weighing in on the privacy merits of Apple and Android's competing AI features, a significant security flaw was found in ChatGPT's desktop app, and more.


ADTECH PRIVACY

Microsoft subsidiary Xandr accused of GDPR breaches

Image

David Paul Morris/Bloomberg / Getty Images

A complaint was filed in Italy against Microsoft adtech subsidiary Xandr alleging multiple GDPR violations, including failing to fulfill users' right to access and using inaccurate data to build user profiles for targeted advertising.
  • In 2022, Xandr received 1,294 user requests to access their data, plus 600 more asking to have their data deleted. The company denied all of them.
  • Xandr justified this decision by stating that the data it holds is pseudonymous. However, the complaint dismissed that explanation as improbable, as Xandr’s business model relies on making individual profiles to entice advertisers.
  • Austrian privacy rights nonprofit, noyb, which is backing the complaint, urged the Italian DPA to levy fines of up to 4% of parent-company Microsoft’s annual revenue.
TRANSCEND NEWS

🎥 Get a ringside seat to the development of the EU AI Act

Hosted by Ron De Jesus, Transcend Field Trips aims to engage with fellow privacy leaders, understand their evolving needs amidst rapid industry change, and foster meaningful dialogue on pressing privacy issues.

In Episode 1, Ron spoke with Dan Nechita, Head of Cabinet to MEP Dragos Tudorache, co-rapporteur of the AI Act. Dan spoke on the unique challenges faced during negotiations over this law and shared his advice for privacy pros tasked with navigating AI governance for their companies.

DIGITAL SERVICES ACT

Amazon receives formal request for information regarding DSA compliance

Image

Dilara Irem Sancar / Anadolu via Getty Images

Last Friday, the European Commission sent Amazon a formal request for information (RFI) on how the company is working to comply with the Digital Services Act (DSA).
  • Amazon has been directed to provide information on its recommendation system and opt-out process by July 26.
  • If found to be in violation of the DSA's requirement that companies allow users to opt out of profiling for targeted ads, Amazon could be fined up to 6% of its global annual turnover.
  • This is the European Commission's latest move to crack down on Big Tech, previously having found Meta’s Pay-or-Okay model and Apple’s App Store policy in violation of DMA provisions.

AI VS AI

Experts weigh in on the Apple vs Android AI battle

Image

PHOTOGRAPH: NIKOLAS KOKOVLIS/GETTY IMAGES

With smartphones dominating the discourse since Apple’s foray into AI, experts are weighing in on how effective the company’s promised protections are, as well as how they compare to those offered by Android’s ‘hybrid AI’ systems.
  • By concealing the origin of AI prompts, Private Cloud Compute, Apple’s new cloud system, shields user data from all parties, including Apple itself.
  • While Android’s hybrid AI model provides a degree of security by running select processes locally, experts don't believe the system offers the same level of protection to data that exits the device.
  • In defense of their system, Android makers have cited the stringent security measures at Google’s data centers, AI functions that run natively, and the option for users to disable cloud AI capabilities.

IN OTHER NEWS
  • Meta’s EU Pay-or-Okay model found to be illegal.
  • Senate Commerce Committee to hold hearing on AI privacy.
  • Judge denies Peloton’s plea to dismiss privacy lawsuit.
  • Airbnb is turning a blind eye to the hidden cameras problem.
  • Nebraska joins the growing state privacy law patchwork.

SECURITY

Major security flaw found in ChatGPT’s desktop app

Image

The Verge

Users flagged a major security flaw in Open AI’s ChatGPT macOS app after discovering it was storing conversations in plain text form. 
  • A Threads user’s demo showed that text files could be accessed through a third-party app, meaning the data could be vulnerable to bad actors if they gained access to your computer.
  • Upon further investigation, it emerged that OpenAI wasn’t complying with Apple’s sandboxing requirements, as the app was only available through its own website.
  • The company has since acknowledged the flaw and released an updated version of the app.

NEW ROLE

Meet the Head of Consent

Image

Ivy Liu

With lawmakers piling on consent obligations for businesses, a new role could be emerging within the publishing industry: Head of Consent.
  • The position was one in a series of measures taken by News UK, a British subsidiary of American conglomerate, News Corp, to comply with mounting privacy demands.
  • In its job description for the role, the company said the chosen candidate would craft a “forward-thinking consent strategy” and collaborate across all business functions to oversee compliance.
  • Experts believe the measure reflects a shift in how publishers perceive privacy—no longer viewing it as a business expense, but rather as a risk management tool that can minimize costs.
TRANSCEND NEWS

A $12B FinTech’s Journey from OneTrust to Transcend

Join Jake Ottenwaelder, Principal Privacy Engineer at Integrated Privacy, and Gregory Jourdan, Lead Solutions Architect at Transcend, on July 24 at 9 AM PT to learn how a $12B financial services company successfully migrated from OneTrust to Transcend Consent Management.

We'll cover Jake’s step-by-step process for migrating from OneTrust to Transcend, the strategic benefits of shifting away from legacy privacy solutions, plus an inside look at Transcend's Consent Manager.

Transcend Horizontal Logo

Snippets is delivered to your inbox every Thursday morning by Transcend. We're the platform that helps companies put privacy on autopilot by making it easy to encode privacy across an entire tech stack. Learn more.

You received this email because you subscribed to Snippets. Did someone forward this email to you? Head over to Transcend to get your very own free subscription! Curated in San Francisco by Transcend.