noyb
Filter by...
-
Firefox tracks you with “privacy preserving” feature
EDRi member noyb filed a complaint against Mozilla for quietly enabling a supposed “privacy feature” (called Privacy Preserving Attribution) in its Firefox browser. Contrary to its reassuring name, this technology allows Firefox to track user behaviour on websites
Read more
-
Open letter: EU Data Protection Board must acknowledge the Commission’s additional concerns about ‘Consent or Pay’
On 15 April, EDRi, noyb, Access Now and 20 consumer and digital rights organisations sent an open letter to the European Data Protection Board (EDPB) ahead of the EDPB’s decision on Meta’s “Pay or Okay” model.
Read more
-
Open letter: Digital rights advocates unite against Meta’s “Pay or Okay”. Privacy and data protection are NOT for sale
In response to three Data Protection Authorities (DPAs) requesting a European Data Protection Board (EDPB) opinion on Meta's 'Pay or Consent' approach, Access Now, the EDRi office and other EDRi members have united in an open letter urging the Board to reject these subscription-based approaches unequivocally.
Read more
-
Meta plans paid subscription for users who don’t want to be tracked
In a move to circumvent EU privacy law, Platform giant Meta reportedly plans to ask users to pay up to €228 a year to preserve their fundamental right to privacy on its platforms.
Read more
-
Meta pledges to ask EU users for consent before showing behavioural ads
In a surprise announcement last Tuesday, Meta made the long overdue promise to finally ask its users for their consent before showing them behavioral ads – at least if they live in the European Union, EEA or Switzerland.
Read more
-
Spotify gets fine of € 5 Million for GDPR violations
Following an EDRi member noyb complaint and litigation over inactivity, the Swedish Data Protection Authoirty (IMY) has issued a fine of 58 Mln Swedish Crown (about € 5 Million) against Spotify.
Read more
-
€1.2 billion GDPR fine for Meta over US mass surveillance
Today, a decade-long (2013 - 2023) case on Meta's involvement in US mass surveillance has led to a first direct decision. Meta must stop any further transfers of European personal data to the United States, given that Meta is subject to US surveillance laws (like FISA 702). The European Data Protection Board (EDPB) had largely overturned the Irish Data Protection Commission's (DPC) decision, insisting on a record fine and that previously transferred data must be brought back to the EU.
Read more
-
5 years of the GDPR: National authorities let down European legislator
On 25 May 2018, the General Data Protection Regulation (GDPR) came into force, promising to be the strongest set of data protection rules to enhance our privacy. While the contents of EU data protection rules stayed largely the same, the alleged big change was the GDPR's strict enforcement. 5 years later, national authorities and courts largely leave the European legislator in the lurch – despite a budget of more than €330 million in 2022.
Read more
-
GDPR Rights in Sweden: Court confirms that authority must investigate complaints
The Stockholm administrative court held that a complainant under Article 77 GDPR has the right to request a decision from the Swedish Data Protection Authority (IMY) after six months.
Read more
-
Gmail creates “Spam Emails”, despite CJEU judgment
On 24 August, EDRi member noyb.eu filed a complaint against Google with the French Data Protection Authority (CNIL). The tech giant has repeatedly ignored the European Court of Justice (CJEU) ruling on direct marketing emails and used its email platform Gmail to send unsolicited advertising emails without valid consent of the users.
Read more
-
Statement on 4 Years of GDPR
When the GDPR became applicable on 25 May 2018, it was perceived as a watershed moment. Comments were somewhere between the EU getting serious about privacy and the internet breaking down at midnight. The past four years have shown that a law alone does not change business models that are based on the abuse of personal data and a culture within the privacy profession that is often focusing on covering up non-compliance. After a first moment of shock, large part of the data industry has learned to live with GDPR without actually changing practices. This is mainly done by simply ignoring users’ rights and getting away with it.
Read more
-
CNIL orders three controllers to comply with GDPR after decision that using Google Analytics is illegal
Only weeks after the groundbreaking decision by the Austrian Data Protection Authority that the continuous use of Google Analytics violates the GDPR, the French Data Protection Authority (CNIL) ordered three French websites to comply with the GDPR. All these decisions are based on noyb's 101 model complaints which were filed after the Court of Justice ruling invalidating Privacy Shield. noyb expects similar decisions by the other authorities.
Read more