A large share of web privacy compliance succeeds or fails in a place many legal and privacy teams do not treat as compliance-critical: the tag management layer, often Google Tag Manager (GTM). Here’s a pattern we see repeatedly in privacy diligence: a company has a consent banner and a Consent Management Platform (CMP). Everything looks compliant on paper. Then we...
Read More
I. Privacy Risk Has Materially Increased. We are witnessing an exponential increase in privacy litigation and regulatory enforcement. These cases are not being dismissed at early stages. Meanwhile, plaintiff’s attorneys and regulators are becoming technically sophisticated, with access to engineers, tooling, and legitimate forensic methods. This is no longer a space where assurances from vendors, policy language, or generalized architectural…
URLs are not just routing instructions. In modern web systems they function as a low-discipline data channel: easy to create, widely copied, routinely logged, and often propagated outside the context you thought you controlled. The practical problem is not that “tracking exists” or that browsers are broken. The problem is more operational: if you place user-identifying or sensitive data in…
State privacy laws, such as the California Consumer Privacy Act (CCPA), require companies to implement opt-out solutions and honor applicable privacy requests. But if you have implemented an opt-out, how do you know it actually works? Is it configured properly? How do you validate that your opt-outs work as intended? Even more fundamentally, what are the technical criteria you need…
We originally imagined AI to potentially advance to its current state 80 years from now. Instead, here we are, with the next great technology revolution developing right before our eyes. We suspect it will be every bit as transformative—and disruptive—as the rise of the Internet. Although there are numerous philosophical musings to be made on the topic, such discussions will…
As privacy laws and requirements become more technically sophisticated, businesses may want to consider how they can follow suit. For example, state privacy laws, such as the California Consumer Privacy Act (CCPA), require companies to implement opt-out solutions and honor applicable privacy requests. Companies including an opt-out link, privacy preference controls, and a privacy policy on their websites and apps…
Google’s Data safety forms must be submitted by July 20, 2022. Failure to post by July 20, 2022, according to Google, can result in the rejection of new app submissions to Google Play. After July 20,200, non-compliant apps may face removal from the Google Play altogether. It’s the business’s job to take ownership over the accuracy of the labels and…
After more than a year of negotiations, on March 25, 2022, the European Commission and the United States announced an agreement for a new Trans-Atlantic Data Privacy Framework. The new Framework will replace EU-U.S. Privacy Shield, which was invalided by the Court of Justice of the European Union (“CJEU”)’s Schrems II decision in July 2020. Since the Schrems II decision,…
Google recently announced several key changes to the upcoming “Data safety form” for Google Play, including: Required Timeline Extended to Submit Data safety form: Google extended the deadline from April 2022 to July 2022. Specifically, according to Google: July 20, 2022: All new apps and updates to existing apps must include a Data safety form. If an app fails to…
We may be a little late to Data Privacy Day but we are looking ahead at what a big year for privacy 2022 will be! Below is a timeline of some of the privacy events on the horizon that are on our radar. What is happening right now? Schrems II and Google Analytics: The Austrian DPA’s recent decision regarding the…