Privacy News Roundup | November 16, 2022

International News

European Union passes landmark rules with hefty fines

The EU has passed landmarks rules that will impact big tech companies including:

The Digital Marketers Act (DMA) requires “gatekeepers” to make their messaging services interoperable and provide business users access to their data.
The Digital Services Act (DSA) bans targeted advertising aimed at children or based on sensitive data such as religion, gender, race, or political opinion.
The Artificial Intelligence Act regulates the use of facial recognition and biometrics.

While these Acts are aimed at non personal data, they do not exempt personal data from their scope.

This raises concerns over companies facing penalties under both the Acts and the GDPR, which is significant as violators can face fines up to:

10% of annual global turnover for DMA violations.
6% for DSA violations.
Greater of 4% or €20 million for GDPR violations.

Canada introduces draft privacy act

Canada has introduced a draft privacy act, Digital Charter Implementation Act, 2022 (Bill C-27).

The bill takes a three-in-one approach to strengthening privacy law and creating rules for AI development, while also extending the Digital Charter. Bill C-27 contains:

Consumer Privacy Protection Act
The Personal Information and Data Protection Tribunal Act
The Artificial Intelligence and Data Act (AIDA).

India withdrawals its Personal Data Protection Bill

India has withdrawn its Personal Data Protection Bill and identified four clauses that will be dropped or re-drafted when a new version of the bill is reintroduced.

UK reaches agreement with the US

The US and UK have announced an agreement to allow both countries to gain improved access to viral data in order to combat serious crime and protect national security interests.

France continues to fine Facebook

In addition to its €60 million fine from January 2022, France’s data protection authority is giving Facebook three months to allow users located in France to refuse cookies as easily as they can accept them. If Facebook does not comply, it will face a penalty of €100,000 per day of delay.

Cookie	Duration	Description
__cfruid	session	Set by Cloudflare. Cookie associated with sites using CloudFlare, used to identify trusted web traffic. Learn more about Cloudflare cookies.
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
cf_clearance	session	Set by Cloudflare. Used to verify user is not a bot. Learn more about Cloudflare cookies.
hubspotutk	1 year	Set by HubSpot. This cookie keeps track of a visitor’s identity. It is passed to HubSpot on form submission and used when deduplicating contacts.

Cookie	Duration	Description
__hssc	30 minutes	Set by HubSpot. This cookie keeps track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.
__hssrc	session	Set by HubSpot. Whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
__hstc	13 months	Set by HubSpot. The main cookie for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).

Cookie	Duration	Description
_ga	2 years	Set by Google. Used to distinguish users on the Google Analytics platform. Google’s policies can be viewed here.
_ga_RJQRHRDJNC	2 years	Set by Google. Used to persist session state. Google’s policies can be viewed here.
_gat_gtag	1 minute	Set by Google. Used to analyze visitor browsing habits, flow, source and other information. Google’s policies can be viewed here.
_gid	24 hours	Set by Google. Used to distinguish users on the Google Analytics platform. Google’s policies can be viewed here.