Apple and zero-day in the spotlight - Your Data Privacy Digest #14

Hello there,

Every week, we bring the freshest news from the data privacy industry to your inbox.?

From content published on the?Yes We Trust blog?to must-reads from across the web, this is your weekly digest to stay updated on what's going on in data privacy.

Comments, feedback, or suggestions for future pieces? Comment or join the conversation in the?Yes We Trust LinkedIn community.

Have a nice read,

The Yes We Trust team

This week in Data Privacy

Apple introduces new API rules to prevent "fingerprinting"

Last week, 苹果 released a list of APIs that will now require iOS app developers and publishers to declare reasons for their use.?

"There are existing APIs in our platforms that have the potential of being misused for fingerprinting. However, these APIs also provide powerful user experiences when accessed appropriately. To support important use cases that benefit the users while avoiding fingerprinting, there is a new category of APIs called Required Reason APIs. " - Tony Tan, Privacy Engineering at Apple (source)

Learn more about these APIs, fingerprinting, and the context behind this development at Apple:

A closer look at zero-day vulnerabilities

It was recently reported by TechCrunch that an Apple employee had helped fix a critical issue in Google Chrome after a "zero-day" was identified during a hacking competition earlier this year.

Looking at zero-day issues, we observed that other organizations have been facing them, from Apple and Microsoft to the government of Norway:

Must-reads from around the web

• Meta-owned companies fined $13.5 million in Australia?

The Federal Court of Australia has fined two subsidiaries of Meta (Facebook Israel and Onavo Inc) for sharing user personal activity data with parent company Meta for commercial benefit.

Learn more about the case on the ACCC website:

• Ryanair risking a fine of up to €192M for invasive facial recognition technology

Data privacy advocacy organization noyb.eu has filed a complaint against the airline for violating the EU's General Data Protection Regulation by requiring customers booking a flight to go through an intrusive verification process involving facial recognition.

“The information provided by Ryanair is so confusing that travelers may even think their booking is invalid. By nudging customers to go through its intrusive facial recognition process, the airline manages to both violate their customer’s privacy and ensure that they don’t book via external providers another time.” - Felix Mikolasch, Data Protection Lawyer at noyb (source)

Learn more about the complaint:

• Learn more about data privacy in Japan

The European Data Protection Board has released a first review of the Japan Adequacy Decision, leading to more convergence between the Japanese legal framework and the GDPR.?

Learn more about Japan's privacy laws here:

Save the date: Your last event

Last month, Didomi and 谷歌 joined forces for a webinar covering the new Google CMP Certification, the recently-released IAB TCF v2.2, and their implications for organizations.

Catch the replay if you missed it:

Thank you for reading! For more news, in-depth articles, and conversations, join the?Yes We Trust community?on LinkedIn.

Best,

The Yes We Trust team