{"id":10127,"date":"2025-01-17T11:06:07","date_gmt":"2025-01-17T10:06:07","guid":{"rendered":"https:\/\/s8.tgin.eu\/?p=10127"},"modified":"2025-02-20T15:50:45","modified_gmt":"2025-02-20T14:50:45","slug":"data-protection-digest-17012025-mobile-app-permissions-should-work-in-conjunction-with-consent-requirements-cnil","status":"publish","type":"post","link":"https:\/\/techgdpr.com\/blog\/data-protection-digest-17012025-mobile-app-permissions-should-work-in-conjunction-with-consent-requirements-cnil\/","title":{"rendered":"Data protection digest 1-15 Jan 2025: mobile app permissions should work in conjunction with consent requirements &#8211; CNIL"},"content":{"rendered":"\n<h4 class=\"wp-block-heading\"><strong>Mobile app<\/strong> permissions<\/h4>\n\n\n\n<p>Technical permissions in mobile app are very useful for privacy, explains the French regulator CNIL. They allow users to block access to certain data technically. However, these <a href=\"https:\/\/www.cnil.fr\/fr\/permissions-applications-mobiles-recommandations-de-la-cnil-pour-respecter-la-vie-privee\">permissions are not designed to validate users&#8217; consent, within the meaning of the GDPR<\/a>.&nbsp; Even when consent is required, a simple request for permission does not always allow for free, specific, informed and unambiguous consent. There may also be exemptions from consent, such as for the functioning of a navigation mobile app, when the data is required for the service. However, the OS supplier requires authorization to access this information. An ideal permissions system in conjunction with a consent management system should allow one to choose without any confusion:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>the degree of processing of the data provided according to the purpose pursued (eg, more or less precise location);<\/li>\n\n\n\n<li>the material scope of the authorisation, (eg, access to the selected photos rather than the overall media gallery);<\/li>\n\n\n\n<li>The duration of the authorization is given, (eg, one-time activation of the permission or for a predetermined period).&nbsp;<\/li>\n<\/ul>\n\n\n\n<p><strong><em><a href=\"#newslettersignup\">Stay up to date! Sign on to receive our fortnightly digest via email.<\/a><\/em><\/strong><\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Non-material damages for US data transfers<\/strong><\/h4>\n\n\n\n<div class=\"wp-block-media-text has-media-on-the-right is-stacked-on-mobile\" style=\"grid-template-columns:auto 25%\"><div class=\"wp-block-media-text__content\">\n<p><\/p>\n\n\n\n<p>The CJEU orders the European Commission to pay damages to a visitor to its \u2018Conference on the Future of Europe\u2019 website due to the transfer of personal data to the US without appropriate safeguards. In 2021 and 2022, a German citizen complained that the Commission violated his right to personal data protection when he <a href=\"https:\/\/curia.europa.eu\/jcms\/upload\/docs\/application\/pdf\/2025-01\/cp250001en.pdf\">used the Commission&#8217;s EU Login authentication service and chose to sign in with his Facebook account<\/a>.<\/p>\n<\/div><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" src=\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXeBcHMGKkfFp8IK076Pa_laFaPl8IfYgSWijOaM8hBoKRZemCh37WQ5ABONh8OhQutKi0QS_skDpWC-xiyiduTVlvqsq_n-AUsTlT-9qhvg6S3IwInqe0WnwEYIfomJ39kZJgViRA?key=ENH08D9sNGKdn0egHZdYFKQF\" alt=\"\" \/><\/figure><\/div>\n\n\n\n<p>His data, including his IP address and information about his browser and terminal, were transferred to <a href=\"https:\/\/techgdpr.com\/blog\/gdpr-as-a-non-eu-company\/\">recipients in the US<\/a>, (Meta, Amazon Web Services and CloudFront).&nbsp;According to the JD Supra law blog, while the sum is small, it is the first time an EU court has acknowledged that people can be awarded damages for illicit data transfers without demonstrating significant loss, <a href=\"https:\/\/www.jdsupra.com\/legalnews\/eu-court-awards-damages-for-breach-of-3226790\/\">paving the way for future claims, including class actions<\/a>.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">More legal updates<\/h4>\n\n\n\n<p><strong>\u201cMaximum two complaints per month\u201d:<\/strong> The NOYB privacy advocacy group explains another case, where the CJEU slammed the <a href=\"https:\/\/noyb.eu\/en\/austrian-data-protection-authority-slammed-cjeu\">Austrian data protection authority for discontinuing proceedings against companies<\/a>. In one example, the authority set the number of complaints that data subjects can file at a maximum of two per month. The CJEU has now made it clear: as long as you do not file abusive complaints, all users have the right to have any GDPR violation remedied by the regulator. NOYB also looked at the EU-wide problem with data protection authorities&#8217; inactivity &#8211; statistically many cases wait well up to several years for a decision, (instead of the established 6 months).&nbsp;<\/p>\n\n\n\n<p><strong>Canada updates:<\/strong> According to an IAPP analysis, the proposed federal privacy law reforms and AI regulation contained in Bill <a href=\"https:\/\/iapp.org\/news\/a\/bill-c-27-awaits-fate-after-canadas-prime-minister-resigns\">C-27 are in serious jeopardy<\/a>. Prime Minister Justin Trudeau&#8217;s recent resignation has paralysed Parliamentary business. As the country awaits a national election, C-27\u2019s approval in the Senate is delayed. The proposals include enacting the Digital Charter Implementation Act, the Consumer Privacy Protection Act, the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act.&nbsp;<\/p>\n\n\n\n<p><strong>India updates:<\/strong> The government has released a draft of the Digital Personal Data Protection Rules, (legal text available in English), under the Digital Personal Data Protection Act, (2023), and is currently seeking public feedback and comments, cms-lawnow.com law blog reports. <a href=\"https:\/\/cms-lawnow.com\/en\/ealerts\/2025\/01\/india-seeks-views-on-draft-digital-personal-data-protection-rules\">Key rules<\/a> include: consent obligations, including for children\u2019s data, security safeguards, data breach notification, retention periods, information obligation, data transfers abroad, impact assessments and audits, and the exercise of data subject rights.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Electronic patient records<\/strong><\/h4>\n\n\n\n<div class=\"wp-block-media-text is-stacked-on-mobile\" style=\"grid-template-columns:25% auto\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" src=\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXfa3szFZ9Wl6rh9wyiTVRka-OoH6qZYp4a4S_qp99NJwVCb8Cz0hRb0BNCOEEwm9gYki3M58KYRWnTRb7wsJeciI6q81Nh0vo3F3rW_iVNtSPdF-WSs904_PFyKcduASkhvHBGD?key=ENH08D9sNGKdn0egHZdYFKQF\" alt=\"mobile apps\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p><\/p>\n\n\n\n<p>On January 15 the &#8220;electronic patient record&#8221;, (ePA), will start with a pilot phase in Hamburg, Franconia and North Rhine-Westphalia parts of Germany. After the successful completion of the introductory phase, the nationwide rollout is planned for February 15 at the earliest. The use of ePA, was already possible voluntarily. However, from January 15, the Digital Act, (DigiG), stipulates that health insurance companies will create an ePA for all patients who have not explicitly objected to this. <\/p>\n<\/div><\/div>\n\n\n\n<p>Insured persons should therefore now check <a href=\"https:\/\/www.lfd.niedersachsen.de\/startseite\/infothek\/presseinformationen\/elektronische-patientenakte-fur-alle-startet-antworten-auf-die-haufigsten-fragen-238579.html\">whether they want to use it or whether they object to its use completely or partially with an opt-out<\/a>.&nbsp;The objection can be made at any time, and the health insurance companies must subsequently delete files that have already been created. The ePA brings with it advantages \u2013 it facilitates the exchange of medical documents, avoids duplicate examinations and makes it easier for patients to control which data they release to whom. However, there is currently also criticism, particularly regarding data security, (IT experts <a href=\"https:\/\/themunicheye.com\/serious-security-flaws-electronic-patient-records-7236\">uncovered security flaws in the ePA at the Chaos Communication Congress at the end of 2024<\/a>).&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Work agreements and data processing<\/strong><\/h4>\n\n\n\n<p>DLA Piper&#8217;s legal blog looks at a CJEU case, where an employer, (in Germany), had initially concluded a <a href=\"https:\/\/privacymatters.dlapiper.com\/2025\/01\/germany-works-agreements-cannot-legitimate-inadmissible-data-processing\/\">temporary agreement with the works council on the use of the software \u2018Workday<\/a>\u2019. It provided, inter alia, that specifically identified employee data could be transferred to a server of the parent company in the US. An employee brought a legal action for access to this information, for the deletion of data concerning him, and for compensation.&nbsp;On this occasion, the CJEU ruled that if employers and works councils agree on more specific rules in a work agreement regarding the processing of employees&#8217; data, these must take into account general data protection principles, including the lawfulness of processing. Furthermore, such a work arrangement is open to judicial scrutiny. Thus, businesses should investigate if other legal bases are applicable.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">More official guidance<\/h4>\n\n\n\n<p><strong>UK online safety:<\/strong> On 16 December, Ofcom brought into effect new UK online safety regulations. Now <a href=\"https:\/\/www.ofcom.org.uk\/online-safety\/illegal-and-harmful-content\/time-for-tech-firms-to-act-uk-online-safety-regulation-comes-into-force\/\">digital platforms, especially bigger and riskier ones<\/a>, (social media firms, search engines, messaging, gaming, dating apps, and file-sharing sites), have three months to complete illegal harm risk assessments and apply necessary safety measures, (from the list of more than 40 safeguards). Among many things, this will include, reporting and complaints duties, better moderation, easier reporting, built-in safety tests, and protecting children. The Act also enables Ofcom to make a provider use, (or in some cases develop), a specific technology to tackle child abuse or illicit content on their sites and apps.&nbsp;<\/p>\n\n\n\n<p><strong>AI and consumer harm<\/strong>: America\u2019s FTC gathered the latest casework on what companies need to consider when developing, maintaining, using, and deploying an AI-based product. This includes:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>taking necessary steps before and after deploying a product, (by testing, assessing, documenting, and inquiring);&nbsp;<\/li>\n\n\n\n<li>preventative measures to detect, deter, and halt impersonation, fraud, abuse and non-consensual imagery;<\/li>\n\n\n\n<li>avoiding deceptive claims about AI tools that result in people losing money or put users at risk of harm; and,&nbsp;<\/li>\n\n\n\n<li>ensuring privacy and security by default, (eg, abiding <a href=\"https:\/\/www.ftc.gov\/policy\/advocacy-research\/tech-at-ftc\/2025\/01\/ai-risk-consumer-harm\">by legal obligations and not misleading users of a product about the usage of their data for algorithm improvement<\/a>).&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n<div id=\"newslettersignup\"><\/div>\n<div id=\"role-block_6cb494c96dae33a5818ac2a911af5a1e\" class=\"text-t-black bg-t-pink p-6 md:p-12 rounded-tr-50 rounded-bl-50 mb-4 lg:mb-12 text-center role\">\n  \n      <h2 class=\"text-xl lg:text-2xl max-w-screen-lg mx-auto text-t-black font-display mb-4\">\n      Receive our digest by email     <\/h2>\n        <h3 class=\"text-base max-w-screen-lg mx-auto text-t-black font-body mb-4\">Sign up to receive our digest by email every 2 weeks<\/h3>\n  \n  <div id=\"rmOrganism\">\n    <div class=\"rmEmbed rmLayout--vertical rmBase\">\n      <div data-page-type=\"formSubscribe\" class=\"rmBase__body rmSubscription\">\n                  <form method=\"post\" action=\"https:\/\/mailing.techgdpr.com\/145\/6351\/5e9fc3cdda\/subscribe\/form.html?_g=1698845230\" class=\"rmBase__content\">\n                  <div class=\"rmBase__container mx-auto max-w-screen-sm\">          \n            <div class=\"rmBase__section\">\n              <div class=\"text-left rmBase__el rmBase__el--input rmBase__el--label-pos-none\" data-field=\"email\">\n                <label for=\"email\" class=\"rmBase__compLabel rmBase__compLabel--hideable hidden\">\n                  Email address\n                <\/label>\n                <div class=\"rmBase__compContainer mb-2\">\n                  <input type=\"text\" name=\"email\" id=\"email\" placeholder=\"Email\" value=\"\" class=\"p-4 border rounded border-gray-400 w-full rmBase__comp--input comp__input\">\n                  <div class=\"rmBase__compError text-left font-display font-bold text-xs\"><\/div>\n                <\/div>\n              <\/div>\n            <\/div>\n            <div class=\"rmBase__section mb-4\">\n              <div class=\"rmBase__el rmBase__el--consent\" data-field=\"consent_text\">\n                <div class=\"rmBase__comp--checkbox\">\n                  <label for=\"consent_text\" class=\"flex space-x-2 items-baseline text-left vFormCheckbox comp__checkbox\">\n                    <input type=\"checkbox\" value=\"yes\" name=\"consent_text\" id=\"consent_text\" class=\"vFormCheckbox__input\">\n                    <div class=\"vFormCheckbox__indicator hidden\"><\/div>\n                    <div class=\"vFormCheckbox__label\">\n                                              I consent to the processing of my data, and to receiving regular updates from TechGDPR. Data is processed according to our <a href=\"https:\/\/techgdpr.com\/privacy-policy\/\"> Privacy Notice<\/a>.\r\n                                          <\/div>\n                  <\/label>\n                <\/div>\n                <div class=\"rmBase__compError text-left font-display font-bold text-xs\"><\/div>\n              <\/div>\n            <\/div>\n            <div class=\"rmBase__section\">\n              <div class=\"rmBase__el rmBase__el--cta\">\n                <button type=\"submit\" class=\"inline-flex items-center justify-center px-8 py-3 text-white visited:text-white font-bodybold rounded-md bg-t-navy border-3 border-t-navy hover:border-t-navy hover:bg-transparent hover:text-t-navy transition-all hover:text-white cursor-pointer rmBase__comp--cta\">\n                  Subscribe\n                <\/button>\n              <\/div>\n            <\/div>\n          <\/div>\n        <\/form>\n      <\/div>\n      <div data-page-type=\"pageSubscribeSuccess\" class=\"rmBase__body rmSubscription hidden\">\n        <div class=\"rmBase__content\">\n          <div class=\"rmBase__container\">\n            <div class=\"rmBase__section\">\n              <div class=\"rmBase__el rmBase__el--heading\">\n                <div class=\"rmBase__comp--heading\">\n                  Thank you for your subscription!\n      <!-- this linebreak is important, don't remove it! this will force trailing linebreaks to be displayed -->\n                  <br>\n                <\/div>\n              <\/div>\n            <\/div>\n            <div class=\"rmBase__section\">\n              <div class=\"rmBase__el rmBase__el--text\">\n                <div class=\"rmBase__comp--text\">\n                  We have sent you an email &#8211; please confirm your email address by clicking the activation link in it.\n      <!-- this linebreak is important, don't remove it! this will force trailing linebreaks to be displayed -->\n                  <br>\n                <\/div>\n              <\/div>\n            <\/div>\n          <\/div>\n        <\/div>\n      <\/div>\n    <\/div>\n  <\/div>\n\n      <script src=\"https:\/\/mailing.techgdpr.com\/form\/145\/6069\/8a53c9178b\/embedded.js\" async><\/script>\n  \n<\/div>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Video surveillance on a large scale<\/strong><\/h4>\n\n\n\n<p>Depending on the scope and purpose, video surveillance can be divided into three scales: narrow, medium, and wide-scale video surveillance, explains the Latvian regulator. Large-scale video surveillance means that the processing is carried out over a significant area and presents high risks for the processing of personal data at regional, national or transnational levels. <a href=\"https:\/\/www.dvi.gov.lv\/lv\/jaunums\/dviskaidro-videonoverosana-plasa-meroga-kriteriji-un-nosacijumi\">The larger the area monitored and the more people visiting it, the higher the risk<\/a> of data misuse.<\/p>\n\n\n\n<p>If an organisation conducts video surveillance of several separate areas, their total area should be taken into account to determine whether video surveillance is taking place on a large scale. When conducting video surveillance in publicly accessible, but less populated or visited areas, the thresholds for the size of the area and the duration of data retention may be higher to qualify as large-scale. However, if video surveillance involves the processing of biometric data for the unique identification of a person, then it is considered to be the processing of special categories of data.&nbsp;&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Privacy of the art market<\/strong><\/h4>\n\n\n\n<p>An analysis in The Art Newspaper notices that access to historic sales records is becoming more restricted due to increased confidentiality periods at auction houses. <\/p>\n\n\n\n<div class=\"wp-block-media-text has-media-on-the-right is-stacked-on-mobile\" style=\"grid-template-columns:auto 25%\"><div class=\"wp-block-media-text__content\">\n<p><\/p>\n\n\n\n<p>In the EU and the UK, privacy rights are protected through contract, common law and data protection regulations. Thus, the identity of buyers and sellers is protected in several ways, which the auction houses are now restricted from disclosing without the client\u2019s consent. Moreover, the degree to which such data privacy measures can be used to restrict access is still unclear, as the <a href=\"https:\/\/www.theartnewspaper.com\/2024\/12\/06\/privacy-rules-spelling-trouble-art-market\">GDPR does not prescribe how long confidentiality clauses can last<\/a>.&nbsp;<\/p>\n<\/div><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" src=\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXcXZlmd1pDi4g6VOgEfzaXGLVQZ9wcO3l56V_6H18rBXFkSbOplgC7AZUvS7mfGmo0k9AaYjfX-RJs80R79te1djVh5Xm8aibGYMqfg5d7MdBEc1jIvVnaaCdrbOPgVxM_mkInhJA?key=ENH08D9sNGKdn0egHZdYFKQF\" alt=\"\" \/><\/figure><\/div>\n\n\n\n<p><\/p>\n\n\n\n<h4 class=\"wp-block-heading\">More enforcement decisions<\/h4>\n\n\n\n<p><strong>Genetic and health data breach: <\/strong>The Estonian data protection inspectorate imposed an 85,000 euro fine in connection with an incident that occurred at the end of 2023, in which the Asper Biogene O\u00dc system was attacked and approximately 100,000 files with people&#8217;s data, including genetic and health data, were obtained. However, the decision can still be appealed by the company. Asper Biogene O\u00dc is primarily <a href=\"https:\/\/www.aki.ee\/uudised\/trahviotsus-85-000-suurune-rahatrahv-asper-biogene-ou-le\">engaged in testing for hereditary diseases, developing genetic tests and providing healthcare services, thereby processing health data extensively<\/a>.&nbsp;<\/p>\n\n\n\n<p><strong>Frontex case: <\/strong>The EDPS issued a warning to Frontex for a breach of data protection rules. The breach involved Frontex systematically sharing the personal data of suspects in transnational criminal cases with Europol without assessing whether the sharing was necessary. <a href=\"https:\/\/www.edps.europa.eu\/press-publications\/press-news\/press-releases\/2025\/edps-reprimands-frontex-non-compliance-regulation-eu-20191896_en\">Such sharing can have serious consequences for individuals, who could be wrongly linked to criminal activities in Europe<\/a>. Frontex stopped the transfer of personal data to Europol shortly after the inquiry and now assesses all information individually before sharing it with the agency.&nbsp;<\/p>\n\n\n\n<div class=\"wp-block-media-text is-stacked-on-mobile\" style=\"grid-template-columns:25% auto\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" src=\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXfoClX-YLewfCmZabSFxq8aNDo-teVcXoD3oJVA9Me3lVAZmddiNugwpHR0k6UcQHJQlihzJpqdr_TlhSjx3UPTnUwCdwb0cvJvKjBxYeXqR741BVNnedvwlsukD0noFQ-92noO9A?key=ENH08D9sNGKdn0egHZdYFKQF\" alt=\"\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p><\/p>\n\n\n\n<p><strong>Facial recognition: <\/strong>The FTC meanwhile finalised an order against IntelliVision Technologies due to false claims that its AI-powered facial recognition software was free of gender or racial bias. The FTC alleged that IntelliVision lacked evidence that its software had one of the highest accuracy rates on the market and performed with zero gender or racial bias. <\/p>\n<\/div><\/div>\n\n\n\n<p>The complaint also alleged that IntelliVision <a href=\"https:\/\/www.ftc.gov\/news-events\/news\/press-releases\/2025\/01\/ftc-finalizes-order-prohibiting-intellivision-making-deceptive-claims-about-its-facial-recognition\">did not train its facial recognition software on millions of faces, as it claimed<\/a>, nor did it have adequate support for its claims that its anti-spoofing technology ensures the system can\u2019t be fooled by a photo or video image.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Data security<\/h4>\n\n\n\n<p><strong>DORA is enforceable now<\/strong>: The <a href=\"https:\/\/eur-lex.europa.eu\/legal-content\/EN\/TXT\/PDF\/?uri=CELEX:32022R2554&amp;from=FR\">Digital Operational Resilience Act, (DORA)<\/a>, is an EU regulation that entered into force on 16 January 2023 and will apply as of 17 January 2025. DORA brings harmonisation of the rules relating to operational resilience for the financial sector applying to 20 different types of financial entities and ICT third-party service providers. It covers areas of compliance such as:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>ICT risk management,&nbsp;<\/li>\n\n\n\n<li>ICT third-party risk management,&nbsp;<\/li>\n\n\n\n<li>Digital operational resilience testing,&nbsp;<\/li>\n\n\n\n<li>ICT-related incidents,&nbsp;<\/li>\n\n\n\n<li>Information sharing on cyber threats, and&nbsp;<\/li>\n\n\n\n<li>Oversight of critical third-party providers. <\/li>\n<\/ul>\n\n\n\n<p>For <a href=\"https:\/\/www.eiopa.europa.eu\/digital-operational-resilience-act-dora_en\">resources on implementing and delegated acts, policies and guides click here<\/a>.<\/p>\n\n\n\n<p><strong>Security updates<\/strong>: Privacy International meanwhile reminds us that the CrowdStrike incident, (malformed update), earlier this year had major implications for governments and businesses across the world. Among many things, it emphasises the importance of security updates, including auto-updates, which are incredibly important to keep our devices running properly and safely. What is needed is for auto-updates to be properly tested before being implemented.\u00a0Moreover, <a href=\"https:\/\/privacyinternational.org\/long-read\/5507\/crowdstrike-what-2024-outage-reveals-about-security\">too often we see companies bundling together security and feature updates, meaning that users cannot install one without the other<\/a>. That&#8217;s a problem, especially if a weaker system for testing feature updates pollutes the process for security updates, or if users are prevented from having the latest security updates installed because they don&#8217;t want the features or their device does not support the feature updates.\u00a0\u00a0<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Big Tech<\/h4>\n\n\n\n<div class=\"wp-block-media-text has-media-on-the-right is-stacked-on-mobile\" style=\"grid-template-columns:auto 28%\"><div class=\"wp-block-media-text__content\">\n<p><\/p>\n\n\n\n<p><strong>US vulnerabilities:<\/strong> The outgoing President Joe Biden has just signed an executive order to address US vulnerabilities following cyber attacks, (by China, Russia, Iran and ransomware criminals), that cost the country billions, the Guardian reports. Among its most notable elements is a mandate for government agencies to install end-to-end encryption for email and video communications, as well as new standards for AI-powered cyber defence systems and quantum computing protections.<\/p>\n<\/div><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" src=\"https:\/\/lh7-rt.googleusercontent.com\/docsz\/AD_4nXc8-fOTPGujonbPxp0DJVtKiHp-aMMKUIVyOvD6QY8wVgISvCSf2bQlwM3BQvxmEssC8CiDg7tdZiwRJOmZkzp5r3LcjkEBsUHl_G915UvBSXH6r9GCWirZeu5AG-X5JVsuNCMOMg?key=ENH08D9sNGKdn0egHZdYFKQF\" alt=\"\" \/><\/figure><\/div>\n\n\n\n<p>The order also requires federal agencies to only purchase internet-connected devices with a &#8220;cyber trust mark&#8221; from 2027, essentially <a href=\"https:\/\/www.theguardian.com\/us-news\/2025\/jan\/16\/biden-cyber-china-russia?fbclid=IwY2xjawH15pBleHRuA2FlbQIxMAABHb5onKrxBDjMB63NgGKga7ojtyHp71iTRD1SCx5IrKJdl1ETLwAZ39GU5A_aem_3UegIDinT-gsSKKDzclM5g\">leveraging government procurement authority to encourage manufacturers to tighten security standards for items like as baby monitors and home security systems<\/a>.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Mobile app permissions Technical permissions in mobile app are very useful for privacy, explains the French regulator CNIL. They allow users to block access to certain data technically. However, these permissions are not designed to validate users&#8217; consent, within the meaning of the GDPR.&nbsp; Even when consent is required, a simple request for permission does [&hellip;]<\/p>\n","protected":false},"author":21,"featured_media":10128,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[94],"tags":[51,323,334,95,58,222],"class_list":["post-10127","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-data-protection-digest","tag-artificial-intelligence","tag-consent-management-2","tag-dora","tag-eu-us-data-transfer","tag-gdpr-compliance","tag-mobile-devices"],"acf":[],"featured_image_urls":{"full":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/01\/smartphone-1184865_1280.png",1280,995,false],"thumbnail":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/01\/smartphone-1184865_1280-150x150.png",150,150,true],"medium":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/01\/smartphone-1184865_1280-300x233.png",300,233,true],"medium_large":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/01\/smartphone-1184865_1280-768x597.png",640,498,true],"large":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/01\/smartphone-1184865_1280-1024x796.png",640,498,true],"1536x1536":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/01\/smartphone-1184865_1280.png",1280,995,false],"2048x2048":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/01\/smartphone-1184865_1280.png",1280,995,false],"image-200-200":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/01\/smartphone-1184865_1280-200x200.png",200,200,true]},"post_excerpt_stackable":"<p>Mobile app permissions Technical permissions in mobile app are very useful for privacy, explains the French regulator CNIL. They allow users to block access to certain data technically. However, these permissions are not designed to validate users&#8217; consent, within the meaning of the GDPR.&nbsp; Even when consent is required, a simple request for permission does not always allow for free, specific, informed and unambiguous consent. There may also be exemptions from consent, such as for the functioning of a navigation mobile app, when the data is required for the service. However, the OS supplier requires authorization to access this information.&hellip;<\/p>\n","category_list":"<a href=\"https:\/\/techgdpr.com\/blog\/category\/data-protection-digest\/\" rel=\"category tag\">Data Protection Digest<\/a>","author_info":{"name":"Olya Vasylyk","url":"https:\/\/techgdpr.com\/blog\/author\/olyav\/"},"comments_num":"0 comments","featured_image_urls_v2":{"full":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/01\/smartphone-1184865_1280.png",1280,995,false],"thumbnail":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/01\/smartphone-1184865_1280-150x150.png",150,150,true],"medium":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/01\/smartphone-1184865_1280-300x233.png",300,233,true],"medium_large":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/01\/smartphone-1184865_1280-768x597.png",640,498,true],"large":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/01\/smartphone-1184865_1280-1024x796.png",640,498,true],"1536x1536":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/01\/smartphone-1184865_1280.png",1280,995,false],"2048x2048":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/01\/smartphone-1184865_1280.png",1280,995,false],"image-200-200":["https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/01\/smartphone-1184865_1280-200x200.png",200,200,true]},"post_excerpt_stackable_v2":"<p>Mobile app permissions Technical permissions in mobile app are very useful for privacy, explains the French regulator CNIL. They allow users to block access to certain data technically. However, these permissions are not designed to validate users&#8217; consent, within the meaning of the GDPR.&nbsp; Even when consent is required, a simple request for permission does not always allow for free, specific, informed and unambiguous consent. There may also be exemptions from consent, such as for the functioning of a navigation mobile app, when the data is required for the service. However, the OS supplier requires authorization to access this information.&hellip;<\/p>\n","category_list_v2":"<a href=\"https:\/\/techgdpr.com\/blog\/category\/data-protection-digest\/\" rel=\"category tag\">Data Protection Digest<\/a>","author_info_v2":{"name":"Olya Vasylyk","url":"https:\/\/techgdpr.com\/blog\/author\/olyav\/"},"comments_num_v2":"0 comments","yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Data protection digest 1-15 Jan 2025: mobile app permissions should work in conjunction with consent requirements - CNIL - TechGDPR<\/title>\n<meta name=\"description\" content=\"TechGDPR\u2019s review of the most important data-related stories: mobile app permissions should work in conjunction with consent requirements\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/techgdpr.com\/blog\/data-protection-digest-17012025-mobile-app-permissions-should-work-in-conjunction-with-consent-requirements-cnil\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Data protection digest 1-15 Jan 2025: mobile app permissions should work in conjunction with consent requirements - CNIL - TechGDPR\" \/>\n<meta property=\"og:description\" content=\"TechGDPR\u2019s review of the most important data-related stories: mobile app permissions should work in conjunction with consent requirements\" \/>\n<meta property=\"og:url\" content=\"https:\/\/techgdpr.com\/blog\/data-protection-digest-17012025-mobile-app-permissions-should-work-in-conjunction-with-consent-requirements-cnil\/\" \/>\n<meta property=\"og:site_name\" content=\"TechGDPR\" \/>\n<meta property=\"article:published_time\" content=\"2025-01-17T10:06:07+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-02-20T14:50:45+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/01\/smartphone-1184865_1280.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"995\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Olya Vasylyk\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@techgdpr\" \/>\n<meta name=\"twitter:site\" content=\"@techgdpr\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Olya Vasylyk\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-17012025-mobile-app-permissions-should-work-in-conjunction-with-consent-requirements-cnil\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-17012025-mobile-app-permissions-should-work-in-conjunction-with-consent-requirements-cnil\\\/\"},\"author\":{\"name\":\"Olya Vasylyk\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#\\\/schema\\\/person\\\/07e9c14fd01b25bd2c1907537e8547e8\"},\"headline\":\"Data protection digest 1-15 Jan 2025: mobile app permissions should work in conjunction with consent requirements &#8211; CNIL\",\"datePublished\":\"2025-01-17T10:06:07+00:00\",\"dateModified\":\"2025-02-20T14:50:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-17012025-mobile-app-permissions-should-work-in-conjunction-with-consent-requirements-cnil\\\/\"},\"wordCount\":2055,\"publisher\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-17012025-mobile-app-permissions-should-work-in-conjunction-with-consent-requirements-cnil\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/smartphone-1184865_1280.png\",\"keywords\":[\"Artificial Intelligence\",\"consent management\",\"DORA\",\"EU-US data transfer\",\"GDPR Compliance\",\"mobile devices\"],\"articleSection\":[\"Data Protection Digest\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-17012025-mobile-app-permissions-should-work-in-conjunction-with-consent-requirements-cnil\\\/\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-17012025-mobile-app-permissions-should-work-in-conjunction-with-consent-requirements-cnil\\\/\",\"name\":\"Data protection digest 1-15 Jan 2025: mobile app permissions should work in conjunction with consent requirements - CNIL - TechGDPR\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-17012025-mobile-app-permissions-should-work-in-conjunction-with-consent-requirements-cnil\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-17012025-mobile-app-permissions-should-work-in-conjunction-with-consent-requirements-cnil\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/smartphone-1184865_1280.png\",\"datePublished\":\"2025-01-17T10:06:07+00:00\",\"dateModified\":\"2025-02-20T14:50:45+00:00\",\"description\":\"TechGDPR\u2019s review of the most important data-related stories: mobile app permissions should work in conjunction with consent requirements\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-17012025-mobile-app-permissions-should-work-in-conjunction-with-consent-requirements-cnil\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-17012025-mobile-app-permissions-should-work-in-conjunction-with-consent-requirements-cnil\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-17012025-mobile-app-permissions-should-work-in-conjunction-with-consent-requirements-cnil\\\/#primaryimage\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/smartphone-1184865_1280.png\",\"contentUrl\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2025\\\/01\\\/smartphone-1184865_1280.png\",\"width\":1280,\"height\":995,\"caption\":\"mobile app\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/data-protection-digest-17012025-mobile-app-permissions-should-work-in-conjunction-with-consent-requirements-cnil\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/techgdpr.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Data protection digest 1-15 Jan 2025: mobile app permissions should work in conjunction with consent requirements &#8211; CNIL\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#website\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/\",\"name\":\"TechGDPR\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/techgdpr.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#organization\",\"name\":\"TechGDPR\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/staging.techgdpr.com\\\/wp-content\\\/uploads\\\/2018\\\/04\\\/TGDPR_logo_500px.png\",\"contentUrl\":\"https:\\\/\\\/staging.techgdpr.com\\\/wp-content\\\/uploads\\\/2018\\\/04\\\/TGDPR_logo_500px.png\",\"width\":501,\"height\":334,\"caption\":\"TechGDPR\"},\"image\":{\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/techgdpr\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/techgdpr\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/#\\\/schema\\\/person\\\/07e9c14fd01b25bd2c1907537e8547e8\",\"name\":\"Olya Vasylyk\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/readyIMG_3694-1-2-150x150.jpg\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/readyIMG_3694-1-2-150x150.jpg\",\"contentUrl\":\"https:\\\/\\\/techgdpr.com\\\/wp-content\\\/uploads\\\/2021\\\/10\\\/readyIMG_3694-1-2-150x150.jpg\",\"caption\":\"Olya Vasylyk\"},\"description\":\"Creator and editor of TechGDPR\u2019s weekly Digest. Postgraduate masters Diploma in Data Protection, Digital law and Management. Over a decade Olga previously was a broadcast journalist in Ukraine and France specializing in international affairs.\",\"url\":\"https:\\\/\\\/techgdpr.com\\\/blog\\\/author\\\/olyav\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Data protection digest 1-15 Jan 2025: mobile app permissions should work in conjunction with consent requirements - CNIL - TechGDPR","description":"TechGDPR\u2019s review of the most important data-related stories: mobile app permissions should work in conjunction with consent requirements","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/techgdpr.com\/blog\/data-protection-digest-17012025-mobile-app-permissions-should-work-in-conjunction-with-consent-requirements-cnil\/","og_locale":"en_US","og_type":"article","og_title":"Data protection digest 1-15 Jan 2025: mobile app permissions should work in conjunction with consent requirements - CNIL - TechGDPR","og_description":"TechGDPR\u2019s review of the most important data-related stories: mobile app permissions should work in conjunction with consent requirements","og_url":"https:\/\/techgdpr.com\/blog\/data-protection-digest-17012025-mobile-app-permissions-should-work-in-conjunction-with-consent-requirements-cnil\/","og_site_name":"TechGDPR","article_published_time":"2025-01-17T10:06:07+00:00","article_modified_time":"2025-02-20T14:50:45+00:00","og_image":[{"width":1280,"height":995,"url":"https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/01\/smartphone-1184865_1280.png","type":"image\/png"}],"author":"Olya Vasylyk","twitter_card":"summary_large_image","twitter_creator":"@techgdpr","twitter_site":"@techgdpr","twitter_misc":{"Written by":"Olya Vasylyk","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-17012025-mobile-app-permissions-should-work-in-conjunction-with-consent-requirements-cnil\/#article","isPartOf":{"@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-17012025-mobile-app-permissions-should-work-in-conjunction-with-consent-requirements-cnil\/"},"author":{"name":"Olya Vasylyk","@id":"https:\/\/techgdpr.com\/#\/schema\/person\/07e9c14fd01b25bd2c1907537e8547e8"},"headline":"Data protection digest 1-15 Jan 2025: mobile app permissions should work in conjunction with consent requirements &#8211; CNIL","datePublished":"2025-01-17T10:06:07+00:00","dateModified":"2025-02-20T14:50:45+00:00","mainEntityOfPage":{"@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-17012025-mobile-app-permissions-should-work-in-conjunction-with-consent-requirements-cnil\/"},"wordCount":2055,"publisher":{"@id":"https:\/\/techgdpr.com\/#organization"},"image":{"@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-17012025-mobile-app-permissions-should-work-in-conjunction-with-consent-requirements-cnil\/#primaryimage"},"thumbnailUrl":"https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/01\/smartphone-1184865_1280.png","keywords":["Artificial Intelligence","consent management","DORA","EU-US data transfer","GDPR Compliance","mobile devices"],"articleSection":["Data Protection Digest"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-17012025-mobile-app-permissions-should-work-in-conjunction-with-consent-requirements-cnil\/","url":"https:\/\/techgdpr.com\/blog\/data-protection-digest-17012025-mobile-app-permissions-should-work-in-conjunction-with-consent-requirements-cnil\/","name":"Data protection digest 1-15 Jan 2025: mobile app permissions should work in conjunction with consent requirements - CNIL - TechGDPR","isPartOf":{"@id":"https:\/\/techgdpr.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-17012025-mobile-app-permissions-should-work-in-conjunction-with-consent-requirements-cnil\/#primaryimage"},"image":{"@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-17012025-mobile-app-permissions-should-work-in-conjunction-with-consent-requirements-cnil\/#primaryimage"},"thumbnailUrl":"https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/01\/smartphone-1184865_1280.png","datePublished":"2025-01-17T10:06:07+00:00","dateModified":"2025-02-20T14:50:45+00:00","description":"TechGDPR\u2019s review of the most important data-related stories: mobile app permissions should work in conjunction with consent requirements","breadcrumb":{"@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-17012025-mobile-app-permissions-should-work-in-conjunction-with-consent-requirements-cnil\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/techgdpr.com\/blog\/data-protection-digest-17012025-mobile-app-permissions-should-work-in-conjunction-with-consent-requirements-cnil\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-17012025-mobile-app-permissions-should-work-in-conjunction-with-consent-requirements-cnil\/#primaryimage","url":"https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/01\/smartphone-1184865_1280.png","contentUrl":"https:\/\/techgdpr.com\/wp-content\/uploads\/2025\/01\/smartphone-1184865_1280.png","width":1280,"height":995,"caption":"mobile app"},{"@type":"BreadcrumbList","@id":"https:\/\/techgdpr.com\/blog\/data-protection-digest-17012025-mobile-app-permissions-should-work-in-conjunction-with-consent-requirements-cnil\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/techgdpr.com\/"},{"@type":"ListItem","position":2,"name":"Data protection digest 1-15 Jan 2025: mobile app permissions should work in conjunction with consent requirements &#8211; CNIL"}]},{"@type":"WebSite","@id":"https:\/\/techgdpr.com\/#website","url":"https:\/\/techgdpr.com\/","name":"TechGDPR","description":"","publisher":{"@id":"https:\/\/techgdpr.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/techgdpr.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/techgdpr.com\/#organization","name":"TechGDPR","url":"https:\/\/techgdpr.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/techgdpr.com\/#\/schema\/logo\/image\/","url":"https:\/\/staging.techgdpr.com\/wp-content\/uploads\/2018\/04\/TGDPR_logo_500px.png","contentUrl":"https:\/\/staging.techgdpr.com\/wp-content\/uploads\/2018\/04\/TGDPR_logo_500px.png","width":501,"height":334,"caption":"TechGDPR"},"image":{"@id":"https:\/\/techgdpr.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/techgdpr","https:\/\/www.linkedin.com\/company\/techgdpr"]},{"@type":"Person","@id":"https:\/\/techgdpr.com\/#\/schema\/person\/07e9c14fd01b25bd2c1907537e8547e8","name":"Olya Vasylyk","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/10\/readyIMG_3694-1-2-150x150.jpg","url":"https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/10\/readyIMG_3694-1-2-150x150.jpg","contentUrl":"https:\/\/techgdpr.com\/wp-content\/uploads\/2021\/10\/readyIMG_3694-1-2-150x150.jpg","caption":"Olya Vasylyk"},"description":"Creator and editor of TechGDPR\u2019s weekly Digest. Postgraduate masters Diploma in Data Protection, Digital law and Management. Over a decade Olga previously was a broadcast journalist in Ukraine and France specializing in international affairs.","url":"https:\/\/techgdpr.com\/blog\/author\/olyav\/"}]}},"_links":{"self":[{"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/posts\/10127","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/users\/21"}],"replies":[{"embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/comments?post=10127"}],"version-history":[{"count":14,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/posts\/10127\/revisions"}],"predecessor-version":[{"id":10370,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/posts\/10127\/revisions\/10370"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/media\/10128"}],"wp:attachment":[{"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/media?parent=10127"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/categories?post=10127"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techgdpr.com\/wp-json\/wp\/v2\/tags?post=10127"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}