Digital Privacy and Data Regulation
Websites break California privacy law at ‘industrial scale,’ survey finds (Themarkup)
Summary: An audit by webXray of over 7,000 popular websites accessed from California found widespread noncompliance with the California Consumer Privacy Act’s Global Privacy Control (GPC) signal. Major platforms like Google, Microsoft, and Meta were found to ignore or fail to check for the signal in a majority of instances, with Google tracking users 86% of the time despite receiving it. The report’s author, a former Google privacy engineer, describes this as ‘industrial-scale noncompliance,’ suggesting technical fixes are trivial but not implemented. The California Privacy Protection Agency has previously levied fines for such violations, and the scale of noncompliance suggests potential liability in the billions of dollars.
Why it matters: This exposes a systemic enforcement gap where technical compliance is performative, forcing regulators to choose between crippling fines that could destabilize ad-funded web services or accepting that a core privacy right is functionally unenforced.
Context: The CCPA and its enforcement agency have positioned the GPC signal as a cornerstone of user autonomy, but its efficacy relies on voluntary technical adoption by the tracking industry. This audit provides empirical, large-scale evidence that the industry’s operational practices diverge sharply from its public compliance statements.
"“They don’t make any substantive effort to comply,” said Tim Libert, founder and chief executive of webXray." — THEMARKUP
Commentary: The gap between corporate statements and technical reality shifts the regulatory burden from persuasion to forensic auditing and punitive action. For the CPPA, the report is a direct challenge: either escalate enforcement to a scale that materially alters industry cost-benefit calculations, or concede that the GPC is an unenforceable standard. The ‘operational purposes’ defense cited by Microsoft could become a central battleground for defining the limits of consent.
Date: Tue, 21 Apr 2026 08:00:00 -0400
URL: https://themarkup.org/privacy/2026/04/21/websites-break-california-privacy-law-at-industrial-scale-survey-finds
AI Sentiment Score: Negative (66%)
AI Credibility Score: 10.0/10 — High
Scores and text generated by AI analysis of the source article indicated.We Updated Our Privacy Policy. Here’s What Changed and Why. (Eff)
Summary: The Electronic Frontier Foundation has updated its privacy policy, introducing a substantive change: opt-in email tracking for campaign effectiveness analysis. This stands in stark contrast to the industry norm of covert, nonconsensual tracking. Other updates include eliminating persistent ID cookies on its main domain, increasing transparency for third-party tools, and clarifying data retention and GDPR procedures.
Why it matters: EFF’s policy shift demonstrates a real-world, operational attempt to reconcile advocacy principles with organizational needs, setting a precedent for how privacy-first entities can implement measurement without violating user trust.
Context: Nonconsensual email tracking via pixels is endemic, with an estimated two-thirds of emails containing such trackers. EFF has long advocated for opt-in consent as a legal standard, a principle not yet widely enacted in law.
"We know what you’re thinking: Doesn’t EFF strongly oppose nonconsensual tracking? You bet we do. Sneaky email tracking is ubiquitous on the web and EFF’s opposition to it remains unchanged. We have never used email tracking pixels and we’re not changing that." — EFF
Commentary: The move is a tactical concession to operational reality—list hygiene and campaign optimization—within a principled opt-in framework. It creates a litmus test for other nonprofits and platforms: if EFF, the standard-bearer, adopts tracking under these conditions, it legitimizes the practice but raises the bar for consent. The risk is a normalization of tracking, but the enforcement of a strict opt-in default could pressure mailing platforms to offer it as a standard feature, shifting market expectations.
Date: Mon, 18 May 2026 18:03:04 +0000
URL: https://www.eff.org/deeplinks/2026/05/we-updated-our-privacy-policy-heres-what-changed-and-why
AI Sentiment Score: Negative (83%)
AI Credibility Score: 10.0/10 — High
Scores and text generated by AI analysis of the source article indicated.It’s easier for Californians to escape data brokers following a Markup investigation (Themarkup)
Summary: Following a 2023 investigation by The Markup and CalMatters, which found 35 registered California data brokers using ‘no-index’ code to hide their data-deletion pages from search engines, a follow-up review shows significant compliance. Only eight of the original 35 brokers continue the practice. This shift followed direct pressure from a U.S. Senate committee investigation led by Sen. Maggie Hassan, which engaged with five major brokers; four complied immediately, and the fifth, Findem, belatedly followed. The enforcement action demonstrates how investigative reporting can catalyze regulatory scrutiny and alter corporate behavior, even within a framework of existing law.
Why it matters: This shows a tangible, if incremental, shift in enforcement posture where public reporting and legislative pressure can compel compliance with consumer privacy rights, setting a precedent for how state-level regulations can be activated.
Context: The California Consumer Privacy Act (CCPA) mandates data brokers register and provide a clear deletion mechanism, but enforcement relies heavily on consumer awareness and action. This incident highlights the gap between statutory rights and practical accessibility.
"The Markup, now a part of CalMatters, uses investigative reporting, data analysis, and software engineering to challenge technology to serve the public good. Sign up for Klaxon, a newsletter that delivers our." — THEMARKUP
Commentary: The reduction from 35 to eight hiding brokers represents a meaningful, though incomplete, win for procedural transparency. The Senate committee’s involvement, triggered by reporting, illustrates a low-cost enforcement model: targeted oversight letters can yield compliance where diffuse consumer action fails. However, the persistence of eight holdouts, and the case of BrightCheck’s broken page and lapsed registration, underscores the limits of this ad-hoc approach and the need for systematic monitoring and penalties for non-compliance.
Date: Fri, 22 May 2026 08:00:00 -0400
URL: https://themarkup.org/privacy/2026/05/22/its-easier-for-californians-to-escape-data-brokers-following-a-markup-investigation
AI Sentiment Score: Negative (83%)
AI Credibility Score: 10.0/10 — High
Scores and text generated by AI analysis of the source article indicated.EFFecting Change: LGBTQ+ Solidarity Against the Tide of Surveillance (Eff)
Summary: The Electronic Frontier Foundation (EFF) is hosting a livestream panel titled ‘LGBTQ+ Solidarity Against the Tide of Surveillance.’ The event features digital policy experts Paige Collings and Jillian C. York, focusing on the intersection of targeted surveillance, platform policies, and government pressure on LGBTQ+ communities. The stated aim is to move from analysis to actionable strategies for building safer virtual spaces and demanding platform accountability.
Why it matters: This signals a tactical pivot by a leading digital rights organization toward coalition-building and direct action, framing surveillance not just as a privacy issue but as a mechanism of systemic oppression requiring community-led resistance.
Context: This event occurs against a backdrop of increasing legislative and platform-level actions targeting LGBTQ+ content and communities, often justified under child safety or ‘anti-grooming’ narratives, which digital rights groups argue enable discriminatory surveillance.
"Her work focuses on highlighting how state surveillance and corporate restrictions stifle marginalized communities and perpetuate historic injustices and harm." — EFF
Commentary: The EFF’s framing explicitly links contemporary digital surveillance to historic patterns of oppression, a significant rhetorical and strategic shift. This moves the debate from abstract privacy principles to concrete harms, potentially mobilizing new constituencies and pressuring platforms under a justice-based accountability model rather than a purely technical one. The focus on ‘direct action’ and ‘concrete strategies’ suggests an operational turn towards community defense, which could test the limits of legal advocacy and influence platform governance from the outside.
Date: Mon, 18 May 2026 20:20:36 +0000
URL: https://www.eff.org/event/effecting-change-lgbtq-solidarity-against-tide-surveillance
AI Sentiment Score: Negative (60%)
AI Credibility Score: 10.0/10 — High
Scores and text generated by AI analysis of the source article indicated.Background checks to curb dating app violence advance in California legislature (Themarkup)
Summary: A California Senate committee has advanced a bill requiring online dating services to conduct criminal background checks on users and flag profiles of those convicted of violent felonies, sex offenses, domestic violence, assault, or hate crimes. The bill, authored by Sen. Caroline Menjivar, cites high rates of sexual assault linked to dating apps and investigative reporting showing platforms like those owned by Match Group retain users accused of violence. Industry groups and some legislators, including Sen. Scott Wiener, oppose the measure on privacy grounds and operational burden, arguing it creates a ‘scarlet letter’ for users. The author plans to amend the bill before a privacy committee hearing.
Why it matters: This bill represents a direct regulatory attempt to shift liability and operational standards for user safety onto dating platforms, setting a precedent that could redefine trust and verification in social discovery industries.
Context: This follows years of investigative pressure on Match Group and similar platforms over user safety, alongside a broader legislative trend in California imposing duty-of-care and transparency mandates on tech companies.
"The Markup, now a part of CalMatters, uses investigative reporting, data analysis, and software engineering to challenge technology to serve the public good. Sign up for Klaxon, a newsletter that delivers our." — THEMARKUP
Commentary: The bill operationalizes a public registry model within private platforms, forcing companies to become de facto law enforcement adjacents. Compliance will require costly identity verification stacks and expose platforms to litigation over misidentification. Passage would likely trigger copycat legislation in other states and accelerate the bifurcation of dating markets into ‘vetted’ and ‘unvetted’ tiers, with significant implications for user growth and engagement metrics.
Date: Fri, 17 Apr 2026 14:00:00 -0400
URL: https://themarkup.org/news/2026/04/17/dating-apps-would-bestow-scarlet-letter-under-safety-bill-advancing-in-the-california-legislature
AI Sentiment Score: Positive (42%)
AI Credibility Score: 10.0/10 — High
Scores and text generated by AI analysis of the source article indicated.Post ID: b8f2a236