Welcome to the first Bolt Legal + Privacy Digest, a monthly roundup of the best content about the latest retail regulations and privacy announcements, and how Bolt is staying ahead of the ever-changing legal landscape.
How Bolt is protecting shoppers
Bolt GDPR Whitepaper
Privacy is at the heart of everything we do, and so, we ensure that our platform and our merchants comply with the prevailing regulations. The most well known is GDPR — a set of privacy laws that all European companies must follow. GDPR was created to provide greater protections for individuals and change how businesses handle their information. Our recently published GDPR Whitepaper details how Bolt’s products and services comply with this critical regulation. We are proud to continue being the most innovative and trailblazing company when it comes to our products, services, values, and culture!
What’s trending in legal and privacy
The Death of Cookies – The e-Privacy Regulation
France joins Austria and Norway in ruling Google Analytics violates GDPR
The Austrian and Norwegian Data Protection Authority recently ruled that the use of Google Analytics violates GDPR, and just weeks after, France’s Data Protection Authority CNIL reached a similar decision. In its decision, the CNIL said data collection and transfers to the United States using Google Analytics “are illegal,” violating Article 44 of GDPR. Google has not yet issued a response to the CNIL’s decision, but in a previous statement on Austria’s ruling, President of Global Affairs and Chief Legal Officer Kent Walker urged a “quick action to restore a practical framework that both protects privacy and promotes prosperity,” the IAPP reports.
The Colorado Attorney General’s office is beginning the rulemaking process for the Colorado Privacy Act (ColoPA).
The ColoPA is similar to other privacy laws—such as the California Consumer Privacy Act (CCPA), California Consumer Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), and the EU General Data Protection Regulation (GDPR)—in that it focuses on data rights of consumers, consents and opt-outs, and responsibilities of data controllers and processors. Although the ColoPA does not come into force until July 1, 2023, the Attorney General noted that his office “expect[s] to be in a position to adopt final rules around a year from now,” Wilson Sonsini reports.
Pret A Manger settles class-action over fingerprint scanning its workers
Sandwich chain Pret A Manger has agreed to pay more than $677,000 to resolve a class-action lawsuit in Illinois alleging the company collected and stored nearly 800 employees’ fingerprints via their time-keeping system without providing proper notice to their employees. The suit alleges that Pret A Manger violated the Illinois Biometric Information Privacy Act of 2008 (the strictest biometric law in the nation) by failing to obtain written consent from workers before requiring them to use a fingerprint time clock and allegedly failing to provide workers and the public with notices explaining why it required the scans and what it would do with biometric data, SHRM reports.
Apple’s new “Ask App Not to Track” feature is costing Meta billions
Meta’s primary source of revenue is through its advertising, which is built upon the massive database of user information it has from operating some of the world’s largest social network platforms such as: Facebook, Instagram, and WhatsApp. The new Apple feature released in April 2021 allows iPhone users to choose which apps are allowed to track their behavior across other apps — a vast majority of users have opted out (over 95% of users that have downloaded the 14.5 update) which is estimated to cost Meta $10 billion in lost revenue, says Meta CFO David Wehner. Facebook has also reported its first ever decrease in users and Meta’s has taken a major hit recently, Business Insider reports.