Bolt Legal + Privacy Digest—February 2022

Welcome to the first Bolt Legal + Privacy Digest, a monthly roundup of the best content about the latest retail regulations and privacy announcements, and how Bolt is staying ahead of the ever-changing legal landscape.&nbsp;<h2>How Bolt is protecting shoppers</h2>Bolt GDPR WhitepaperPrivacy is at the heart of everything we do, and so, we ensure that our platform and our merchants comply with the prevailing regulations. The most well known is GDPR — a set of privacy laws that all European companies must follow. GDPR was created to provide greater protections for individuals and change how businesses handle their information. Our recently published <a href="https://www.bolt.com/gdpr-whitepaper/">GDPR Whitepaper</a> details how Bolt’s products and services comply with this critical regulation. We are proud to continue being the most innovative and trailblazing company when it comes to our products, services, values, and culture!&nbsp;<h2>What’s trending in legal and privacy</h2>The Death of Cookies - The e-Privacy RegulationThe end of the cookie era draws near! No, not the chocolate chip type you dunk in a glass of milk; but the type placed on your web browser that can track your online activity. The use of these cookies range from helping the site actually work to determining which ads to serve users. New privacy regulations however, are set to enforce stricter rules on the use of cookies without receiving proper prior consent. The e-Privacy Regulation aims to protect the personal data of online communications and stricter rules on consent for cookies. The business impact of the e-Privacy Regulation will be significant as all major companies use cookies—whether their own or from a third party—to improve their website and for marketing purposes.<a href="https://www.bolt.com/blog/death-of-cookies/">Read Full Story</a>France joins Austria and Norway in ruling Google Analytics violates GDPRThe Austrian and Norwegian Data Protection Authority recently ruled that the use of Google Analytics violates GDPR, and just weeks after, France’s Data Protection Authority CNIL reached a similar decision. In its decision, the CNIL said data collection and transfers to the United States using Google Analytics “are illegal,” violating Article 44 of GDPR. Google has not yet issued a response to the CNIL’s decision, but in a previous statement on Austria’s ruling, President of Global Affairs and Chief Legal Officer Kent Walker urged a “quick action to restore a practical framework that both protects privacy and promotes prosperity,” the IAPP reports.<a href="https://iapp.org/news/a/cnil-is-latest-authority-to-rule-google-analytics-violates-gdpr/">Read Full Story</a>The Colorado Attorney General's office is beginning the rulemaking process for the Colorado Privacy Act (ColoPA).The ColoPA is similar to other privacy laws—such as the California Consumer Privacy Act (CCPA), California Consumer Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), and the EU General Data Protection Regulation (GDPR)—in that it focuses on data rights of consumers, consents and opt-outs, and responsibilities of data controllers and processors. Although the ColoPA does not come into force until July 1, 2023, the Attorney General noted that his office "expect[s] to be in a position to adopt final rules around a year from now," Wilson Sonsini reports.<a href="https://www.wsgr.com/en/insights/colorado-attorney-general-announces-privacy-rulemaking.html?utm_campaign=Newsletter&amp;utm_medium=email&amp;_hsmi=202962806&amp;_hsenc=p2ANqtz--ttA6qe3EsnyV8Ou_XxblSoZHulUrfL2OKnPJ6IXeAS936ksr693vdhO-BmKlufH-wPZ7JGf2kcK0XPl7wXQXDtb1YOQ&amp;utm_content=202962806&amp;utm_source=hs_email">Read Full Story</a>Pret A Manger settles class-action over fingerprint scanning its workersSandwich chain Pret A Manger has agreed to pay more than $677,000 to resolve a class-action lawsuit in Illinois alleging the company collected and stored nearly 800 employees' fingerprints via their time-keeping system without providing proper notice to their employees. The suit alleges that Pret A Manger violated the Illinois Biometric Information Privacy Act of 2008 (the strictest biometric law in the nation) by failing to obtain written consent from workers before requiring them to use a fingerprint time clock and allegedly failing to provide workers and the public with notices explaining why it required the scans and what it would do with biometric data, SHRM reports.&nbsp;<a href="https://www.shrm.org/resourcesandtools/hr-topics/technology/pages/illinois-biometric-privacy-lawsuits.aspx?utm_campaign=Newsletter&amp;utm_medium=email&amp;_hsmi=202962806&amp;_hsenc=p2ANqtz-_intBQCAn7GRVb0nz6vPX8GMEtbVi1BR9WD9vbgnby5YuBBhgqhviSsD0keYHF115fLcxhJFDahLk1ypBpRNENWJtJNg&amp;utm_content=202962806&amp;utm_source=hs_email">Read Full Story</a>Apple’s new “Ask App Not to Track” feature is costing Meta billionsMeta's primary source of revenue is through its advertising, which is built upon the massive database of user information it has from operating some of the world's largest <a href="https://www.insiderintelligence.com/insights/generation-z-facts">social network platforms</a> such as: Facebook, Instagram, and WhatsApp. The new Apple feature released in April 2021 allows iPhone users to <a href="https://www.businessinsider.com/apple-ios-145-privacy-changes-spark-low-opt-in-rates-and-falling-ad-prices-2021-5">choose which apps are allowed to track their behavior</a> across other apps — a vast majority of users have opted out (over 95% of users that have downloaded the 14.5 update) which is estimated to cost Meta $10 billion in lost revenue, says Meta CFO David Wehner. Facebook has also reported its first ever decrease in users and Meta’s has taken a major hit recently, Business Insider reports.<a href="https://www.businessinsider.com/facebook-blames-apple-10-billion-loss-ad-privacy-warning-2022-2">Read Full Story</a>