A German court has ruled sharing IP addresses with US-based servers for cookie consent is unlawful under Schrems II. The Wielsbaden Administrative Court found that a German university using a cookie preference service that shared IP addresses of end users with a company headquartered in the US was in violation because users could be identified by using the IP addresses and a key that is stored in the user’s browser.
A survey by Ebiquity and Cookiebot CPM tracked nearly 200,000 3rd party marketing cookies (3PMCs) conducted from an IP in the EU and found more than 32% were fired prior to site visitors granting consent. This poses a major concern in the context of international data transfer regulations, since more than 70% of all 3PMCs transfer to non-EU territories, so is in violation of GDPR.
The US and allies have elevated concerns about cybercriminals to the level of national security. This week, the US Cyber Command’s top general confirmed the military in cooperation with law enforcement is tracking ransomware groups. Canada imposed similar measures, and Ireland stepped up its activities following cyberattacks that disrupted healthcare in the country. Concerns have grown as infrastructure that promotes critical services, such as healthcare and pipelines, have been targeted.
Preliminary findings by the European Commission state that Apple and Google are in violation of the EU’s Digital Markets Act. Among the findings, Google Search is accused of prioritizing Google’s own products and services in results; Apple is instructed to improve interoperability between iOS and third-party devices. The companies now have an opportunity to respond.