It's a never ending game of whack-a-mole, where Peter Swire already talked about technological escalation wars back in 2012 when chairing the W3C DNT efforts.
It used to be "it's not PII hence privacy legislation doesn't apply". The scope of action with respect to data privacy legislation has broadened, on both sides of the Atlantic.
Yet similar dodging techniques are now also being applied to actual existing and enforced legislation. Under the CCPA, the California Consumer Privacy Act, it's about not going beyond 25 million $ a year in revenue, avoiding employee data and this US based legislation not being applicable to governmental institutions (hail to surveillance capitalism fed by public authorities!).
We've long talked about ePrivacy being unclear while the legislator does move towards applying the GDPR also to digital data.
Those are the legislative loopholes but then also come the technical techniques Simo is going to talk about as we both come to the same conclusion: players are influencing the data, possibly seeing a way to compete not on analytics but on privacy?
As companies, even US based ones such as Apple and Microsoft, recognise privacy to be a fundamental right, let's explore which risks companies are facing and what some of the emerging best practices could look like.