1 comment

[ 2.9 ms ] story [ 11.6 ms ] thread
This is unsurprising. The so-called "IP Anonymization" setting does not prevent Google from seeing the full IP address in the clear; it's just a configuration setting of what Google promises they'll do with the data after they collect it.

The effect of the Schrems II ruling was to establish a threat model that regulators and lower courts must use when considering data transfers to the United States. That threat model is more-or-less "US law enforcement can hold a gun to the head of any US company and obtain whatever data they want." A configuration setting that happens after data collection offers no protection against this threat model.

The rejection of the risk-based approach is interesting. The risk-based approach is basically "the only data we're processing is a randomly-generated GUID stored in a first-party cookie, is that really a big deal?" And the regulator's decision is, "doesn't matter." There can be arguments for and against; my own two cents is that risk doesn't compose, and that data privacy leaks are tricky. You can do a lot by combining low-risk data points, and there are contextual situations were seemingly-low-risk data becomes sensitive. GDPR might be going overboard, but it's reasonable to say that all data has a baseline risk profile.