Hesse: HBDI warns against browser settings that allow unlawful data transfers
The Hessen data protection authority ('HBDI') issued, on 3 November 2022, a statement warning responsible bodies to check the settings of the browsers they use for any data unintentionally transmitted to browser manufacturers. In particular, the HBDI stated that some browsers may incorporate cloud-based functionalities to support users in comfortably using the internet, e.g. through offering 'improved' or 'intelligent' writing support for user input, functionalities, which, if active on the browser, may mean that all user input is generally transmitted to the browser manufacturer's server without a legal basis.
In this regard, the HBDI noted that it is aware of concrete cases where such functionalities had been unnoticeably activated on a browser in connection with an update, which led to the transmission of personal data to browser manufacturers. As such, the HBDI advised that responsible bodies in Hesse check the settings of the browsers they use and make adjustments if necessary to ensure compliance with data protection rules. To this end, the HBDI also noted that responsible bodies fearing dangers to IT security by activating intelligent writing support on browsers may contact the local contact persons for information security and/or the respective IT specialists on site.
You can read the press release, only available in German, here.