In a move toward resolving difficulties related to post-Brexit laws controlling trade with Northern Ireland, Britain and the European Union agreed on a way forward on data-sharing on Monday (9 January). Read here →
The Information Commissioner‘s Office (ICO) has published a “Direct Marketing Detailed Guidance”, further to an investigation into data protection compliance in the field of direct marketing data broking organisations, and the organisations which use the marketing services of such data brokers. Official text here → 🚀 Short on time? We’ve summarized the guidance on our blog →
The European Commission received a notification from four major telecoms companies namely Deutsche Telekom AG, Orange S.A., Telefónica S.A., and Vodafone Group Plc of a proposed concentration in terms of Article 4 of Council Regulation (EC) No 139/2004, with the intention of creating a joint venture. Access here →
2) Notable Case Law
Meta Platforms Ireland Limited (Meta Ireland) was fined 210 million euros by Ireland’s Data Protection Commission for violating the EU General Data Protection Regulation (GDPR) for its Facebook service and 180 million euros for violating the GDPR in relation to its Instagram service. A total fine of 390 million euros resulted from this. Read about the decision here → 🚀 For more background on this breaking news, check out our previous article on the matter.
The French Data Protection Authority (CNIL) fined Apple Distribution International 8 million euros for neglecting to notify iPhone consumers (specifically those running iOS 14.6) that advertisement monitoring was occurring as they accessed the Apple App Store. The Authority‘s decision can be found here → (In French)
3) New and Upcoming Legislation
New Jersey Senate – Senate Bill 332 was introduced in the New Jersey Senate in January 2022. S332 was amended and released on December 19, 2022. In particular, S332 would mandate that commercial websites and online services tell users when personally identifiable information is collected and disclosed and give them the option to opt out of such processing. Access the official text here →
Slovenia – The Data Protection Act, which incorporates the GDPR into Slovenian legislation, was adopted by the Slovenian National Assembly. This Act governs the national specifics of personal data protection and extends the scope of human rights to include both the protection of an individual’s personal data and their right of access to personal data gathered by businesses. In addition, the Act gives individuals the option to file a lawsuit for the misuse of their personal data. Read more here → (In Slovenian)
4) Strong Impact Tech
The Illinois First District Appellate Court determined that Apple’s facial recognition and fingerprint toolscomplied with the Illinois Biometric Information Privacy Act (BIPA) and did not infringe on its provisions. Since users willingly used these capabilities and their data was held on their own devices rather than by Apple on separate servers, it was determined that these tools were in compliance with privacy legislation. Reported here →
As of the 10th of January 2023, one of the most controversial areas of AI advancements will be subject to the regulatory authority of the Cyberspace Administration of China which will begin enforcing its regulation over “deep synthesis” technologies. Reported here →
Other key information from the past weeks
The European Commission, the Council of the European Union and the European Parliament signed the “Declaration on EU digital rights and principles”.
Meta recently banned at least seven businesses from Facebook for engaging in “surveillance-for-hire activities”.
The US Federal Trade Commission has just launched an investigation into Twitter.