Following the approval by the Belgian Data Protection Authority of the new action plan, IAB Europe CEO Townsend Feehan said the mandated implementation will come over the next six months, but concerns remain over “operating changes” that “may ultimately be found inadequate” by the Court of Justice of the European Union. Read here →
On 12.01.2023, the US and UK governments announced that an inaugural meeting was held in Washington DC which was attended by four senior government officials and concentrated on the US-UK Comprehensive Dialogue on Technology and Data. The prime focus of these discussions addressed the implementation of a data bridge between the US and the UK, collaboration to facilitate globally trusted data flows and strengthening UK-US collaboration on artificial intelligence both at a research and development level. Access here →
On 12.01.2023, the Governor of North Carolina, Roy Cooper, signed executive Order no. 276 which has the effect of prohibiting the use of certain applications or websites on state agency information technology systems, thereby curtailing cybersecurity threats. The order explicitly prohibits the use of TikTok and WeChat and any other applications which could have the potential of posing unacceptable cybersecurity risks. Press release here →
2) Notable Case Law
The Italian Data Protection Authority (Garante per la protezione dei dati personali) issued an injunction order against Amazon Italia Logistica Srl, together with a 20,000 euros administrative fine, for failing to provide a former employee with a detailed explanation of the basis for the denial of his access request concerning Amazon certification for internal courses done as well as the delay in providing other personal data, including also the employee’s health file. The Authority’s summary can be found here → (In Italian)
An Austrian citizen requested Österreichische Post to disclose with whom his personal data had been disclosed. Due to the vague reply given by Österreichische Post, the citizen took matters to the Austrian courts where it resulted that his personal data had been disclosed to a number of recipients including also advertisers. An official release here →
3) New and Upcoming Legislation
The Swedish Presidency of the Council of the European Union circulated potential compromises for outstanding issues with the proposed Data Act. Swedish leadership, which took control on Jan. 1, sought guidance from member states on how to proceed with the proposal, offering policy options for individual areas of concern. Topics discussed include small and medium-sized business exemptions and public entity access to private data. Reported here →
Dentons Canada Privacy and Cybersecurity National Practice Leader Chantal Bernier said that Canada is set to potentially enact a number of significant private sector privacy law amendments at both the federal and provincial levels. Read more here →
🇺🇸 US Law Updates:
New Hampshire: On 9.01.2023 the New Hampshire House of Representatives introduced bill 314 concerning the expectation of privacy in the collection and use of personal information. The bill can be accessed here →
Virginia: In the State of Virginia, both the House (House Bill 1688) and the Senate (Senate Bill 1026) further proposed amendments concerning children’s rights in the Consumer Data Protection Act.
Indiana: State Senator Liz Brown reintroduced Senate Bill 5 to the Indiana Senate which serves to amend the Indiana Code concerning trade regulation and in particular introduces a new Article 15 which focuses on consumer data protection. The bill can be accessed here →
4) Strong Impact Tech
European Commission Vice President Věra Jourová met TikTok CEO Shou Zi Chew in Brussels last week where the controversial social media platform came under fire amid privacy concerns. European Commission officials warned TikTok to respect EU laws, with Vice President Jourová reminding the CEO that it expects to “count on TikTok to fully execute its commitments to go the extra mile in respecting EU law and regaining [the] trust of [the] European regulator.” Reported here →
Big tech came under great scrutiny last week by President Joe Biden as he vowed to ensure that technological advancements should not be at the expense of privacy violations, in particular where minorities, women and children are concerned. Read more here →
Scott Air Force which is located in Illinois US is working on adopting verification and identification algorithms for a facial recognition pilot which would update and facilitate base entrance access. The base already has an automated system for vehicles that enter the base. However, the base is exploring more expedient methods of entry with 1:1 (one’s face is verified against the ID presented) or 1:N (a live image is matched against a database of up to 10,000 images) verification. Access here →
Privacy by design is set to become an international privacy standard for the protection of consumer and product services and also an ISO Standard in February 2023. More here →
Other key information from the past weeks
Meta Platforms Ireland Limited (Meta Ireland) was fined 210 million euros by Ireland’s Data Protection Commission for violating the EU General Data Protection Regulation (GDPR) for its Facebook service and 180 million euros for violating the GDPR in relation to its Instagram service.
The French Data Protection Authority (CNIL) fined Apple Distribution International 8 million euros for neglecting to notify iPhone consumers (specifically those running iOS 14.6).
In a move toward resolving difficulties related to post-Brexit laws controlling trade with Northern Ireland, Britain and the European Union agreed on a way forward regarding data-sharing.