NOYB has filed a series of complaints against websites and data brokers that did not correctly address access requests using cookies as an authentication factor. Read here →
“Privacy by design and privacy by default” guide has been published by the Spanish autonomous region of Catalonia’s DPA, with the aim “to enable developers, and controllers who commission them to develop applications, to identify the different important elements for personal data protection, and the steps that can be taken to deal with it right from the moment of design.” Access here →
2) Notable Case Law
The German Federal Cartel Office published Procurement Chamber Decision No. VK2-114/22. The decision concerned the potential exclusion of a bid made by a German data processor which is a subsidiary of a US parent company, on the grounds of GDPR violations in association with unlawful data transfers to the US.
TV2 Média Csoport Zrt (TV2), which operates two websites, was fined the equivalent of approximately 25,000 euros by the Hungarian Supervisory Authority for failure to maintain legal compliance of its cookie consent management framework. Read about the decision here →
The US Federal Trade Commission issued a proposed order banning the BetterHelp organization from revealing consumers’ data, including sensitive mental health information, to social media giant Facebook and other entities for targeted advertising. BetterHelp was ordered to pay a $7.8 million fine for deceiving consumers after promising to keep sensitive personal data private. Reported here →
3) New and Upcoming Legislation
UK: The House of Commons has introduced the Data Protection and Digital Information (No. 2) Bill which intends to regulate among others the processing of information of identifiable individuals including their biometric data, accessing privacy and electronic communications.
Kentucky: Senate Bill No. 15 on consumer data privacy has moved forward and was referred to the Rules Committee with amendments.
Texas:House Bill No. 18 which relates to the protection of minors from harmful, deceptive, or unfair trade practices in connection with the use of certain digital services was read for the first time and referred to the House Youth Healthy and Safety Committee.
US Senate: The Parental Data Rights Act was introduced pursuant to a bill “To permit parents to bring a civil action against social media companies that fail to provide parental access and data control rights with respect to the social media accounts of minor children, and for other purposes” by U.S. Senator for Missouri. Read here →
California: A joint letter was sent to the U.S. Congress by the Governor of California, the California Attorney General, and the Executive Director of the California Privacy Protection Agency, opposing the pre-emption provisions in the American Data Privacy and Protection Act. Press Release →
4) Strong Impact Tech
The BfDi has published FAQs in relation to the TrustPID platform, which is currently under construction. The platform may be seen as an alternative to the widespread personalized advertising based on third-party cookies, and it is intended to recognize users pursuant to their IP address. Press release →
Canada follows suit of its European and American counterparts and announces a ban on the use of TikTok on government mobile devices. Reported here →
Other key information from the past weeks
The EDPB has published 3 new guidelines. The guidelines offer designers and social media users recommendations on how to avoid deceptive design patterns.
The Brazilian Data Protection Authority (ANPD) published regulations for the application of administrative sanctions, which will empower the ANPD to give sanctions for non-compliance with the General Data Protection Law.
The Australian government has agreed to significant metadata reform. The Mandatory Data Retention Regime helps law enforcement and intelligence services immensely, yet it lacks openness and sufficient protections.