Ireland’s Data Protection Commission released its 2022 annual report, which detailed its workload and regulatory accomplishments over the past year. Read the press release here →
The Slovenian Information Commissioner has published an information page on joint controllership. The new information page serves to assist organizations in determining what elements joint controllers should include in their agreement and what information should be provided to individuals. Access the announcement here →
The Czech Republic’s Office for Personal Data Protection (UOOU) published FAQs in relation to cookie bars and consent. See the FAQs here →
2) Notable Case Law
The Finnish Data Protection Authority imposed an administrative penalty of 440,000 euros on Suomen Asiakastieto Oy, (a consumer credit company involved in maintaining credit registers with information derived from legally binding judgments) for not complying with the Data Protection Officer’s orders. Read about the decision here → (in Finnish)
Following an investigation in relation to a ransomware attack that had taken place in 2020, the Securities and Exchange Commission (SEC) fined Blackbaud, Inc., $3 million for violations of the Securities Act and the Securities Exchange Act. The Authority‘s order can be found here →
3) New and Upcoming Legislation
US law updates:
Hawaii: Senate Bill 974 relating to consumer data protection passes first reading in House of Representatives
Minnesota: House Bill 2257 for Age-Appropriate Design Code Act was referred to the Judiciary Finance and Civil Law Committee
Texas: House Bill 2155 on social media algorithms targeting minors passes its first reading
Tennessee: House Bill 1181 for an Information Protection Act has been placed on the House Subcommittee Calendar
New Hampshire: Senate Bill 255 on expectation of privacy ought to pass with an amendment as per Committee Report
Florida: House Bill 1547 on technology transparency was introduced to House of Representatives
Iowa: Senate Bill 262 for consumer data protection has passed the State Senate
4) Strong Impact Tech
The European Union Agency for Cybersecurity (ENISA) recently published two reports. The first report concerns eSIMs technology security challenges, whilst the second report investigates security issues for fog and edge computing in 5G. Access here →
The proposed U.K. Online Safety Bill was not received lightly by WhatsApp’s parent company, Meta. WhatsApp’s U.K. operations may become subjected to provisions which would allow the U.K. Office of Communications to require WhatsApp “to implement content moderation policies”. This would necessitate WhatsApp to break end-to-end encryption, a position that WhatsApp is not willing to take. Reported here on our blog →
Other key information from the past weeks
NOYB has filed a series of complaints against websites and data brokers that did not correctly address access requests using cookies as an authentication factor.
Canada follows suit of its European and American counterparts and announces a ban on the use of TikTok on government mobile devices.
The EDPB has adopted its opinion on the European Commission’s draft adequacy decision regarding the EU-US Data Privacy Framework.