The Italian Data Protection Authority, the Garante Privacy, has published a guidance note on the application of the GDPR addressed to both the public and private sectors, with particular attention to SMEs. The guidance highlights that the GDPR should form an integral part of an organization’s activities, especially when considering the rights of interested parties, the duties of controllers, and the transfer of personal data to third countries. Read the press release → (in Italian)
The Dutch Data Protection Authority (AP) has published its focus areas for 2023 which include among others processing of personal data on a large scale, such as a “search engine that processes personal data to show advertisements based on internet behavior”, and Algorithms and AI guidelines and brief rules concerning facial recognition in supermarkets and automated decision-making and profiling.
The Quebec Commission on Access to Information (CAI) has released guidelines on the validity of consent, in line with the requirements of an Act to modernize legislative provisions regarding the protection of personal information, which enters into force in September this year. The public may send in their comments until June 25, 2023. Access the press release → (in French)
Brazil’s National Data Protection Authority, the ANPD, announced that it has opened investigations into several companies and entities, including Telegram Messenger Inc, Meta’s WhatsApp, and TikTok. Read more here → (in Portuguese)
2) Notable Case Law
The Federal Trade Commission (FTC) announced that Amazon’s Ringcould be subject to a $5.8 million fine by way of consumer refunds and corrective measures. The FTC alleged that Ring employees had illegally surveilled customers and failed to halt hackers from taking control of users’ Ring cameras. Full details here →
In a separate proceeding, the FTC and the Department of Justice have announced the filing of a proposed order against Amazon’s Alexa for alleged violations of the Children’s Online Privacy Protection Act (COPPA), which includes a $25 million fine together with other corrective measures. Amazon’s response can be found here →
3) New and Upcoming Legislation
California: Assembly Bill 947 on the California Consumer Privacy Act sensitive personal information referred to Committee, and Senate Bill 287 on features that harm children on social media platforms passes the Senate committee and is ordered to third reading.
Connecticut: Senate Bill 1103 relating to AI, automated decision-making, and personal data privacy has been signed by the Governor.
Texas: House Bill 4 for the Texas Data Privacy and Security Act and House Bill 18 relating to the protection of minors on digital services were sent to the Governor.
4) Strong Impact Tech
The Wall Street Journal has reported that Meta has forwarded a request to the U.S. District Court for Washington, D.C. “to stop the U.S. Federal Trade Commission’s move to expand a 2020 settlement that would ban the company from monetizing data of users under the age of 18.”Learn more here →
According to The Guardian, a whistleblower has revealed a massive confidential data leak at the electric car manufacturer Tesla, which exposes the failure “to adequately protect data from customers, employees and business partners.” In addition, complaints about the driver assistance system were also exposed. Read here →
Other key information from the past weeks
Further to the record fine against Meta, IAB and several other leading industry associations are now urging EU leaders to reach a transatlantic agreement with the US.
The Canadian Office of the Privacy Commissioner (OPC) together with other provincial authorities have announced their investigation into ChatGPT.
TikTok employees allegedly shared user information on an internal messaging platform called Lark.