The United States and the United Kingdom have announced the Atlantic Declaration for a Twenty-First Century U.S.-UK Economic Partnership, which among other areas will address the commitment of both countries to partner on an “Inclusive and Responsible Digital Transformation”. Read here →
The European Data Protection Supervisor (EDPS) has issued its latest newsletter which addresses among others the relationship between artificial intelligence and human intelligence, the attendance at the Computer Privacy & Data Protection (CPDP) 2023 event, the cooperation between the EDPS and Data Protection Officers network and the concept of Fame vs. Privacy: data protection dilemma for Gen Z and Gen Alpha. Access here →
Further to concerns displayed by EU antitrust regulators in relation to Meta’s data collection services, the Bundeskartellamt (German Federal Cartel Office FCO) has announced that Meta will introduce a new overview of data sharing regulations for its Facebook and Instagram users. Read here →
The Lithuanian State Data Protection Inspectorate (VDAI) has published frequently asked questions (FAQs) in relation to the use of EU Standard Contractual Clauses (SCCs) which are only applicable between data controller and data processor relationships, should they opt to use them. Access here → (in Lithuanian)
2) Notable Case Law
The Swedish Data Protection Authority (IMY) has fined the music streaming service Spotify 58 million Swedish Krona (€5 million equivalent) for failing to properly inform users how their personal data is processed by the company. The decision was reached in conjunction with several other data protection authorities since Spotify has users in many countries and further to court action commenced before the Swedish courts by noyb. Read about it on our blog →
The Garante Privacy has requested information from TikTok Technology Ltd in relation to statements issued by a former executive of “Byte Dance”, on alleged access to users’ personal data by the Chinese Communist Party, including data of both Italian and European users. TikTok has a 15-day period within which to respond to the Garante Privacy request. The press release can be found here → (in Italian)
The Netherlands Data Protection Authority (AP) has opened an investigation into OpenAI’s ChatGPT data processing practices and their compliance with the GDPR. The AP has sent a letter wherein it has requested, “among other things, how OpenAI handles personal data when training the underlying system.”Read about the investigation here → (in Dutch)
The Federal Trade Commission (FTC) has issued a proposed order requiring Microsoft to pay $20 million over charges that it illegally collected and retained personal information from children without their parents’ consent pursuant to its Xbox gaming system. The press release can be found here →
3) New and Upcoming Legislation
US law updates:
New York: Senate Bill 365 for privacy act passes Senate and is delivered to Assembly.
Connecticut: Senate Bill 1103 for an Act concerning Artificial intelligence, automated decision-making and personal data privacy was signed by the Governor of Connecticut.
Florida: Senate Bill 262 creating the Florida Digital Bill of Rights was signed by the Governor of Florida, Ron DeSantis, and will enter into effect on July 1, 2024. The Digital Bill of Rights will apply to persons that conduct business in Florida or provide a product or service used by residents of Florida and processes or engages in the sale of personal data. However, there is a catch since the Bill only applies to companies with a revenue upwards from $1 billion.
4) Strong Impact Tech
Cyberscoop has reported that several privacy experts are raising the alarm on geolocation data being shared with generative artificial intelligence. The Managing Director for the AI Now Institute has said that “There’s a whole host of reasons to be concerned about the security of location data and its implications for the privacy of users of the system.” Reported here →
According to Euractiv, French senators confronted European TikTok representatives about the company’s connections with the Chinese government and its handling of data protection. Read the story here →
Other key information from the past weeks
The Italian Data Protection Authority, the Garante Privacy, has published a guidance note on the application of the GDPR addressed to both the public and private sectors, with particular attention to SMEs.
The FTC and the Department of Justice have announced the filing of a proposed order against Amazon’s Alexa for alleged violations of the Children’s Online Privacy Protection Act (COPPA).
Brazil’s National Data Protection Authority, the ANPD, announced that it has opened investigations into several companies and entities, including Telegram Messenger Inc, Meta’s WhatsApp, and TikTok.