The EDPB has adopted a template complaint form together with a final version of recommendations “on the application for approval and on the elements and principles to be found” in the Controller Binding Corporate Rules. Read about it on our blog →
The Center for Growth and Opportunity at Utah State University has recommended age verification policymaking in its latest policy, which concerns the “potential structure and considerations for rules concerning age verification.” Access here →
2) Notable Case Law
The French company Criteo which specializes in ad-tracking activities concerning “behavioral retargeting”, was fined €40 million by the French data protection authority CNIL for several GDPR infringements, including the failure “to verify that the persons from whom it processed data had given their consent.” Read about the decision here →
The Austrian non-profit organization noyb filed a complaint before the Belgian data protection authority against the US company TeleSign further to its profiling of millions of phone users. Summary can be found here →
3) New and Upcoming Legislation
The New Zealand Privacy Commissioner has encouraged the public and other interested stakeholders to submit their comments and feedback on the draft Product Data Bill, which creates a “consumer data right.” If passed, the bill would “make it easier for individuals to share their information with trusted businesses once the individual has given their explicit consent.” Read here →
US law updates
Federal: 24 states led by both Californian and New York Attorney Generals are calling for stronger federal protections for reproductive health data. The state attorney generals sent a letter to the Biden administration in support of the amendments to the Health Insurance Portability and Accountability Act Privacy Rule, which are currently being considered. Press release here →
Oregon: Oregon is in the pipeline to be the 11th State to pass privacy legislation once Senate Bill 619 which relates to protection for the personal data of consumers, is signed by the Governor.
4) Strong Impact Tech
Elon Musk has held that Twitter will respect the EU content moderation rulebook: “If a law is enacted, Twitter commits to comply with it,” however Musk underlined that Twitter will abide by the law but will not go further. Reported here →
TechRadar has reported that the Singapore-based cybersecurity firm Group-IB has indicated that over 100,000 ChatGPT accounts have been stolen and thereafter sold on the dark web. The majority of the affected ChatGPT accounts were allegedly located in the Asia-Pacific region, however it is reported that some US accounts were not immune to this theft. Read here →
Other key information from the past weeks
The U.K. Information Commissioner’s Office has published both a review and post-transition impressions of the Children’s Code.
A cyberattack on UK payroll provider Zellis has affected major organizations like the BBC, British Airways, and Boots.
Google’s generative AI tool Bard will not be launched in the EU until the company addresses privacy concerns raised by Ireland’s Data Protection Commission.