The Commission nationale de l’informatique et des libertés (CNIL), has published a technical recommendation concerning data sharing through Application Programming Interface (API). Press release here → (in French)
The Norwegian data protection authority and the Norwegian Accreditation have entered into a cooperation agreement on the accreditation of certification bodies under the GDPR. Read here → (in Norwegian)
2) Notable Case Law
In the case Meta vs Bundeskartellamt the Court of Justice of the European Union (CJEU) has issued a ruling on Meta’s (formerly Facebook) GDPR approach. Read about the decision here →
Brazil’s data protection authority, the Autoridade Nacional de Proteção de Dados (ANPD) has issued its first enforcement action against the telemarketing firm Telekall Infoservice for violating the LGPD and failure to cooperate with the ANPD’s investigation. The Authority’s summary can be found here → (in Portuguese)
3) New and Upcoming Legislation
US law updates:
California: Senate Bill 680 which relates to amendments to the Civil Code and calls for a civil penalty in relation to social media platforms which include features that harm children, has passed Senate and the Assembly Committee.
Louisiana: Senate Bill 162 which creates the Secure Online Child Interaction and Age Limitation Act was signed by the Governor and enters into force on 1st of July 2024.
Washington: The Office of the Attorney General of Washington state has published a number of Frequently Asked Questions on the My Health My Data Act, part of which comes into effect on 23 July 2023.
4) Strong Impact Tech
Further to release in the US, UK and several other countries, Meta has delayed the release of Threads within the European Union (EU) further to uncertainty over personal data use. It has been reported that “Threads imports data from Meta’s Instagram and tells U.S. users that it collects health, financial, location, search and other data.” The Twitter rival faces privacy hurdles within the EU, therefore its impending launch remains to be seen. Reported here on our blog →
Other key information from the past weeks
Italy’s Data Protection Authority (Garante) fined Benetton Group €240,000 for violating data protection principles and security requirements in terms of Articles 5 and 32 of the GDPR.
The Swedish Authority for Privacy Protection (IMY) has ordered the companies CDON AB, Coop Sverige, Dagens Industri and Tele2 Sverige to stop using Google Analytics.
The United Kingdom and Singapore have signed two Memoranda of Understanding, one concerning emerging technologies and the other relating to data cooperation.