France’s CNIL has issued an opinion regarding two decrees concerning parental control standards for internet access. Read here → (in French)
The European Commission (EC) is requesting the public for feedback “on the template for the description of consumer profiling techniques and audit of such reports that designated gatekeepers will have to submit annually under Article 15 of the Digital Markets Act (DMA).” Access here →
The Executive Director of Regulatory Risk at the UK’s ICO seems to have caught wind of Meta’s intention to offer inferior rights to UK citizens versus their EU counterparts where behavioural advertising is concerned. More here →
2) Notable Case Law
The Restricted Committee of France’s data protection authority, CNIL, has closed the injunction issued against both Google LLC and Google Ireland Limited on December 31, 2021, after Google added a “refuse all” cookies button for google.fr and YouTube. Read about the decision here → (in French)
The Irish DPC started an inquiry into TikTok‘s data processing for users aged 13-17 and children under 13. The EDPB intervened after complaints from other DPAs, adopting a resolution under Article 65 of the GDPR. The resolution will be published once the Irish DPC finalizes its decision. The Press Release can be found here →
The Norwegian data protection authority, Datatilsynet, imposed a daily fine of NOK one million per day (approximately €88K) on Meta, further to the issuance of a ban last month in relation to behavioral advertising on Facebook and Instagram. The fine will become effective on 14 August 2023 unless Meta is successful in obtaining an injunction against it. Read the story on our blog →
The California Privacy Protection Agency (CPPA) and the California Attorney General have filed a petition with California’s Third District Court of Appeal to overturn the Superior Court’s decision, which imposed a year-long delay in the enforcement of the Consumer Privacy Regulations. Read the announcement here →
3) New and Upcoming Legislation
US law updates:
Maine: House Bill 1977 which seeks to create Maine’s Data Privacy and Protection Act was carried over to the next session by the House of Representatives and Senate Bill 1973 which aims to establish the Consumer Privacy Act was carried over to subsequent session by Senate.
New Jersey: Assembly Bill 4919 concerning social media privacy, data management for children and the establishment of the New Jersey Children’s Data Protection Commission was reported out of the Assembly’s Committee with amendments and read for the second time.
The Argentinian data protection authority (AAIP) has announced its project to update the Personal Data Protection Law before the Deputies’ Chamber. Reported here → (in Spanish)
4) Strong Impact Tech
The Digital Advertising Alliance has launched a new consent mechanism which involves the opt-out from behavioral advertising practices on the basis of encrypted mobile phone numbers: “The DAA is adding capabilities to its existing opt-out tool for encrypted email that uses a token-based mechanism to prevent ad targeting.”Press release →
The Guardian has reported that Google plans to update its policies and launch privacy tools which remove explicit personal images from web search engines. Furthermore, together with the policy update, Google also simplified the submission form where individuals can request that their personal images are taken down from web searches. Read the full story here →
Other key information from the past weeks
The Guardian has reported that the proposed surveillance changes in the U.K.’s Investigatory Powers Act of 2016, may prompt Apple to withdraw its iMessage and FaceTime services from the U.K.
Italy’s Garante fined Ew Business Machines S.p.A. (Ew) €20,000 for unlawful remote monitoring of employees further to a complaint filed by an individual.
The European Commission has announced the formation of a new alliance designated as “EU-LAC Digital Alliance” which it has entered into with the Caribbean and Latin American nations.