Iubenda logo
Start generating

Documentation

Table of Contents

DPO Newsletter: Global Data Protection & Privacy News (issue #135)

DPO Newsletter: Global Data Protection & Privacy News

We’ve compiled the latest in Data Protection and Privacy news for your convenience below.

1) Newly Published Documentation

  • The Dutch Data Protection Authority (AP) published its report on data breaches in 2023. After investigating 50 of the largest breaches of the year, the AP found that companies did not comply with all requirements regarding the warning messages to be sent to affected individuals. Access the press release here (in Dutch) →
  • Ireland’s Data Protection Commission (DPC) has made a request to the European Data Protection Board (EDPB) for an opinion pursuant to Article 64(2) of the General Data Protection Regulation (GDPR) further to successfully concluding legal proceedings against X’s AI tool “Grok”. The request aims to kickstart discussions on AI model training including the extent to which personal data is utilized and to obtain much-needed guidance in this unchartered area. Access the press release here →
  • The EDPB and the European Commission have agreed to join forces to provide guidance on the interplay between the GDPR and the Digital Markets Act (DMA). The intention is to produce a set of rules that will provide coherent application of the regulatory framework to better guide digital gatekeepers.
  • The California Privacy Protection Agency (CPPA) issued an Enforcement Advisory on dark patterns. The Agency defined dark patterns as “user interfaces that subvert or impair consumers’ autonomy, decision making, or choice when asserting their privacy rights or consenting”. Businesses should avoid dark patterns and instead use symmetrical choices and straightforward language. Read the press release here →

2) Notable Case Law

  • The Belgian Data Protection Authority has found that Mediahuis NV uses cookies and dark patterns in an unlawful way, in violation of the General Data Protection Regulation (GDPR). Mediahuis NV now has 45 days to add an option to reject cookies at each level of its cookie banner and to stop using misleading designs. Should they fail to do so, they will receive a fine of €25,000 for each day of non-compliance. Read all the details here (in French) →
  • The Swedish Data Protection Agency (IMY) has fined Apoteket AB and Apohem AB for illegally transferring sensitive data to Meta. The companies used Meta’s pixel on their websites to improve their social media marketing strategy. However, the pixel also transferred users’ health data to Meta. Access the press release here (in Swedish) →

3) New and Upcoming Legislation

  • Germany – The German Federal Government has adopted the Consent Management Ordinance under the Telecommunications Digital Services Data Protection Act, which sets out requirements relating to the use of cookie banners and the provision of user consent. Consent management services will need to store user consent decisions permanently after users provide them, reducing the need for repeated consent requests. Read more here (in German) →
  • European Union – On September 2, 2024, the European Parliament released a Briefing on the EU Artificial Intelligence Act, which expands on the application of the EU AI Act.

4) Strong Impact Tech

  • Brazil’s Data Protection Authority (ANPD) has lifted the ban on Meta using personal data to train its artificial intelligence. The company is now allowed to use personal data again, but with some restrictions. Meta is not allowed to use data from children’s and teenagers’ accounts and must improve transparency while making it easier for users to refuse the use of their personal data. Read more here (in Portuguese) →

Other key information from the past weeks

đź‘Ť Enjoyed this issue? Share it on LinkedIn and subscribe for weekly updates

About us

iubenda

Attorney-level solutions to make your websites and apps compliant with the law across multiple countries and legislations.

www.iubenda.com