The Spanish DPA (AEPD) has issued a brief review of the impact that smart contracts, which operate on a blockchain, can have on the protection of underlying personal data from a privacy-by-design standpoint. Access the brief here →
2) Notable Case Law
The Spanish DPAfined a company € 9,000.00 for using unnecessary cookies without consent, without a reject option and without a banner. Cookies that were not necessary were activated directly when viewed on the online video portal run by the company, without the users’ consent. Read more here →
France‘s Commission nationale de l’informatique et des libertés (The CNIL), has verified that the use of Google’s “reCAPTCHA’s risk-based bot algorithms” require data subject consent. Access the authority’s decision here → (in French)
Web scraping is legal, the US Ninth Circuit of Appeal upheld its initial judgment, finding that scraping data that is publicly accessible on the internet does not violate the Computer Fraud and Abuse Act, or CFAA, which defines what constitutes computer hacking under US law. Reported here →
3) New and Upcoming Legislation
Digital Services Act
Provisional political agreement achieved between the Council and the European Parliament on the Digital Services Act (DSA). The DSA believes that what is illegal offline must likewise be illegal online. It attempts to safeguard the digital space from the spread of unlawful content while also protecting users’ basic rights.
Key point from the agreement are as follows:
All online intermediaries offering services in the EU will be subject to the DSA;
The Commission will have authority to oversee very large online platforms (VLOPs) and very large online search engines (VLOSEs) for the duties unique to this type;
The DSA will impose a duty of care on marketplaces in relation to sellers who offer their products or services on their online platforms;
The DSA requires extremely big digital platforms and services to analyze systemic risks they cause and conduct risk reduction studies;
The co-legislators have agreed to prohibit misleading interfaces known as ‘dark patterns’ and actions intended at deceiving users for online platforms and interfaces covered by the DSA;
Transparency requirements for recommender system parameters;
A crisis response mechanism has been added to the text;
Platforms will be banned from displaying targeted advertising based on the use of personal data of children, as defined by EU legislation.
House Bill (HB 7553) for the Warrant for Metadata Act was introduced to the United States House of Representatives on April 21, 2022. The bill can be found here →
4) Strong Impact Tech
Google is going to update their cookie consent banner in Europe following a hefty fine of €150 million. Google have released a screen shot of the new three button banner “I agree”, “Customize” and “Deny All”. For more on this story click here →
On February 23, 2021, the news revealed a huge data leak affecting around 500,000 people involving the firm DEDALUS. Surname, first name, social security number, prescribing doctor’s name, date of examination, and, most crucially, medical information (HIV, cancer, genetic diseases, pregnancies, drug treatments followed by the patient, or genetic data) of these individuals were published on the Internet. Read more here → (in French)
According to new research, some apps continue to track users despite improved iOS privacy measures. Read more here →
Senior officials at the European Commission were targeted using spy software built by an Israeli monitoring business last year. Reported here →
Other key information from the past weeks
Digital Services Act: Commission welcomes political agreement on rules ensuring a safe and accountable online environment.
On Tuesday, Parliament’s new inquiry committee investigating the use of the Israeli spy software Pegasus and other spyware had its first meeting, electing a Chair and three Vice-Chairs.