Data Protection News Update 02 April 2024

United Kingdom

US, Britain sanction China for broad 14-year hacking campaign

  • The US Department of Justice unsealed an indictment charging seven Chinese state-sponsored hackers with a broad 14-year campaign to target US and foreign critics, businesses and political officials.
  • In conjunction with this, the US Department of the Treasury issued sanctions on two of the alleged hackers, as well as the front company that facilitated their ability to breach US infrastructure.
  • The British government joined the Biden administration on Monday in sanctioning the hackers and company for targeting parliamentarians and UK electoral commission systems between 2021 and 2022. 
  • The two countries aim to send a strong message to Beijing that malicious cyber activities that endanger national security and seek to repress dissidents abroad are unacceptable and violate international norms.

UK involved in efforts to counter the proliferation of misuser of commercial spyware: joint statement

  • The UK is amongst 17 countries who announced an “international agreement” to prevent to the growth of spyware misuse.
  • In a joint statement, the governments of Australia, Canada, Costa Rica, Denmark, France, New Zealand, Norway, Sweden, Switzerland, the UK and the US stated they recognise the threat posed by the misuse of commercial spyware and the need for strict domestic and international controls on the proliferation and use of such technology.

United States

Florida bans children under 14 from social media in sweeping new law

  • Signed into law by governor Ron DeSantis, the legislation directs social media firms to delete the accounts of children under 14 years old.
  • Children aged 14 and 15 will require parental consent before signing up for platforms like Instagram and Snapchat.
  • Companies who fail to delete accounts risk being sued on behalf of children with a reward up to $10,000 and could also be fined up to $50,000 per violation of the law.
  • NetChoice, a trade group linked with Meta, TikTok, and X, has claimed that the Florida policy creates “ID for the internet” and puts restrictions on all Floridians regardless of age, stating “there are better ways to keep Floridians, their families, and their data safe and secure online without violating their freedoms.”


Monitoring of employees at Iceland Subway Restaurants

  • Iceland’s data protection authority, Persónuvernd, issued a ISK 1.5 million fine to Stjörnuna ehf, the operator of Iceland’s Subway restaurants.
  • The Persónuvernd found the company “did  not comply with the law on personal protection and processing of personal information” following investigation of an employee complaint which alleged non-consensual employer monitoring through surveillance cameras.
  • Evidence accompanying the complaint showed that the store manager of the location had taken a number of screenshots of the complainant from surveillance cameras and recorded what the employee was doing at any given time.
  • The conclusion of the Privacy Protection was that the electronic monitoring would not have been compatible with the declared purpose of monitoring, and that Stjörnuna ehf did not comply with the law on personal protection and processing of personal information.

Portugal’s CNPD Suspends Biometric Data Collection

  • Portugal’s National Data Protection Commission announced temporary limits on the use of Worldcoin Foundation’s Orb product due to its biometric collection activity.
  • It is the most recent country where Worldcoin has been investigated or prevented from operating because it collects iris and facial scans.


United Nations General Assembly adopts landmark resolution on artificial intelligence

  • The UN General Assembly adopted its first resolution calling on its member nations to stop using artificial intelligence technology in ways that violate or pose risks to international human rights law.
  • The Assembly has highlighted the respect, protection, and promotion of human rights in the design, development, deployment, and the use of AI.
  • The text also promotes cooperation between countries and was co-sponsored by more than 120 Member States.

China relaxes security review rules for some data exports

  • The Cyberspace Administration of China issued revised rules governing cross-border data transfers, which address reporting standards for security assessments of data exports.
  • Data generated from commerce, including information connected to international trade and transportation that does not contain personal data or “important data,” is not subject to the new rules.


More Posts

Send Us A Message