Data Protection News Update 02 May 2023

United States

EARN IT Act reintroduced for a third time by U.S. Senators

  • The ‘Eliminating Abusive and Rampant Neglect of Interactive Technologies Act’ would set standards that would hold tech companies accountable for child sexual abuse materials and images distributed on their platforms.
  • Both security experts and privacy advocates fiercely criticized the proposed bill because of the risk that it could weaken end-to-end encryption.
  • The intended changes to the existing laws are twofold:
    • Companies would no longer be able to rely on liability protections set in Section 230 of the Communications Decency Act in cases where child exploitation is involved.
    • The ‘federal knowledge standard’ for child sexual abuse materials would be removed which would make it easier for courts to argue that tech companies were negligent in offering encryption since they knew that encryption could be used to distribute child sexual abuse materials.

Bipartisan forthcoming US Senate bill to set age minimum for social media

  • The bill would set age requirements for children, prohibiting children under the age of 13 from accessing social media altogether and making the access to social media by children between the ages of 13 and 17 subject to parental consent.
  • So far, the bill does supposedly not provide any information on how the children’s ages would be verified.

Elon Musk meets with Senate Majority Leader Schumer

  • Elon Musk has met with Senate Majority Leader Schumer and other members of Congress to talk about the regulation of AI.
  • Schumer has been circulating a framework outlining a new regulatory regime for AI which he says would ‘deliver transparent, responsible AI while not stifling critical and cutting edge innovation’.


Members of the European Parliament reach provisional political deal on EU AI Act

  • After months of intense debate, the European Parliament reached a political deal on the EU AI Act which is ‘the world’s first Artificial Intelligence rulebook’.
  • One notable last minute change to the act was on generative AI models. Generative AI models must be designed and developed in a manner that is compliant with EU law and fundamental rights.
  • The idea that AI-powered tools for all general monitoring of interpersonal communications should be prohibited was dropped in the end in the attempt of reaching the compromise.
  • The key committee vote is scheduled on the 11th of May and is expected to go to a plenary vote in June. Minor adjustments to the text are still possible in this period.

European Commission designates 17 Very Large Online Platforms (VLOPS) and 2 Very Large Online Search Engines (VLOSEs) under the Digital Services Act

  • Amongst the VLOPS are Alibaba AliExpress, Amazon Store, Apple AppStore,, Facebook, Google Play and Maps, LinkedIn, Wikipedia and Zalando.
  • The two VLOSEs are Bing and Google Search
  • These registered entities will have to face additional regulatory requirements since they have 45 million monthly active users. The companies will have to comply with their new obligations under the DSA within four months.

Privacy concerns raised in Ireland due to remote-working

  • The Department of Rural and Community Development estimates that 24,000 people work remotely, using remote-working hubs daily.
  • This has made them issue warnings to employers to have up-to-date privacy policies since employers are responsible for the personal data of their employees.

German regulators launched investigation into ChatGPT’s compliance with GDPR

  • The Department of Rural and Community Development estimates that 24,000 people work remotely, using remote-working hubs daily.
  • This has made them issue warnings to employers to have up-to-date privacy policies since employers are responsible for the personal data of their employees.


Philippine’s National Privacy Commission (NPC) investigate Personal Data Breach

  • The personal data breach in question allegedly concerns leaked documents containing personal information of people employed in law enforcement such as police officers, prosecutors and judges. The documents even contained medical records.

Canada’s House of Commons passed Bill C-27 (Digital Charter Implementation Act) on second reading

  • Included in this bill are the Consumer Privacy Protection Act, the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act.

Israel approved adoption of the draft regulation on data transfers from EEA

  • The Constitution, Law and Justice Committee approved the adoption of the draft regulation on the data transfer from the EEA to Israel.
  • Provisions on deleting data upon request, deleting personal data seen as excess, ensuring accuracy of the personal data and notification responsibilities about the transfer of data are included in the draft regulation.

United Kingdom

Rishi Sunak announced funding of AI task force

  • Prime Minister and Technology Secretary announce funding for ‘Foundation Model Taskforce’ – an ‘expert taskforce to help UK build and adopt next generation of safe AI’. The initial funding will be £100 million.

UK competition watchdog blocks Microsoft’s acquisition of Activision Blizzard

  • UK competition watchdog hinders Microsoft’s acquisition of Activision Blizzard, the conglomerate behind the video games Call of Duty, World of Warcraft and Candy Crush Saga.
  • The purchase would have cost Microsoft £65bn and would have been the largest in gaming history.
  • The watchdog reasoned that the deal would give Microsoft ‘undue power to shape cloud gaming’.

Updates from Regulators

Spain’s DPA published its 2022 report, see:


More Posts

Stop. Comply. Pay.

Introduction Ten years on from the Snowden disclosures, the odyssey to protect EU/EEA subjects’ data from US surveillance continues. On May 22nd Ireland’s Data Protection

Data Protection News Update 05 June

United States FTC and the DOJ order $30.8M fine and corrective measures against Amazon’s Alexa and Ring TikTok requests that Illionois court hears privacy lawsuits

Data Protection News Update 30 May 2023

United States Harvard Pilgrim suffers data breach Biden announces additional initiatives exploring AI US Senators probe Google on data practices related to reproductive health care

Send Us A Message