Data Protection News Update 03 July 2023

United States

Oregon to finalize comprehensive privacy bill

  • The comprehensive privacy bill covers all entities controlling or processing personal data on 100,000 customers or deriving 50% of revenue from selling the data of more than 25,000 customers.
  • The bill contains unique definitions for biometric and personal data, required data protection assessments and a 30 day right to cure.

Meta debuts new parental control tools across its suite of social apps

  • Meta has now launched new parental control tools on all its social media apps.
  • One such feature allows parents to see how their teen “uses Messenger” with regards to time usage and includes updates with new contacts.
  • Another feature allows parents to block any unwanted direct messages.
  • There are no features allowing parents to read the content of the messages.


Proposed amendment allowing for matters before the Ireland Data Protection Commission to be labelled confidential

  • The Irish government is discussing amending a bill that will allow all matters coming before the DPC to be labelled as confidential.
  • Rasha Abdul-Rahim of Amnesty International describes this as a “blatant attempt” by the government to “shield BigTech scrutiny” and “silence” those that stand up for the right to privacy and data protection.

Council of Europe rolls out model contractual clauses

  • The Council of Europe has released its model contractual clauses agreed upon by members of the Convention 108.
  • The initial models have “the potential to bride similar transfer tools… and to contribute to the convergence towards appropriate data protection standards globally.”

Meta has been granted stay extension in DPC data transfer case

  • Ireland’s DPC has extended Meta’s interim stay on the order for the tech giant to suspend its EU-US data transfers.
  • The stay will remain in place until the end of July.

The EU Data Act has been agreed

  • Political agreement has been reached between the European Council and Parliament on the European Data Act.
  • This forms part of the European Strategy for Data, which includes the Data Governance Act (to apply from 24th September 2023).
  • The EU Data Act will come into force twenty days after publication, which translates into roughly mid-2025.


India’s Data Protection Bill is on Parliament’s upcoming agenda

  • The Bill will appear on the 17th of July monsoon session agenda.
  • Under this revamped legislation, the maximum penalty for data breaches will become IN45 billion, equivalent to just over 47 million pounds.
  • In previous iterations the penalty was just 2-4% of a firm’s global turnover.

New guidance from the Autoridade Nacional de Proteção de Dados

  • Brazil’s Data Protection Authority has published guidance on data processing activities related to research.
  • The guidelines seek to clarify doubts about “the legal hypotheses that authorize the processing of personal data” in research activities.
  • The guidelines also outline the “need for the processing agent to follow ethical standards” as well as the principle of good faith.

United Kingdom

UK shows most use and application of facial recognition technology by private businesses

  • The UK shows the most growth in use of the technology by private businesses.
  • UK businesses use facial recognition technology to combat minor crimes and create watchlists unbeknownst to the individuals being watched.

UK has released updated cybersecurity toolkit

  • The updates to the toolkit include an eight-step cybersecurity risk management framework.
  • They also include a refined toolkit concept to cover practices across sectors and all-sized entities, and an introductory risk management and assessment methodology.


More Posts

Send Us A Message