Data Protection News Update 09 October 2023

United Kingdom

ICO issues preliminary enforcement notice against Snapchat

  • Snapchat has an AI chatbot feature called “My AI”. In the UK, this feature was rolled out in April 2023. The chatbot feature is powered by OpenAI’s GPT technology.
  • According to Snapchat’s website, individuals can open a chat conversation with My AI. My AI can then proceed to ‘answer a burning trivia question, offer advice on the perfect gift for your BFF’s birthday, help plan a hiking trip for a long weekend or suggest what to make for dinner’.
  • ICO’s investigation provisionally found that Snapchat failed to adequately assess and address the data protection risks of the generative AI that is used.
  • This preliminary enforcement notice comes after the ICO published a reminder to companies that are developing or using generative AI that they need to consider their data protection obligations from the outset.
  • The ICO has published a short guide for businesses on generative AI which highlights what questions businesses need to ask when including AI in their products and services.

65 British Lawmakers call for pause in the use of live facial recognition surveillance

  • A joint statement from British lawmakers from different parties have called on UK police and private companies to immediately pause the use of live facial recognition for surveillance.
  • This statement followed the latest speech made by policing minister, Chris Philip, during the Conservative party annual conference last week in which it was suggested that a new database of British passports could be used to identify criminals through biometric surveillance data. All thieves caught on CCTV would be checked against the established passport database. See
  • ‘This dangerously authoritarian technology has the potential to turn populations into walking ID cards in a constant police lineup’ says the director of Big Brother Watch.

United States

Blauckbaud agrees to pay $49.5 million

  • Blackbaud is ‘the leading provider of software for powering social impact’.
  • Back in 2020, Blackbaud has suffered a security incident when it fell victim to a ransomware attack. During the ransomware attack, a file was extracted, containing contact details, demographic information and history of the donors relationship with the company. Millions of donors were affected. See
  • It was now announced that Blackbaud reached a settlement with 49 US states and will pay $49.5 million. Blackbaud has agreed to ‘ comply with applicable laws, not to make misleading statements related to its data protection, privacy, security, confidentiality, integrity, breach notification requirements and similar matters and to implement and improve certain cybersecurity programs and tools’.


Germany’s Federal Cartel Office rules against Google

  • Germany’s competition regulator issued a decision that Google users must be given the ability to decide how their personal data is used across various services of the business. Users should be given greater control over their data.
  • The regulator hopes that by requiring Google to obtain explicit consent before using user’s information, Google will be limited in how much data it can collect. 

European Commission recommends AI risk assessments

  • The European Commission has adopted a recommendation on critical technology areas for the EU’s economic security.
  • Four technology areas were identified that are considered ‘highly likely to present the most sensitive and immediate risks related to technology security and technology leakage. Those areas are: Advanced Semiconductors technologies (such as microelectronics, high frequency chips etc.), Artificial Intelligence technologies (including data analytics, language learning and object recognition), quantum technologies and biotechnologies.
  • The European Commission recommends that a collective risk assessment is conducted by the Member States and the European Commission together which should include the consultation of the private sector.


South Korea to form Artificial Intelligence Privacy Team

  • South Korea’s Personal Information Protection Commission has announced that an Artificial Intelligence Privacy Team is to be formed.
  • The goal is that the group will develop principles applicable to AI environment rather than simply reviewing existing regulation.

Courts confirm ‘right to be forgotten’ for Canadians

  • Canada’s Federal Court of Appeal has issued a ruling confirming that Google’s search engine is subject to Canada’s federal privacy law.
  • It was decided that the exemption for journalistic or artistic work is not applicable to Google searches, ultimately meaning that Canadians have the right to ask the search engine to have their names removed, opening the door for a right to be forgotten for Canadian citizen.


More Posts

Send Us A Message