Data Protection News Update 11 April 2023

United States

NICE is Grabbing Data from Schools and Abortion Clinics

  • U.S. Immigration and Customs Enforcement agents have used administrative subpoenas to obtain data from elementary schools, news organizations and abortion clinics.
  • An ICE subpoena tracking database has showed agents have issued the custom summons known as 1509, meant for use in criminal investigations into customs violations, over 170,000 times from early 2016 to mid-August 2022 seeking records seemingly outside of that scope.
  • Other main receivers of the subpoenas include telecommunications and technology companies, money transfer services as well as airlines.

FTC anticipated to bring children’s privacy suit against Amazon

  • The U.S. Federal Trade Commission is anticipated to pursue a children’s privacy lawsuit against Amazon over use of data by its voice assistant, known as Alexa.
  • While details of the case are still unknown, sources have said that the FTC is expected to refer its compliant to the Department of Justice’s Consumer Protection Branch.
  • The DOJ will then have 45 days to bring a case forward. The FTC can proceed separately if the DOJ declines.


EU and Japan conclude first review of mutual adequacy agreement

  • Didier Reynders, the European Commissioner for Justice, and Mieko Tanno, the Personal Information Protection Commission of Japan Chairperson, have announced that the first review of the EU-Japan mutual agency agreement has been successfully concluded.
  • A joint press release said the review demonstrates increased convergence between the EU and Japan’s data protection frameworks and that the agreement is working well.
  • Reynders has said that Japan and the EU “affirm that, in the digital era, maintaining high data protection standards and facilitating international trade should and can go hand in hand.”

ICO fines TikTok 12.7M GBP over alleged misuse of children’s data

  • The ICO has fined TikTok 12.7 million GBP for breaches of the UK GDPR.
  • While TikTok’s terms of services states children under 13 years of age cannot create an account, the ICO estimated that more than 1 million UK children under that age were indeed on the platform in 2020.
  • The ICO has also said that TikTok used the personal data of children under 13 without the consent of their parents, not did it take sufficient measures to remove underage children from its platform.


NAI automates compliance process with SafeGuard Privacy

  • The Network Advertising Initiative has announced that it will be partnering up with SafeGuard Privacy to make its Code o Conduct compliance program online and auditable.
  • The NAI has said that this partnership will make its compliance process “faster, more efficient, and more complete”.
  • Leigh Freund, NAI’s President and CEO has said that “the NAI and its members will benefit from a fully online approach, allowing us to react dynamically and swiftly to a rapidly changing privacy compliance landscape.”

New Privacy-Focused Browser Aims to Protect Your Data Online

  • The Tor Project and Mullvad VPN have released a privacy-focused browser that minimizes data tracking.
  • Jan Jonsson, CEO of Mullvad VPN, has said that Mullvad Browser – which is available on Windows, MacOS and Linux – is “all about providing more privacy alternatives to reach as many people as possible and make life harder for those who collect data from you.”

Saudi Arabia confirms updates to the Personal Data Protection Law

  • The Saud Arabia Council of Ministers has approved a series of changes to the Kingdom’s Personal Data Protection Law (PDPL), issued in 2021.
  • Some of the most important changes that the amendment brings are:
    • Transfers of personal data outside Saudi Arabia no longer require approval from the Saudi Data & Artificial Intelligence Authority (SDAIA);
    • Controllers can now rely on “legitimate interests” as a lawful basis to process and disclose non-sensitive personal data;
    • Criminal sanctions for violating the PDPL’s data transfer restrictions have been removed;
    • Removal of registration requirement for controllers;
    • Notifications of a personal data breach to SDAIA no longer have to have done ‘immediately’.

United Kingdom

UK watchdog warns chatbot developers over data protection laws

  • Concerns have been rising over the use by tech firms of masses of unfiltered personal data culled from the internet to ‘train’ generative AI.
  • Stephen Almon, the ICO’s director of technology and innovation, has warned that “there really can be no excuse for getting the privacy implications of generative AI wrong.”
  • The ICO intervention followed its Italian counterpart’s temporary ban of ChatGPT over data privacy concerns.

ICO judgment clears the way for Facewatch

  • A formal assessment by the ICO has concluded that Facewatch, whose product uses facial recognition for retail crime prevention, is fully compliant with UK Data Protection law.
  • The ICO have stated “(w)e agreed that the purpose of preventing and deterring criminal activity is in the legitimate interest of Facewatch and their subscribers. Legal gateways in the data protection legislation allow biometric data to be processed for this purpose.”
  • Facewatch’s product aims to help businesses protect their customers, staff and stock. The system scans people’s faces in real time as they enter a store and alerts if a “subject of interest” has entered.


More Posts

Send Us A Message