Data Protection News Update 12 February 2024

United Kingdom

UK CMA says Google cannot phase out third-party cookies until its concerns are addressed

  • The Competition and Markets Authority (CMA) has said that Google “cannot proceed with third-party cookie deprecation” until its concerns are resolved, sparking further uncertainty across the industry.
  • The CMA’s intervention could mean further delays to the phasing out of third-party cookies.
  • In its report, the CMA is demanding that Google “not design, develop or use the Privacy Sandbox proposals in ways that reinforce the existing market position of its advertising products and services, including Google Ad Manager.”
  • A Google statement responding to the CMA’s concerned stated that they will continue to move forward to phase out third-party cookies in 2024, “subject to addressing any remaining competition concerns from the UK CMA.”

ICO urges all app developers to prioritise privacy

  • The Information Commissioner’s Office (ICO) is reminding all app developers to ensure they protect users’ privacy, following the regulator’s review of period and fertility apps.
  • Last year, the ICO looked closely at period and fertility apps to understand how they process personal data and identify whether there is any negative impact on users as a result.
  • While no serious compliance issues or evidence of harms were identified during the aforementioned review, the ICO wants to remind all app developers about the importance of protecting users’ personal information, especially where sensitive information is involved.
  • The ICO has shared four practical tips to help app developers comply with their data protection obligations and maintain the privacy of their users: be transparent, obtain valid consent, establish the correct lawful basis, and be accountable.

United States

Inside the Underground Site Where ‘Neural Networks’ Churn Out Fake IDs

  • 404 Media investigated a website called OnlyFake that can produce fake IDs using “neural networks” for only $15, radically disrupting the marketplace for fake IDs and cybersecurity.
  • It was found that OnlyFake is able to produce IDs that look identical to state-issued IDs, raising concerns about identity theft.
  • In the test done by 404 Media, OnlyFake created a highly convincing California driver’s license, with a name, biographical information, address, expiration date, and signature.
  • The website has since been offline, after claiming it is “against fraud and harming other people. All generated images on the site are intended for legal use only.


EU and United States enhance cooperation on cybersecurity

  • European Commissioner for Internal Market, Theirry Breton, and US Secretary of Homeland Security, Alejandro Mayorkas, discussed a collaboration on cybersecurity measures including the EU-US Joint Cyber Safe Products Action Plan.
  • The collaboration aims to “advance cooperation in the fields of critical infrastructure protection, crisis management, software security, post quantum cryptography and cybersecurity of artificial intelligence under the EU-US cyber dialogue.”
  • Furthermore, the EU announced that it would join the US-led global Counter Ransomware Initiative policy statement, committing the EU and its 27 Member States government authorities to not pay ransom to cyber criminals.

Confusion after French government shoots down amendments supporting its own sovereign cloud strategy

  • Members of the French government’s Renaissance party voted against its cloud security strategy after previously supporting the EU Digital Services Act and Digital Markets Act.
  • The Bill regulates how private consulting companies and public administrations, including the state, can interact, encompassing IT consulting services.
  • Considering that sensitive public data transferred to IT consulting companies performing services on behalf of public administrations should be stored with the same level of security, several amendments were tabled to “fill the gaps.”
  • The proposed amendments would have allegedly “forced consulting companies to apply the same requirements as those designed for cloud service providers.”


Shanghai to allow faster data transfer from China for foreign firms

  • The government of Shanghai, China, will streamline international data transfer approvals to spur economic improvement.
  • The fast-track approval initiative is aimed at certain multinational companies and their ability to move their Chinese data out of the country.
  • Foreign financial firms have been lobbying the Chinese authorities to allow cross-border sharing of information, after Beijing tightened control of data generated within its borders in a national security drive.
  • The new approval system will reportedly be exclusive to Shanghai while businesses in other parts of the country will follow transfer rules enforced by the Cyberspace Administration of China.

Privacy Commissioner to keep a close eye on Foodstuffs North Island FRT trial

  • New Zealand Privacy Commissioner Michael Webster will “keep a close eye” on a facial recognition trial involving grocery retailer Foodstuffs North Island.
  • The trial is happening because the Privacy Commissioner asked Foodstuffs North Island to provide evidence that facial recognition technology was a justified way to reduce retail crime given the privacy impacts of using shoppers’ biometric information.
  • Foodstuffs North Island will use the data from the trial, which is across 25 stores, to decide whether to roll-out the technology further.
  • The commissioner is also particularly concerned about bias an accuracy, as global evaluations of the most accurate FRT software show that false matches are more likely to happen for people of colour, particularly women of colour.
  • “Every New Zealander has the right to privacy, and I’d like them to get interested in what’s happening with their personal, sensitive data, when they’re picking up their bread and milk after the school run,” says Webster.


More Posts

Send Us A Message