Data Protection News Update 14 March 2023

IGS
March 14, 2023

United States

Privacy platform helps world’s leading brewer execs understand privacy risks

‘Lighthouse’, a new privacy dashboard, is helping executives of one of the largest brewers in the world to understand the cybersecurity and privacy risks it faces globally.
Lighthouse allows Anheuser-Busch InBev’s technology and legal teams to “coordinate to address cybersecurity threats and privacy problems” that were neglected across a company with other 500 brands sold in around 50 countries.
The dashboard also assists analysts in presenting technical topics for executives in a digestible way.

Iowa Senate unanimously approves comprehensive privacy bill

The Iowa Senate has unanimously voted 47-0 to advance the Senate File 262 to House consideration.
Senate File 262 (SF 262) is an act pertaining to consumer data protection.
It covers companies that hold the data of more than 100,000 individuals or deriving 50% of annual revenue from data on more than 25,000 consumers.
Moreover, the bill doesn’t require DPIAs or the explicit right for users to opt out of targeted advertising, whilst providing covered entities a 90-day cure period.
The effective data for SF 262 is the 1^st of January 2025.

FTC seeks Musk sitdown in Twitter privacy investigation

The U.S. Federal Trade Commission aims to interview Twitter CEO Elon Musk in its investigation into privacy and data security allegations made against the platform.
The agency requested dialogue with Musk and former Twitter privacy and security personnel in order to understand whether Twitter has sufficient data protection resources to remain in line with a 2011 consent decree.
The investigation focuses on claims made before and after Musk’s takeover.

Europe

Ireland’s DPC issues 2022 annual report

Ireland’s Data Protection Commission released its 2022 annual report.
This report highlighted its workload and regulatory accomplishments over the last year, including the finalization of 17 large-scale investigations that yielded fines totalling over 1 billion euros.
According to Helen Dixon, the Irish Data Protection Commissioner, the DPC’s fines accounted for two-thirds of the 2022 sanctions issued by the EU data protection authorities.

EDPB calls out gaps in proposed CSAM legislation

European Data Protection Supervisor Wojciech Niewiarowski criticized EU policymakers for shortcomings in proposed legislation to combat child sexual abuse materials.
In a December 2022 meeting with members of the European Parliament, Wiewiórowski said that the current CSAM proposal “creates an illusion of legality by introducing numerous procedural ‘safeguards’ which, however, do not fundamentally change the substance.”
The EDPs previously joined the EDPB on an opinion against the proposal submitted by the European Commission in May 2022.

WhatApp to increase EU privacy notice transparency

The European Commission announced Meta’s WhatsApp has agreed to improve user transparency for its EU terms of service and privacy notice.
The commitments are in response to two requests in 2022 from the Commission’s Consumer Protection Cooperation Network for WhatsApp to clearly outline its personal data practices in disclosures to its users.
WhatsApp will be clear about its updates moving forward and will “make it easier for users to reject updates when they disagree with them” all the while explaining service termination based on those rejections.

International

Smart city initiatives must balance public benefit with privacy

The Information Technology and Innovation Foundation is calling for municipal leaders pushing for smart city technologies to consider how to balance public benefit while upholding privacy.
The ITIF recently issued a report titled “Balancing Privacy and Innovation in Smart Cities and Communities” which details how smart technologies only stand to benefit citizen’s lives “if public trust is maintained”.

OAIC wins High Court appeal for special leave by Facebook in data protection case

The High Court of Australia ruled against Facebook’s appeal for special leave in a 2020 case the Office of Australian Information Commissioner brought against the company.
The OAIC’s case alleges Facebook “committed serious and/or repeated interferences” of the Privacy Principle between March 2014 and May 2015.
Facebook allegedly “disclosed the personal information of Australian Facebook users to the This Is Your Digital Life app”.
In September 2022, the High Court initially granted Facebook’s appeal for special leave before the Privacy Commissioner successfully fought it by arguing that Facebook was conducting business in Australia.

United Kingdom

ICO approves fourth UK GDPR certification scheme criteria

The ICO has approved a scheme owned by The APM Group Ltd (APMG), a global Certification Body and Examination Institute, as the fourth certification scheme criteria under the UK GDPR.
APMG’s scheme has been developed for providers of training and qualifications and will help reassure individuals that their personal data will be processed in compliance with the UK GDPR when they select a training provider certified under the scheme as having additional data privacy expertise.
Certification under the UK GDPR (Article 42) is a means by which an organization can confirm they are complying with their data protection obligations and demonstrate accountability.

No third category of claims that were “raised but not brought” between res judicata and Henderson abuse of process (Court of Appeal)

In Warburton v Chief Constable of Avon and Somerset [2023] EWCA Civ 209, the Court of Appeal held that there is no third category falling between the concepts of res judicata (claims or issues which have been determined) and abuse of process in Henderson v Henderson (1843) 3 Hare 100 (claims which should have been brought but were not) of claims that were “raised but not brought”.

House of Commons committee launches call for evidence into the use of artificial intelligence in weapons systems

The House of Commons Artificial Intelligence in Weapons Systems Select Committe has launched an inquiry and published its call for evidence, inviting the public to give their views on the use of artificial intelligence in weapons systems.
In the press release announcing the inquiry, the Committee notes that concerns have arisen about the ethics of autonomous weapons systems (AWS) which can select and attack a target without human intervention.
The Committee poses six questions which explore a wide range of issues surrounding AWS.

Data Protection News Update 22 April 2024

United Kingdom ICO reprimands housing association for insufficient data security ICO publishes guidance to improve transparency in health and social care United States Change Healthcare’s

Data Protection News Update 15 April 2024

United Kingdom Information Commissioner’s Office seeks views on accuracy of generative AI models United States US Senator says TikTok divestiture deadline could be extended to

Asking (and answering) an obvious but important question: why does data confidentiality matter, ethically speaking?

In my last article, I focused on the ethical significance of one of the most prominent failure of data governance in recent times; namely, the

Data Protection News Update 08 April 2024

United Kingdom ICO sets out priorities to protect children’s privacy online ICO joins global data protection and privacy enforcement programme United States US and UK