Data Protection News Update 15 April 2024

United Kingdom

Information Commissioner’s Office seeks views on accuracy of generative AI models

  • The Information Commissioner’s Office (ICO) has launched the latest instalment in its consultation series examining how data protection law applies to the development and use of generative AI.
  • The third consultation focuses on how data protection’s accuracy principle applies to the outputs of generative AI models, and the impact that accuracy training data has on the output.
  • The ICO is seeking views from a range of stakeholders, including developers and users of generative AI, legal advisors and consultants working in this area, civil society groups and other public bodies with an interest in generative AI.

United States

US Senator says TikTok divestiture deadline could be extended to one year

  • US Senator Committee on Commerce, Science, and Transportation stated that TikTok owner ByteDance may have more time to divest the company under a Senate version of a bill, requiring them to do so or face a ban.
  • The longer deadline would put any potential TikTok ban well into 2025 and beyond the November presidential election.
  • Many lawmakers state TikTok poses a national security risk because China could compel TikTok to share American user data, while TikTok insists it has never shared US data, and has spent more than USD $1.5 billion on the effort to protect US data.

Maryland Passes Kids Code

  • The Maryland General Assembly passed Senate Bill 571 concerning consumer protection, online services and use of children’s personal data.
  • The Bill required companies offering products or services online to complete a data protection impact assessment documenting certain risks products could pose to children’s online safety prior to 1st April 2026.
  • The bill is effective as of 1st October 2024.


Updated guidance on transfers to third countries

  • Denmark’s data protection authority, Datatilsynet, updated its guidance on how to conduct data transfers to third countries.
  • The guidelines touch on new information from the European Data Protection Board and the European Commission.

Hubside.Store fined €525,000

  • France’s data protection authority, the Commission nationale de l’informatique et des libertés, fined technology retail chain Hubside.Store €525,000 for allegedly using unsolicited phone calls and text messages to promote products sold in its stores.
  • The CNIL clams the retailer purchased prospective customers’ personal data from data brokers and did not obtain valid consent to target them with promotions.

CJEU opinion alleges German state DPA did not act on consumer claim

  • A non-binding opinion from Court of Justice of the European Union Advocate General alleged the German State Data Protection and Freedom of Information Commissioner of Land Hessen did not impose corrective measures after a citizens’ personal data was reviewed by a local savings bank employee without his consent.
  • The advocate general stated the regulator was obligated to act and be “required to define the most appropriate corrective measure(s) to remedy the infringement” upon being notified of data mishandling.


What hackers do with 54B leaked cookies

  • Hackers could verify stolen data by analysing third-party cookies and logging into online accounts without having a password.
  • NordVPN, a virtual private network service, has found billions of ad-tracking cookies leaked on the dark web. Of the 54 billion cookies, at least 1.5 billion were from the United States, and 24% were active.
  • Researchers at NordVPN analysed the cookies and listings found for sale on the dark web to determine how they were stolen, the security and privacy risks they pose, and what information they contain.
  • The most cookies were form Brazil, India, Indonesia, and Vietnam, and the United States ranked number 4 in terms of number of leaked cookies.


More Posts

Send Us A Message