Data Protection News Update 19 June

United States

Google forced to postpone Bard chatbot’s EU launch over privacy concerns

  • Google’s generative AI tool ‘Bard’ will not debut in the EU until the company satisfies the privacy concerns raised by Ireland’s Data Protection Commission.
  • The Irish DPC has said that the tech grant has failed to provide sufficient information regarding how Bard will protect European’s privacy, to justify an EU launch.
  • Since March, Google has rolled out its competitor to ChatGPT in 180 countries, including both the US and the UK.
  • It has stayed away from EU countries.

The US intelligence community pushes for reauthorization of FISA Section

  • FISA Section 702 is the law permitting the US government to conduct targeted surveillance of foreign persons located outside the US.
  • Officials from US intelligence agencies backed the reauthorization of this law ahead of a USA Senate subcommittee hearing on Tuesday.
  • One such official stated that ‘(…) more sweeping proposals [to FISA 702] (…) would force the government to turn a blind eye to threat information (…) with potentially grave consequences to our nation’s security’.
  • This can be seen as a response to a letter from CDT and Rights Groups that urged reform of the law.

Google may face an EU break-up order over its anti-competitive AdTech practices

  • The European Commission plans to file an antitrust complaint aimed at breaking up Google’s AdTech business.
  • This will likely require Google to sell many of its AdTech tools, many of which are driven by data collection and profiling.
  • This comes after the European Commission opened an investigation two years ago, looking into how Google favours its own advertising services.
  • This poses high stakes for Google, as its advertising business accounted for 79% of its total revenue last year.


The Swedish Privacy Authority has fined Spotify SEK58 million for violation of GDPPR transparency principle

  • The fine, equivalent to just over 4 million pounds, stems from Spotify’s insufficient response to data access requests.
  • According to the authority, Spotify responds to data access requests but “does not inform clearly enough about how this data is used by the company”. 

The European Parliament has adopted its position on the AI Act with overwhelming majority 

  • Now, interinstitutional negotiations are the last step before the world’s first comprehensive law on AI.
  • The Act introduces a tiered approach for AI models that do not have a specific purpose, and a stricter regime for foundation models on which other AI systems can be built.
  • It also prohibits practices such as biometric categorization, predictive policing, and emotion recognition software in law enforcement, border management, workplace and education.


Nigeria’s president Tinubu has signed Data Protection Bill into law

  • The Act creates the Nigeria Data Protection Commission, replacing the Nigeria Data Protection Bureau.
  • To head the Commission, a National Commissioner will be appointed, to be responsible for the daily administration and execution of its policies will be appointed for a term of four years, renewable once.
  • Part of the mandates of the Commission includes fostering the ‘development of personal data protection technologies, in accordance with recognized international good practices’.

Singapore identifies Hallucinations as one of the key risks of generative AI

  • A report from Singapore’s Infocomm Media Development Authority identifies the top risks of generative AI and proposes a framework to address them.
  • In addition, it has established a foundation that seeks to develop test toolkits to mitigate the risks of adopting AI.
  • According to the report, some of the key risks of generative AI are hallucinations, accelerated disinformation, copyright challenges and embedded biases.

United Kingdom

ICO warns businesses should not be blind to risks of AI

  • The ICO warns it will check whether businesses have addressed the privacy risks of generative AI before adopting the technology.
  • The authority reiterates that organizations must also check whether they are a controller or processor of personal data, prepare a DPIA, work out how to limit unnecessary processing and decide how to comply with individual rights requests.
  • Organizations also need to assess whether generative AI would make solely automated decisions.

BA, BBC and Boots have been hit with cyber security breach with contact and bank details exposed

  • The BBC, British Airways, Boots and Aer Lingus have all fallen prey to a cyber-attack by a ransomware group named Clop.
  • The group have claimed that victims who refuse to pay a ransom will be named and shamed on the group’s website.
  • The incident arose from a vulnerability in the MOVEit Transfer software, used by all the companies, which was exploited by Clop.


More Posts

Send Us A Message