Data Protection News Update 23 October 2023

United Kingdom

UK is estimated to have lost out on £2billion in tax due to big tech

  • TaxWatch, a campaign group advocating for greater tax transparency, has published an analysis indicating that the seven big tech companies that are headquartered in the US (including Apple and Alphabet) have paid only £750million in UK corporation tax and digital sales tax when in fact £2.8billion were estimated to be due. The big tech companies have avoided paying the amount that was due by having the profits routed elsewhere.
  • The campaign group admits that the figures mentioned in the analysis are only rough estimates due to the lack of data in public company reports. It has identified that the lack of data is part of the problem which needs solving.

Clearview AI overturns ICO fine

  • Clearview AI is a company that allows clients to search its database containing countless images scraped from the internet for matches for a particular face. Clients can upload a photo and the system finds matches in the database.
  • In 2021, the ICO issued a fine of £7.5million against Clearview AI.
  • Clearview AI’s appeal of this fine was successful due to the lack of jurisdiction of the ICO and the ICO stated that it would ‘take stock’ of the judgement.

UK publishes updated app store and developer code of practice

  • UK Department for Science, Innovation and Technology updated its app store and developer code of practice which was originally published in December 2022.
  • It was also announced that the implementation of the code was extended to March 2024.

United States

Judge approves Google’s privacy settlement

  • U.S. District Court Judge in San Jose approves a settlement in one of Google privacy lawsuits, bringing a 13-year legal battle to an end. Google has agreed to pay USD23 million.
  • In the lawsuit in question, it was alleged that Google disclosed user’s queries to external publishers. Users stated that those disclosed queries sometimes included identifiable information on the users.


CNIL conducts consultation on AI

  • France’s data protection authority, CNIL, has published its first ‘how-to sheets’ on the ‘creation of datasets for the development of artificial intelligence systems’.
  • Those information sheets were the topic of consultations that are going on until the 16th of November 2023.
  • It is intended that these information sheets will help businesses and professionals to find the right balance between innovation and respecting people’s rights and will support ‘the actors of the AI ecosystem in their efforts to comply with the legislation on the protection of personal data’.

ByteDance appeals €345million fine

  • ByteDance, TikTok’s parent company, has decided to appeal the fine of €345million it had received for allegedly violating the GDPR.
  • Furthermore, the company is challenging an order by the DPC to stop ‘deceptive or manipulative practices’ concerning users’ privacy in Ireland.
  • The appeal will be decided by the EU General Court.

CNIL publishes FAQ on the EU-US Data Privacy Framework

  • The FAQ details how French entities should transfer personal data to the US in cases where the organisation in the US is not certified to the EU-US Data Privacy Framework.


Hong Kong Privacy Commissioner for Personal Data warns against ransomware attacks

  • In a blog post last week, Hong Kong’s Privacy Commissioner for Personal Data, Ada Chung, warns businesses to be vigilant and to put in place measures to prevent ransomware attacks from succeeding.
  • Two public organizations recently suffered personal data breaches caused by ransomware attacks which were the cause for this warning.
  • The Check Point’s 2023 Mid- Year Cyber Security Report from August 2023 revealed that in the second quarter of 2023, there was a 8% rise in global weekly cyberattacks which is ‘the most significant increase in the past two years’.
  • She says that “the escalating number of cybersecurity incidents is a wake-up call to all”


More Posts

Send Us A Message