Data Protection News Update 23 September 2024

United Kingdom

Instagram boosts privacy and parental control on teen accounts

  • Instagram is changing the way it works for teenagers, putting more “built-in-protections” for young people, and added controls and reassurance for parents. These changes will be introduced from tomorrow in the US, UK, Canada and Australia.
  • The changes will turn many privacy settings on for default for all under 18s. This includes making their content unviewable to those not following them, and making them actively approve all new followers.
  • To adjust the settings, teens aged 13-15 will have to add a parent or guardian to their account.
  • The NSPCC has said the measures are a “step in the right direction”, but expressed concern the account settings can “put the emphasis on children and parents needing to keep themselves safe.”

Linkedin Halts AI Data Processing in the U.K. Aid Privacy Concerns Raised by the ICO

  • The U.K. Information Commissioner’s Office (ICO) confirmed Linkedin (the professional social networking platform) has suspended processing users’ data in the U.K. to train its AI models.
  • The ICO is also keeping an eye on companies that offer generative AI capabilities, to ensure these have adequate safeguards in place and take steps to protect the information rights of U.K. users.

UK’s privacy watchdog takes credit for rise of ‘consent or pay’

  • The ICO has claimed their crackdown on websites that don’t ask for consent from visitors to track and profile their activity for ad targeting has succeeded.
  • The changes driven up by the intervention have seen sites adopting the “pay or consent” paywall, that demands users pay a fee to access content or agree to be tracked and profiled for ad targeting.
  • An ICO spokesperson said that the ICO is now reviewing the ‘consent or pay’ business model following their consultation in early 2024.

United States

FTC Staff Report Finds Large Social Media and Video Streaming Companies Have Engaged in Vast Surveillance of Users with Lax Privacy Controls and Inadequate Safeguards for Kids and Teens

  • New Federal Trade Commission (FTC) staff report has found that large social media and video streaming companies have engaged in vast surveillance of customers to monetize their personal information. Additionally, they have failed to adequately protect users online, especially children and teens.
  • The FTC Chair Lina M. Khan has said “while lucrative for these companies, these surveillance practices can endanger people’s privacy, threaten their freedoms, and expose them to a host of harms”. These harms include identity theft and stalking.
  • The report found the collection and retention of data, including information from data brokers, about users and non-users of their platforms. The report stated that the data collection, minimization and retention practices were “woefully inadequate”. Some companies did not delete all user data in response to deletion requests.
  • The business model of these companies incentivized the mass collection of user data to monetize, especially through targeted advertising. Users and non-users also had limited means to opt out of how their data was used by automated systems, and the testing for these systems was not standardized.

Europe

Fears Spain’s new tourism rules could breach Britons’ privacy rights

  • British tourists’ privacy rights could be breached by new Spanish regulations on the tourist industry. The regulations mean Spanish hotels, travel agencies and vehicle rental companies must provide up to 18 extra details about tourists.
  • The list of data to be collected includes payment methods, contract details, home addresses, mobile phone numbers and email addresses of visitors.
  • According to a 2022 ruling by the European Court of Justice, collection of personal data of tourists must be restricted to what is strictly necessary.
  • The Confederation of Spanish Hoteliers and Tourist Accommodation has said “The collection and storage of data, as proposed, does not respect the principles of proportionality and minimisation, which could generate sanctions, legal actions and greater legal uncertainty for the obligated subjects.”

International

X names Brazil legal representative as it fights ban in the country

  • X has named a legal representative in Brazil, addressing one of the demands imposed by Brazil’s Federal Supreme Court to allow X to operate in Brazil again. Brazil’s Federal Supreme Court ordered telecommunications providers to block X following X’s non-compliance with court orders to take action against the spread of hate speech.
  • X closed its offices in Brazil in August, leaving the company without a legal representative in Brazil (required by Brazilian law).
  • The lawyers representing X have also said that X is starting to comply with the orders to remove content.

Australia introduces limited package of Privacy Act reforms to Parliament

  • The first package of the Australian government’s new Privacy Act reforms has been introduced in Parliament in the Privacy and Other Legislation Amendment Bill 2024.
  • The amendment focuses on the structural framework and powers underpinning the legislation, and enhancements (rather than fundamental changes).
  • The bill allows for increased legal action for serious breaches of privacy and enforcement for infringements of the Australian Privacy Principles (APPs).

Share:

More Posts

Send Us A Message