Data Protection News Update 24 April

United States

Google is using AI in tests for cookie alternative

  • As part of Google’s work towards a third-party cookie deprecation, it has recently employed artificial intelligence to build a “privacy-preserved” ad-targeting model.
  • In the first quarter, Google Ads ran tests on how interest-based audience solutions that rely on AI react with privacy-preserving signals.
  • Preliminary results showed positive signs of balance between effective advertising and maintaining privacy. 
  • Google Vice President of Global Ads Dan Taylor has said “[o]ur research did not compare the performance of third-party cookies to the Topics API alone but rather a broader suite of signals available in a privacy-first world.

Montana Lawmakers Approve Statewide Ban on TikTok 

  • The Montana House of Representatives have voted 54-43 on final approval of a bill to ban TikTok across the state.
  • This first-of-its-kind state ban on TikTok still requires the signature of Governor Greg Gianforte, R-Monte, who previously banned the app from government-issed devices and state universities. 
  • If the bill is signed, it will take effect from the 1st of January 2024 and will require mobile app stores to make the video app unavailable to Montana users.

Washington state on track to pass broad-based health data privacy law

  • Washington’s State House voted 57-40 for concurrence and final approval of House Bill 1155, the My Health My Data Act.
  • The broad-based data privacy bill takes effect on the 31st of March 2024, establishing consumer rights.
  • The bill also establishes consent requirements for data practices concerning personal health care information and a private right of action.


Garante fines marketing company 300,000 euros 

  • The Garante, Italy’s data protection authority, has fined a digital marketing services company 300000 euros for allegedly illegally processing users’ personal data for marketing purposes.
  • The DPA has said that the company’s online portals used dark patterns to entice users to “pay consent to the processing of data for marketing purposes and to the communication of data to third parties always for the same purpose”. 
  • The company at hand was also unable to demonstrate obtained consent for sending promotional messages, according to the Garante.

European Centre for Algorithmic Transparency opens

  • The European Commission has announced the opening of the European Centre for Algorithmic Transparency.
  • The oversight group will perform assessments on the algorithms that are used by organizations characterized as “Very Large Online Platforms” and/or “Very Large Online Search Engines” under the Digital Services Act. ECAT members include representatives from EU institutions, academia, civil society and industry. 
  • The European Commission said the ECAT will “ensure the thorough analysis of the transparency reports and risk self-assessment submitted by the designated companies, and to carry out inspetions to their systems whenever required by the Commission.”

EU Council looks to modernize Product Liability Directive 

  • The EU Council has circulated a third draft of compromise text for updating the Product Liability Directive.
  • The Directive spells out the circumstances in which software developers will be held legally accountable for their products causing “material damage” to customers.
  • However, the Directive has not been modernized since the 1980s.
  • The new policy would have to be modernized to account for new technological developments, such as artificial intelligence.


Op-ed: Legal redress under China’s PIPL should assuage concerns over TikTok 

  • Despite concerns by US policymakers over the security of TikTok uers’ data, Chinese law allows for redress for individual’s whose privacy has been violated, according to Chi Yin, New York University US-Asia Law Institute Research Scholar, and Tonghui Zhu, Nankai University School of Law associate professor.
  • The two academics point to two instances where TikTok’s Chinese parent company – ByteDance – “inappropriately” obtained data belonging to journalists.
  • The academics say that in that instance, the journalists at stake had grounds to bring lawsuits to hold ByteDance liable under the Personal Information Protection Law.

Federal court backs Facebook in fight with Canada’s privacy commissioner

  • A Federal Court judge has rejected a 2019 ruling by the Office of the Privacy Commissioner of Canada that Facebook violated privacy laws.
  • The commissioner, during its investigation into the Cambridge Analytica revelations, ruled Facebook to have violated the Personal Information Protection and Electronic Documents Act by sharing user data with a third-party app without adequate consent.
  • The judge replied to this explaining that the OPC failed to “discharge their burden to show that it was inadequate for Facebook to rely on good faith and honest execution of its contractual agreements with third-party app developers.”

FPF publishes overview of Tanzania’s PIPA

  • The future of Privacy Forum published an overview of Tanzania’s Personal Information Protection Act, 2022.
  • Tanzania is the “35th country in Africa to enact a standalone data protection law and effectively extends data protection safeguards to more than 63 million people”, Policy Analyst Mercy King’Ori and Policy Counsel for Global Privacy Katerina Demetzou have said.
  • The law contains unique provisions differentiating Tanzania from other countries, including a mandatory requirement for all controllers and processors to appoint a data protection officer, the two have said.

United Kingdom

ICO reprimands police for recording 200k calls 

  • The UK Information Commissioner’s Office has reprimanded Surrey and Sussex police for using an app that recorded and automatically saved more than 200,000 phone calls without individual’s knowledge.
  • The ICO has said that the app had been downloaded onto the work phones of 1015 staff members and that it was “highly likely” that it captured a “large variety of personal data”, the processing of which the ICO determined was “unfair and unlawful”.
  • The ICO has issues the reprimand instead of a 1 million GBP fine per department.

Encrypted chat app executives pen letter opposing UK Online Safety Bill 

  • The heads of multiple encrypted chat apps, WhatsApp and Signal included, have written a letter to the UK government claiming that the proposed Online Safety Bill would in effect “outlaw end-to-end encyrption”.
  • In the letter the executives argue that the bill poses an “unprecedented threat to the privacy, safety and security of every UK citizen and the people with whom they communicate around the world, while emboldering hostile governments who may seek to draft copycat laws”.
  • Will Cathcart, Head of Whatsapp, had already said the app would leave the UK before complying with a law that weakened end-to-end encyrption.

UK applies to Global CBPR Forum

  • The US Department of Commerce’s International Trade Administration announced the UK applied to be an associate in the Global Cross-Border Privacy Rules Forum.
  • This application from the UK marks the first potential additional to the forum since its creation in 2022.
  • Deputy Assistant Secretary of Commerce for Services Neema Singh Guliani has said that “[w]e know that the United Kingdom’s contributions to this body will benefit all partners in our efforts to grow the global digital economy and ensure improved access to vital government and commercial services”.


More Posts

Send Us A Message