Data Protection News Update 25 September 2023

United Kingdom

UK passes the Online Safety Bill

  • The law, signed off by the Houses of Parliament, will become law soon;
  • It purports to make the UK the “safest place in the world to be online by placing new duties on social media companies”;
  • The bill presents stronger protections for children, increased controls for adults and clarify for social platforms.

ICO to investigate data breach of Greater Manchester Police

  • The investigation follows the media reporting of a third-party data breach that has allegedly exposed the personal data of GMP’s officers and staff;
  • The breach apparently affected a company that produces GMP’s staff ID cards;
  • The ICO reminds readers that organisations “must look after employee information, particularly in sectors where the impact of a data breach could be greater”.

United States

Report from NYU identifies privacy gaps in metaverse

  • The report came from NYU’s Stern Center for Business and Human Rights; 
  • The metaverse riles on XR (extended reality) technologies which inherently require the gathering and processing of vast quantities of personal and bodily data; 
  • the report claims that if steps are not taken, along the lines of “known best practices”, the highly sensitive data revealed when compiled over time can be leveraged for commercial or political gain; 
  • According to the report, the bodily data alone can be used to deduce behavioural and psychological information about the user. 


Norway’s DPA set to probe major political parties in Stavanger regarding possible unlawful processing

  • This comes after residents received a campaign email on the 20th of August ahead of municipal elections;
  • All recipients were parents of children in kindergartens and schools in Stavanger municipality;
  • The DPA’s investigation will attempt to determine whether the affected resident’s personal information was legally released by the municipality under the Public Information Act.

Two-month-old EU-US DPF facing widespread criticism

  • A petition to annul the EU-US Data Privacy Framework, filed by a French member of European Parliament, has gained support from members of Germany’s Bundestag;
  • Maximilian Funke-Kaiser, digital policy spokesperson for the liberal FDP, claims “a legal review is not unexpected for me, since personal data from Europe do not enjoy the same level of protection in all aspects in the USA as in the EU, even after the reissue of the Privacy Shield”;
  • Petra Sitte, technology policy spokesperson for the Left Party parliamentary group, says “the European Commission must understand that its attempts at a transatlantic data transfer agreement will only be valid if something substantially changes”.


Saudia Arabia enacts Personal Data Protection Law

  • The law is the first comprehensive data protection law in Saudia Arabia, seeking to regulate the collection, processing, disclosure, and preservation of personal data.


More Posts

Send Us A Message