Send us a Text Message.

This Week in Privacy: Stalled Law, Meta's AI U-Turn, and Snap Appeasement

This edition of the Privacy Corner Newsletter dives into three key privacy headlines:

- Vermont's ambitious privacy bill, H.121, gets vetoed due to concerns about its impact on businesses. The bill included strong consumer rights and data minimization requirements.
- Meta delays its plan to train AI models on user posts following intervention from the Irish DPC. Privacy group noyb claims a "preliminary win" due to their complaints.
- The UK ICO reveals why it dropped an enforcement notice against Snap. The social media company took ten steps to address data protection risks associated with its My AI chatbot feature.

Send us a Text Message.

This Week's Privacy News Roundup: GDPR, Privacy Sandbox, and Child Data Protection

This week's Privacy Corner dives into key data privacy developments:

- UK Court Considers EU Law in GDPR Case: A UK court judgement clarifies the "household exemption" and "right of access" under the UK GDPR, referencing relevant EU law.
- Noyb Challenges Google Chrome's Privacy Sandbox Consent Flow: Privacy group noyb argues Google's method of obtaining consent for Topics ad targeting violates the GDPR.
- New York Enacts Strict Child Data Protection Act: New York introduces a strong child data privacy law with tight restrictions on data collection and a high bar for consent.

Send us a Text Message.

This week's Privacy Corner dives into several data privacy battles:

- EU privacy group noyb filed complaints against Meta alleging its AI training policy violates GDPR rules on transparency, data subject rights, and lawful processing.
- Noyb also targeted Microsoft, accusing them of misleading schools about their role in data processing for Microsoft 365 Education products and secretly tracking student data.
- The Australian privacy regulator dropped its investigation into TikTok's use of tracking pixels due to limitations in the outdated Privacy Act, but launched proceedings against healthcare provider Medibank for a massive data breach.

Send us a Text Message.

Privacy Corner Newsletter Summary

This week's newsletter covers several key privacy topics:

- EDPB vs OpenAI: The European Data Protection Board (EDPB) is investigating OpenAI's ChatGPT software to ensure it complies with GDPR regulations.

- UK's GDPR reforms are dead: The UK's attempt to reform data protection laws has stalled due to upcoming elections. The proposed changes, including a new "recognized legitimate interests" legal basis and relaxed data subject rights, are unlikely to be revived soon.

- Irish DPC's 2023 report: The Irish Data Protection Commissioner (DPC) report shows a significant increase in workload and fines issued in 2023.

Send us a Text Message.

This week's newsletter covers developments in AI regulation, enforcement actions by the ICO, and updates on the APRA draft.

Key takeaways:

• Colorado passed a new law (CAIA) regulating high-risk AI systems. Similar to the EU AI Act, it focuses on transparency, accountability, and preventing bias in areas like healthcare and finance.
• The ICO dropped its case against Snap's AI chatbot but is investigating Microsoft's new Recall feature. Recall captures screenshots of user activity, raising privacy concerns.
• A revised draft of the APRA clarifies data minimization rules, shortens response times to data requests, and adds new data broker regulations. Pre-emption, a controversial aspect, remains largely unchanged.

Send us a Text Message.

This week's Privacy Corner dives into the latest data privacy developments:

🇬🇧 US: Maryland and Vermont passed groundbreaking privacy laws with strong data minimization requirements and a private right of action in Vermont (similar to California's CCPA).
🇬🇧 UK: The ICO is seeking views on how to uphold data subject rights in generative AI but avoids the right to rectification challenge.
🇪🇺 EU: The European Commission is investigating Meta (Facebook & Instagram) under the Digital Services Act (DSA) for potentially harming children and failing to meet age verification requirements.

Send us a Text Message.

This Week in Privacy: AGs Block US Privacy Bill, China Blamed for UK Hack, Finnish Retailer Fined Heavily

US: Attorneys General from 15 states oppose the American Privacy Rights Act (APRA) due to concerns about preemption of state privacy laws.
UK: Government suspects China of a cyberattack on the military payroll system, exposing names and bank details.
Finland: Data Protection Authority fines online store €856,000 for requiring account creation and indefinitely storing customer data.

Send us a Text Message.

This week's Privacy Corner newsletter covers a range of important topics:

• Generative AI and GDPR: Privacy advocacy group noyb filed a complaint against OpenAI, alleging its AI tool ChatGPT violates user privacy by generating inaccurate personal data. The crux of the issue lies in whether noyb expects OpenAI to fix inherent limitations of the technology and the applicability of GDPR in this case.
• Fines for Location Data Sharing: The FCC penalized four major US wireless carriers nearly $200 million for allegedly sharing customers' location data with third parties without proper consent. This action reflects growing regulatory scrutiny around data privacy, especially concerning sensitive information like location.
• Updated Health Breach Notification Rule: The FTC finalized amendments to the Health Breach Notification Rule, expanding its scope to cover health apps and unauthorized disclosures of health information, not just security breaches. This highlights the evolving privacy landscape in the US healthcare sector.