Send us a Text Message.

This week's Privacy Corner dives into several data privacy battles:

- EU privacy group noyb filed complaints against Meta alleging its AI training policy violates GDPR rules on transparency, data subject rights, and lawful processing.
- Noyb also targeted Microsoft, accusing them of misleading schools about their role in data processing for Microsoft 365 Education products and secretly tracking student data.
- The Australian privacy regulator dropped its investigation into TikTok's use of tracking pixels due to limitations in the outdated Privacy Act, but launched proceedings against healthcare provider Medibank for a massive data breach.

Send us a Text Message.

Privacy Corner Newsletter Summary

This week's newsletter covers several key privacy topics:

- EDPB vs OpenAI: The European Data Protection Board (EDPB) is investigating OpenAI's ChatGPT software to ensure it complies with GDPR regulations.

- UK's GDPR reforms are dead: The UK's attempt to reform data protection laws has stalled due to upcoming elections. The proposed changes, including a new "recognized legitimate interests" legal basis and relaxed data subject rights, are unlikely to be revived soon.

- Irish DPC's 2023 report: The Irish Data Protection Commissioner (DPC) report shows a significant increase in workload and fines issued in 2023.

Send us a Text Message.

This week's newsletter covers developments in AI regulation, enforcement actions by the ICO, and updates on the APRA draft.

Key takeaways:

• Colorado passed a new law (CAIA) regulating high-risk AI systems. Similar to the EU AI Act, it focuses on transparency, accountability, and preventing bias in areas like healthcare and finance.
• The ICO dropped its case against Snap's AI chatbot but is investigating Microsoft's new Recall feature. Recall captures screenshots of user activity, raising privacy concerns.
• A revised draft of the APRA clarifies data minimization rules, shortens response times to data requests, and adds new data broker regulations. Pre-emption, a controversial aspect, remains largely unchanged.

Send us a Text Message.

This week's Privacy Corner dives into the latest data privacy developments:

🇬🇧 US: Maryland and Vermont passed groundbreaking privacy laws with strong data minimization requirements and a private right of action in Vermont (similar to California's CCPA).
🇬🇧 UK: The ICO is seeking views on how to uphold data subject rights in generative AI but avoids the right to rectification challenge.
🇪🇺 EU: The European Commission is investigating Meta (Facebook & Instagram) under the Digital Services Act (DSA) for potentially harming children and failing to meet age verification requirements.

Send us a Text Message.

This Week in Privacy: AGs Block US Privacy Bill, China Blamed for UK Hack, Finnish Retailer Fined Heavily

US: Attorneys General from 15 states oppose the American Privacy Rights Act (APRA) due to concerns about preemption of state privacy laws.
UK: Government suspects China of a cyberattack on the military payroll system, exposing names and bank details.
Finland: Data Protection Authority fines online store €856,000 for requiring account creation and indefinitely storing customer data.

Send us a Text Message.

This week's Privacy Corner newsletter covers a range of important topics:

• Generative AI and GDPR: Privacy advocacy group noyb filed a complaint against OpenAI, alleging its AI tool ChatGPT violates user privacy by generating inaccurate personal data. The crux of the issue lies in whether noyb expects OpenAI to fix inherent limitations of the technology and the applicability of GDPR in this case.
• Fines for Location Data Sharing: The FCC penalized four major US wireless carriers nearly $200 million for allegedly sharing customers' location data with third parties without proper consent. This action reflects growing regulatory scrutiny around data privacy, especially concerning sensitive information like location.
• Updated Health Breach Notification Rule: The FTC finalized amendments to the Health Breach Notification Rule, expanding its scope to cover health apps and unauthorized disclosures of health information, not just security breaches. This highlights the evolving privacy landscape in the US healthcare sector.

Send us a Text Message.

In this week’s Privacy Corner Newsletter:

• Why a new US law that protects data from “foreign adversaries” extends beyond just TikTok.
• What the EDPB has planned for the next three years.
• How the ICO lost its appeal against Experian.

Send us a Text Message.

In this week’s Privacy Corner Newsletter:

• European data protection authorities say “no” to (some) “consent or pay”.
• California’s privacy regulator says “no” to the new US federal privacy bill.
• The Federal Trade Commission (FTC) says “no” to telehealth provider Cerebral's alleged sharing of its users’ sensitive information.