In this week’s Global News Roundup, South Korea’s data protection authority fined Meta for reportedly requiring customers to give up personal information to use certain platforms. Italy’s data protection authority, the Garante, banned U.S.-based artificial intelligence chatbot company Replika from processing Italian citizens’ personal data. Compromise amendments for the draft EU AI Act were introduced in European Parliament. And several U.S. states advanced various pieces of privacy legislation.
The Latest
The European Data Protection Board published the agenda for its 75th plenary session Feb. 14, which includes leadership elections and discussion on its nonbinding opinion regarding the proposed EU-U.S. Data Privacy Framework.
European Parliament's Industry, Research and Energy Committee adopted the draft Data Act.
Enforcement
South Korea’s data protection authority, the Personal Information Protection Commission, fined Meta 6.6 million won “for allegedly disadvantaging its customers refusing to provide personal information.”
The Office of the Privacy Commissioner of Canada is investigating the federal government invoking the Emergencies Act to compel banks to provide security services with the financial information of COVID-19 lockdown protestors last year.
France's data protection authority, the Commission nationale de l'informatique et des libertés, published a study on the economic stakes of the Data Governance Act, set to enter into force Sept. 24.
Italy's data protection authority, the Garante, banned U.S.-based artificial intelligence chatbot company Replika from processing the personal data of Italian users.
The Netherlands' data protection authority, Autoriteit Persoonsgegevens, fined the municipality of Rotterdam and police 50,000 euros for using two cars equipped with cameras to monitor compliance with COVID-19 measures “without first assessing the privacy risks this might entail.”
Norway’s data protection authority, Datatilsynet, maintained a fine of 10 million kroner issued against fitness center chain Sats for alleged breaches of the Personal Data Protection Regulation.
Canada
Officials from Quebec’s data protection authority, the Commission d’acces a L’information du Quebec, presented a brief on Bill 3 to the National Assembly.
Europe
The European Parliament supported a proposal for complementary rules to the Digital Services Act and Digital Markets Act targeting online political advertising.
European Parliament co-rapporteurs Brando Benifei and Dragoș Tudorache proposed compromise amendments to the Artificial Intelligence Act.
US
A subcommittee of the U.S. House Financial Services Committee reviewed a draft financial data privacy bill Feb. 8.
U.S. President Joe Biden discussed children’s safety online, as well as the need to strengthen data privacy for citizens, among other topics during his State of the Union address Feb. 7.
U.S. Sens. Bob Casey, D-Pa., Cory Booker, D-N.J., and Brian Schatz, D-Hawaii, introduced the Stop Spying Bosses Act to protect employees against "invasive and exploitative surveillance technologies."
A bill introduced in the California Legislature would establish an office of artificial intelligence within the Department of Technology.
The Illinois state House of Representatives adjourned its 2023 session without passing HB 3910, the Consumer Privacy Act.
The Indiana state Senate passed SB 5, which proposes to amend state law governing trade regulation to set data protection requirements for private entities controlling personal data.
New York Assembly Bill A01362, the Biometric Privacy Act, was introduced in the state Senate as Bill S04457 and assigned to the Consumer Protection Committee.
After passing the Virginia state Senate, SB 1087, which would establish requirements for medical testing companies to safeguard genetic data, had its first reading in the House of Delegates.
The Virginia Consumer Data Protection Act; protections for children, HB 1688, unanimously passed in the state Senate’s General Laws and Technology Committee.
Guidance
Digital advertising agencies in the EU and U.S. are seeking to grow their levels of privacy expertise as new privacy regulations around the world are set to go into effect in 2023.
New York City’s Office of Information Privacy updated its “Citywide Privacy Protection Policies and Protocols” to enhance collaboration between cybersecurity and privacy efforts.
ICYMI
Australia is well-positioned to restore balance in the “Faustian bargain” citizens must accept to enjoy the conveniences technology offers, while forsaking their digital privacy, Data Compliance Executive Advisor David Mesman, CIPP/E, CIPM, CIPT, FIP, writes.
The Court of Justice of the European Union issued a significant ruling for data protection officers, which centered around Article 38 of the EU General Data Protection Regulation. The decision will be an important consideration for privacy pros and organizations as they “grapple with the challenging confluence of regulatory compliance and business practice,” IAPP Director of Research and Insights Joe Jones said.
U.K. Prime Minister Rishi Sunak announced the creation of four new government departments, including a dedicated Department for Science, Innovation and Technology focused on technical innovations. The IAPP's Joe Jones said the changes “could pave the way for advances to the U.K. government’s work to reform the (General Data Protection Regulation), to secure new international ‘data bridges,’ and more.”
The U.S. Federal Trade Commission's enforcement action against telehealth and discount prescription provider GoodRx has important takeaways for privacy programs that handle health-related data. It also signals an increase in the FTC's use of its unfairness authority in privacy cases, IAPP Managing Director, Washington, D.C., Cobun Zweifel-Keegan, CIPP/US, CIPM, and Westin Research Fellow Amy Olivero write.
In early February, the U.S. FTC published a proposed order that fines GoodRX $1.5 million. To help better understand the novel and complex issues embedded in the case, IAPP Editorial Director Jedidiah Bracy, CIPP, interviewed WilmerHale Partner Kirk Nahra, CIPP/US, to discuss some of the takeaways privacy pros should consider.
The California Privacy Protection Agency adopted its first set of proposed final California Privacy Rights Act regulations. IAPP Staff Writer Joe Duball reports on the finalization with reactions from the privacy community.
The Supreme Court of Ohio recently ruled software breaches weren't applicable under general insurance policies. Thompson Hine Partner Steven Stransky, CIPP/G, CIPP/US, and Oswald Companies Vice President and Cyber Strategic Leader Lacy Rex analyze the decision and its reinforcement of important principles organizations must consider when reviewing the scope of their cybersecurity frameworks and insurance needs.
