Hello Friends,
“Europe is leading and will continue to lead in AI legislation. This first set of regulations to manage risk and develop lawful use of AI. All of this is perfectly consistent with our will to be world leaders in digital innovation based on EU values such as privacy and respect for fundamental rights” said European Parliament President.
Enjoy reading!
Privacy Enforcement
Sweden’s DPA issues SEK 58M GDPR Fine to Spotify
Sweden's data protection authority, the Integritetsskyddsmyndigheten, fined Spotify SEK58 million for alleged EU General Data Protection Regulation violations related to transparency. It was found that Spotify responds to data access requests but does not inform clearly enough about how this data is used by the company. The regulator added Spotify needs to be more specific with its disclosure of data practices and make it easy for the person requesting access to their data to understand how the company uses this data.
FCC issues $ 5.1M Fine over Nonconsensual Robocalls
The U.S. Federal Communications Commission announced a USD5,134,500 fine to lobbying consultancy J.M. Burkman & Associates for directing 1,141 spam calls without individuals' consent. The calls duped individuals into thinking personal data associated with mail-in voting would be collected and used to track down individuals for overdue legal warrants and credit card debt. There was no evidence suggesting consent to contact individuals was obtained.
FTC fines Microsoft $20M for alleged COPAA Violations
The U.S. Federal Trade Commission announced a USD20 million fine against Microsoft for alleged Children's Online Privacy Protection Act violations related to its Xbox gaming system. The FTC claimed Microsoft did not obtain parental consent for Xbox account data collection on users under age 13 before carrying out the collection. Corrective actions in the proposed order, which is subject to federal court approval, call on Microsoft to obtain parental consent for any outstanding nonconsensual Xbox accounts and stand up a data deletion program.
Privacy in Spotlight
Garante probes TikTok’s alleged Chinese Data
Italy's data protection authority, the Garante, called on TikTok to explain reports of its personal data being accessed by the Communist Party of China. The Garante gave the company 15 days to produce a response to the reports and outline how Italian and EU users' data is protected from alleged government access.
Regulations
EU moves Closer to Passing One of the World’s First Laws Governing AI
The EU took a significant step in its efforts to pass the world's first regulation of artificial intelligence. In a full plenary vote, the European Parliament agreed upon a negotiating position on the proposed AI Act, the final step before a three-way negotiating process — known as a trilogue — takes place. The AI Act takes a risk-based, tiered approach to regulate AI and includes outright bans of high-risk AI applications.
Nevada passes Health Data Privacy Bill
The Nevada Legislature granted final passage to SB 370, a health data privacy bill modeled after Washington's My Health My Data Act. The bill was amended before final passage by the Nevada State Assembly on 5 June to include an exemption for profiling that does not include personal health data and a new effective date of 31 March 2024. Unlike Washington's law, SB 370 does not carry a private right of action. The finalization of Nevada's bill is pending the governor's approval.
ICO updates UK Children’s Code Guidance on Edtech
The U.K. Information Commissioner's Office announced updates to its Children's Code guidance concerning education technology providers and services. The updates aim to clarify when an ed-tech provider or product falls within the scope of the Children's Code. The scope is clarified to include services likely to be accessed by children on a direct-to-consumer basis and those provided to children through a school, where the edtech provider influences the nature and purpose of the processing of children’s personal information.
Nigerian President approves Data Protection Bill into Law
President Bola Tinubu signed the Nigeria Data Protection Bill, 2023 into law on 14 June. The law creates the Nigeria Data Protection Commission headed by a national commissioner tasked with regulating how entities process personal information. One of the mandates the NDPC is assigned includes facilitating "the development of personal data protection technologies, in accordance with recognised international good practices."