Latest Worldwide Developments on Personal Data
Joint guide to ASEAN, EU contractual clauses published.
The Association of Southeast Asian Nations and the European Commission released joint guidance on the application and use of respective contractual clauses. The guide aims to provide a high-level comparison of ASEAN model contractual clauses and the EU's standard contractual clauses to help facilitate cross-border data transfers. By comparing and contrasting the clauses, the guide also provides best practices for companies to meet the requirements set forth in both jurisdictions.
Employees shared TikTok user data on internal platform.
The New York Times reports it obtained company documents showing TikTok employees posted user information on an internal messaging platform called Lark. According to the documents, driver's licenses and other content, including child sexual abuse materials, were accessible on Lark. Four current and former employees said they raised concerns to the company about access to the materials, while one employee asked in an internal document, "Should Beijing-based employees be owners of groups that contain secret" user data.
CNIL closes injunction against Microsoft.
France's data protection authority, the Commission nationale de l'informatique et des libertés, closed a December 2022 injunction against Microsoft. The CNIL at the time fined the company 60 million euros and ordered the company to correct cookie practices within three months or face a daily penalty of 60,000 euros. Microsoft "responded within the allotted timeframe and made technical modifications so that tracking linked to the fight against advertising fraud would be inactive in the absence of specific consent from French users," the CNIL said of its decision.
European Commission, Google working on AI governance standards.
Reuters reports European Commissioner for Internal Market Thierry Breton indicated the European Commission is working with Google on an artificial intelligence standards agreement in the leadup to potential passage of the EU's proposed AI Act. Breton said the pact would aim to get EU and non-EU AI developers to adopt common governance practices and principles on "a voluntary basis ahead of the legal deadline" for the AI Act.
Google announces next stages of Privacy Sandbox.
Google announced the next stages of its Privacy Sandbox plans, as it continues work toward the deprecation of third-party cookies in the second half of 2024. Privacy Sandbox relevance and measurement tools will be available for developers with Chrome's July release and the company plans to deprecate third-party cookies for 1% of Chrome users in the first quarter of 2024. In the fourth quarter of 2023, developers will be able to "simulate Chrome third-party cookie deprecation for a configurable percentage of their users."
Dutch consumer groups preparing privacy class-action suit against Google.
Dutch consumers' associations Consumentenbond and Stichting Bescherming Privacybelangen are preparing to file a class-action lawsuit against Google for tracking, collecting and selling consumers' data without consent, NL Times reports. "Google collects data in a way where real consent from users is impossible," the Consumentenbond said. The associations are calling on Google to pay compensation to its Dutch users.
Biden administration announces actions to protect children's privacy online
The Biden administration announced several actions to protect children's mental health, safety and privacy online. The U.S. Department of Commerce will lead an interagency Task Force on Kids Online Health and Safety "to advance the health, safety and privacy of minors online," while the Department of Education will address concerns around monetization of minor students' data by commercial entities, including commencing a rulemaking under the Family Educational Rights and Privacy Act.
TikTok seeks to block Montana ban
The Washington Post reports TikTok sued the state of Montana over its recently passed ban of the platform. TikTok claimed the ban violates users' rights to free expression under the First Amendment and spokeswoman Brooke Oberwetter said the company "will prevail based on an exceedingly strong set of precedents and facts." Gov. Greg Gianforte, R-Mont., previously said the ban was necessary to protect private data and sensitive personal data from foreign adversaries.
Click on the link for the full story.
EU lawmakers to begin negotiations on Cyber Resilience Act
EU lawmakers next week will discuss areas of compromise on the proposed Cyber Resilience Act, Euractiv reports. Main points of discussion around the proposal regulating cybersecurity of connected products include manufacturers' obligations, reporting, compliance and enforcement. The proposal's scope has been expanded to include products with digital elements that can directly or indirectly connect to a device or network. Connected devices developed for the defense sector, or those with national security or military purposes, have been excluded.
Google to pay $39.9M location privacy settlement
EU lawmakers next week will discuss areas of compromise on the proposed Cyber Resilience Act, Euractiv reports. Main points of discussion around the proposal regulating cybersecurity of connected products include manufacturers' obligations, reporting, compliance and enforcement. The proposal's scope has been expanded to include products with digital elements that can directly or indirectly connect to a device or network. Connected devices developed for the defense sector, or those with national security or military purposes, have been excluded.