Although it’s a brand new year, it’s been yet another week-another set of data protection legislation violations. Yes we all saw the news, no this does not mean I’ll be skipping it. Sometimes I like stating the obvious with a teeny tiny twist of my own. On with this week’s IT Law news!
🔏 Data Protection & Privacy
This week, leaving the big brother house is (dramatic pause) behavioral advertising. The Irish Data Protection Commission (“DPC”) announced the preparation of its draft decision fining Meta Ireland €390 million for lack of legal basis for behavioral advertising. Meta will also be ordered to compliance within 3 months. The decision comes after, and reflects the EDPB’s binding decision (featured here). Bottom line: Meta cannot rely on the contract legal basis for behavioral advertising. Curious to see which legal basis will be cooked up in the Meta kitchens.
Apple fined €8 million over lack of consent for advertisement tracking by the French Supervisory Authority (“CNIL”). The CNIL found that identifiers, including personalisation of ads on the App Store, were deposited/written without consent in an old version of iOS (14.6 to be precise). It was also found that users could only opt out after a lengthy search after the initialization process of the phone. If I close my eyes really tight, I can almost see the user-friendly design.
Google agreed to pay $23 million in proposed settlement of lawsuit from 2011 regarding nonconsensual sharing of search queries. Although Google had originally agreed to settle the case for $8.5 million in 2013 but courts had vacated the settlement in light of Spokeo, Inc. v. Robins. The settlement comes after consumers claimed Google’s search engine shared their queries with advertisers and other third parties without their consent. The proposed settlement would also require Google provide added disclosures to consumers about the sharing of queries. The settlement is still pending court approval. Seemed fair to me tbh, but we’ll see.
Less of the breach and some compliance news now, I’m as shocked as you are: Microsoft announced the Microsoft EU Data Boundary for the Microsoft Cloud as of January 1st. Users in Europe will now have the ability to store and process their customer data within the EU Data Boundary. Although, the announcement doesn’t point to a specific legal instrument but stresses meeting regulatory requirements and industry-specific standards. Thank you, kind sir.
🤖 Artificial Intelligence
It’s alive! AIAAA – AI as an attorney. According to a piece in the New Scientist, an AI will be arguing the first legal case ever in February. The consumer advocacy organisation DoNotPay has developed the AI, which coincidentally calls itself “The World’s First Robot Lawyer”, as a chatbot. It will run on a smartphone and listen to everything in the courtroom before instructing the defendant on what to say. So no terminator in a suit here, but still exciting nonetheless. The exact venue and time of the hearing are tba. Stay tuned in in February for more!
🛒 E-Commerce & Digital Consumer
Tobacco purchases in Nevada now come with a side of a digital ID scan. The amended law requiring scan of customer IDs for analogue sales, and the upload of IDs for online sales of tobacco has come into force as of January 1st. How the data is to be collected and stored is not necessarily clear, though.
💻 Tech
WhatsApp has launched support for proxy servers for access to the app from censored jurisdictions. The option is easily accessible (through the app settings) and WhatsApp guarantees end-to-end encryption protections during use. However, IP addresses are shared with third-party proxies. I do hope none reading need to evaluate this opportunity cost, but if you do-I’m sorry.
📄 Recommended Readings
Here is a concise list –in no particular order– of recent publications that caught my eye this week that you may also find interesting, having come all the way to the bottom of the page, for which I thank and congratulate you 🤓
The Digital Services Act (DSA)-An Overview by Folkert Wilman
The Definitions in Article 3 of the EU Law Enforcement Directive: Commentary by Luca Tosoni & Lee A. Bygrave
What is ‘Data’? Definition in International Legal Instruments on Data Protection, Cross-Bordeer Access to Data & Electronic Evidence by Karine Bannelier & Anaïs Trotry
I am in no way affiliated with the authors or publishers in sharing these, and I try to include mostly open access publications due to, well you know, accessibility of knowledge and science.
2 thoughts to “Berry Picks in IT Law #5”