“Did you miss me”– the EDPB. This week we see data protection as the star again, and by that I mean the EDPB has published a gazillion documents.
Aftershocks of the earthquake in Türkiye continue to be recorded, including in magnitudes of 5.0 or more. Here is more on the issue, and how you can help. Please consider helping and sharing with others.
🔏 Data Protection & Privacy
The European Data Protection Board (“EDPB”) published its one-stop-shop case digest on right to object and right to erasure. Ah, puns. Not just a blogger thing. The digest elaborates on the relationship between the rights, exercising them, and complaint handling procedures. Excited face.
You get a document, you get a document, and you get a document. Everybody gets a document. The EDPB also published three guidelines following public consultation:
1- Guidelines 05/2021 on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR. The guideline lays down the criteria for the transfer to be subject to Chapter V, consequences in case, and safeguards to be provided if personal data are processed outside the EEA.
2- Guidelines 07/2022 on certification as a tool for transfers. The guidelines focus on the transfers of personal data to third countries or to international organisations on the basis of certification per the GDPR.
3- Guidelines 03/2022 on deceptive design patterns in social media platform interfaces: how to recognise and avoid them. The document analyses applicable GDPR provisions and gives examples of deceptive design patterns in use cases of the life cycle of a social media account. The guideline provides for best practice recommendations and a checklist of deceptive design pattern categories. Guess my fav part, yes it’s the fancy-names checklist.
The First-Tier Tribunal has ruled on data mogul Experian’s appeal to the UK’s Information Commissioner’s decision. The ruling held that Experian had not processed the personal data of over 5 million individuals transparently, fairly or lawfully because it failed to notify them that it was processing their data for direct marketing purposes. But apparently, using credit reference data for direct marketing purposes was not unfair. Discussions shall ensue.
Denmark’s Data Protection Authority has published a guideline on cookie walls. It was reported that generally, a mechanism whereby website visitors can access the content of a website or a service in exchange for either giving consent to the processing of personal data, or for payment, is compliant with the requirements for valid consent pursuant to data protection rules. Be that as it may, allowing partial access to content once visitors’ consent is obtained, while allowing access to all content when visitors subscribe, did not meet the requirements for valid consent under the GDPR. So, the service offered against consent needs to be equivalent, to a large extent, to that which is offered against subscription and payment – if we want to talk about free choice.
📑 Policy
The European Commission, the EU Council, and the External Action Service have banned staff from using TikTok. Staff have been instructed to remove the app from their work and personal devices which hold work-related apps. The ban cites cybersecurity and data protection concerns, and comes after the US ban for federal government devices back in December.
👩🏼🎨 Intellectual Property
The US Copyright Office said it, not me: you can’t copyright AI-generated images. The Office cited cases in which human authorship was underlined as a requisite for copyright protection. A direct quote would be a good way to wrap this up: Urantia Found. v. Kristen Maaherra “some element of human creativity must have occurred in order for the Book to be copyrightable” because “it is not creations of divine beings that the copyright laws were intended to protect.” Divine beings-AI art generators, tomato-tomato?
📄 Recommended Readings
Here is a concise list –in no particular order– of recent publications that caught my eye this week.
Regulating Big Tech: Factual Foundations and Policy Goals by Carl Shapiro
Smart city governance from an innovation management perspective: Theoretical framing, review of current practices, and future research agenda by Luca Mora, Paolo Gerli, Lorenzo Ardito & Antonio Messeni Petruzzelli
I am in no way affiliated with the authors or publishers in sharing these, and do not necessarily agree with the views contained within. I try to include mostly open access publications due to, well you know, accessibility of knowledge and science.
Featured image generated on Midjourney
