Hello and welcome to the third month of the newsletter that is data protection with a side of other IT Law issues!
p.s. this counts as a disclaimer for this week 🤫
Aftershocks of the earthquake in Türkiye continue to be recorded. Here is more on the issue, and how you can help. Please consider helping and sharing with others.
🔏 Data Protection & Privacy
Seems the European Data Protection Board (“EDPB”) has reviewed and issued its opinion on the draft adequacy decision regarding the EU-US Data Privacy Framework. To sum up (when I say sum, I mean a pretty limited summary):
🧩 requirements of the application of the principles of necessity and proportionality for data gathering by the US intelligence gathering & the new redress mechanism for EU data subjects
🚩 “certain rights of data subjects, onward transfers, the scope of exemptions, temporary bulk collection of data and the practical functioning of the redress mechanism”
The US Federal Trade Commission (“FTC”) issued a proposed order with a payout of $7.8 million against online counseling service BetterHelp. The order comes after it was alleged that the service shared consumers’ sensitive data with third parties such as Facebook and Snapchat for advertising. BetterHelp would also be required to:
- obtain affirmative express consent before disclosing personal information to certain third parties
- put in place a comprehensive privacy program including safeguards for consumer data protection
- direct third parties to delete the consumer health and other personal data that BetterHelp revealed to them
- limit how long it can retain personal and health information.
The Catalan Data Protection Authority (“APDCAT”) has published a privacy by design and privacy by default guide for developers. The guide would help developers and commissioning controllers to single out important elements of personal data protection and integrate relevant steps from the moment of design. (oh and p.s. the link is in 🇬🇧!)
The Turkish Data Protection joined the party and issued its decision regarding TikTok. The decision came with a fine of ₺1.75 million (approx. €87,255) after it was found that TikTok’s use of cookies, privacy policy, terms of service and other practice were not in line with Turkish legislation. The platform has been ordered to bring their practice in line with local laws, including the translation of their terms of service into Turkish. You’d think this one would be a given-nope, never assume when it comes to platforms.
📑 Policy
Canada has banned the use of TikTok on government mobile devices. The move is announced as a precaution as TikTok “presents an unacceptable level of risk to privacy and security”, and it has been explicitly stated that there was no evidence of compromised government information. The ban follows previous actions taken by the European Commission and the US. Toodeloo, TikTok.
🛒 E-Commerce & Digital Consumer
The Court of Justice of the EU ruled that the operator of a platform, such as Only Fans, is presumed to be the supplier of the services provided as per the VAT Directive. Here, a taxable person who, in the context of a supply of services, acts as an intermediary in his or her own name but on behalf of another person, is presumed to be the supplier of those services. The Court stated that when a taxable person must be regarded as being the supplier of services that person takes part in the supply of a service by electronic means by operating an online social network platform,
- has the power to authorise the supply of the service, or
- has the power to charge for it, or
- lay down the general terms and conditions of such a supply.
🎩 Competition
The European Commission has sent a Statement of Objections to Apple over concerns over AppStore rules for music streaming providers. The EC takes the view that the contractual restrictions that Apple imposed on app developers which prevent them from informing users of alternative music subscription options at lower prices outside of the app and to effectively choose those, are unfair trading conditions.
📄 Recommended Readings
Here is a concise list –in no particular order– of recent publications that caught my eye this week.
Authoritarian Privacy by Mark Jia (forthcoming)
Computable Economy by Jason Potts
Elements of Effective Policies for Crypto Assets by the International Monetary Fund
I am in no way affiliated with the authors or publishers in sharing these, and do not necessarily agree with the views contained within. I try to include mostly open access publications due to, well you know, accessibility of knowledge and science.
Featured image generated on DALL·E
