As I’m pretty sure is for like the rest of the IT Law sphere, ChatGPT and Midjourney are slowly taking over my usual procrastination activities. This may also be evident in the ratio of AI:Data Protection news in the past couple of weeks. The eye sees what the heart wants?
🤖 Artificial Intelligence
OpenAI is collaborating with The Italian Data Protection Authority (“GPDP”) on commitments for protecting Italian users following the cease of operations memo last week. OpenAI noted they are committed to enhancing transparency in the use of data subjects’ personal data and existing mechanisms to exercise data subject rights and safeguards for children.
In other news, following Italy’s cease of operations order for OpenAI, privacy regulators in Germany and Ireland announced they are in contact with their counterparts in Italy over their findings and data protection implications. As the introduction may have given away, I’m a little disappointed. Now playing: Please, Please, Please, Let Me Get What I Want.
The European Consumer Organisation (“BEUC”) called on the EU and national authorities to investigate ChatGPT and similar AI chatbots over risks to consumers. The call comes amidst concerns that the AI Act will take effect a few years too late, leaving consumers at risk of harm from a technology which is not sufficiently regulated during this interim period and for which consumers are not prepared, in the meantime.
🎩 Competition
The Italian Competition Authority (AGCM) has initiated proceedings against Meta, accusing the company of engaging in abusive conduct by exploiting its economic dependence when negotiating with SIAE (Italian Society of Authors and Publishers), the primary Italian collecting society for artists’ rights, over the licensing of music rights for use on Meta’s platforms. The AGCM has alleged that Meta may have leveraged its bargaining position to force SIAE to accept an unfair economic offer, without providing the necessary information to assess the offer’s economic fairness. Additionally, Meta reportedly removed all musical content from its platforms that is represented by SIAE, thus precluding its use by consumers. This investigation is initiated as Meta’s purported abuse of economic dependence could have significant repercussions on competition in the affected markets and cause substantial harm to consumers.
Germany’s Bundeskartellamt (Federal Cartel Office) decided that Apple is an undertaking of paramount significance for competition across markets. And thus, Apple and its subsidiaries are subject to extended abuse control pursuant to Section 19a of the German Competition Act (“GWB”). Section 19a of the GWB enables the Bundeskartellamt to intervene early and more effectively, in particular against the practices of large digital companies. German laws and interventions are, as they were.
🔏 Data Protection & Privacy
WhatsApp filed an appeal against CJEU’s finding on WhatsApp Ireland v EDPB. The CJEU had previously found that the Court does not have jurisdiction to review the legality of the act in the present case as WhatsApp is not directly concerned by the contested decision. WhatsApp is claiming that the Court erred in its interpretation of the concept of an “act open to challenge”. The arguments include that the contested decision had legal effects and brought about a distinct change in its legal position, and that the Court committed errors in the interpretation of the notion of “binding decision” within the meaning of Article 65(1) GDPR and the principle of consistent interpretation and application of European Union law.
UK’s Information Commissioner’s Office (“ICO”) fined TikTok £12.7 million for misusing children’s data. The fine comes after ICO’s estimation that TikTok allowed up to 1.4 million UK children under 13 to use its platform in 2020. Although TikTok has its own rules not allowing children that age to create an account. The ICO also pointed out that per UK data protection laws, organisations that use personal data when offering information society services to children under 13 must have consent from their parents or carers – something not done by TikTok. Suprised? Not me.
The summary of the European Data Protection Supervisor’s opinion (“EDPS”) on the proposed Regulation on European statistics on population and housing was published in the Official Journal. The EDPS opinion voices concern on the use of digital traces relating to specific persons. The opinion also calls for clarification regarding the sources and categories of data that will be accessed and used by authorities. We all now know always comes down to clarification and specification, come on.
📄 Recommended Readings
Here is a concise list –in no particular order– of recent publications that caught my eye this week.
An Introduction to Artificial Intelligence for Federal Judges by James E. Baker, Laurie N. Hobart & Matthew Mittelsteadt (US Federal Judicial Center)
Privacy Peg, Trade Hole: Why We (Still) Shouldn’t Put Data Privacy in Trade Law by Kristina Irion, Margot E. Kaminski & Svetlana Yakovleva
I am in no way affiliated with the authors or publishers in sharing these, and do not necessarily agree with the views contained within. I try to include mostly open access publications due to, well you know, accessibility of knowledge and science.
Featured image generated using Midjourney.
One thought to “Berry Picks in IT Law #17”