Hello and welcome back to what feels like has been years, but has not, since the last Berry Picks. There are reasons as to why- though I daresay not related to IT Law, so must not be of much interest to you. We will now be pretending that the break did not happen, and informing you that it will not be happening again in the near future.
But more important than the rambling above, what caught my eye this week re. IT Law? Spoilers – data protection – as per ushe.
🔏 Data Protection & Privacy
The Data Governance Act entered into application on the 24th of September! (shh, it was a Sunday, doesn’t count as last week 🤫) Read all about it: The EU and the value of data saga. The act introduces trustworthy data intermediaries and enables entities to voluntarily register as data altruism organisations, facilitating safe data donation. It also promotes the reuse of public sector data, enhancing data flow and supporting the creation of common European data spaces in various fields like manufacturing and health. Sounds a bit like a promotion if you ask me.
CJEU’s Advocate General Szupnar’s opinion on personal data and action to combat copyright infringement was published. According to the opinion, the retention of, and access to, civil identity data linked to the IP address used should be allowed in cases where those data are the only means of investigation that make it possible to identify the perpetrators of copyright infringements committed exclusively on the internet.
The EDPB published Guidelines on Article 37 of the Law Enforcement Directive on transfers to third countries or international organisations. The guidelines stress the creation or amendment of legally binding instruments to maintain the EU’s data protection level. The EDPB encourages prioritizing these legally binding instruments over individual assessments by data controllers, and highlights the need for essential equivalence in data protection.
The Norweigan Data Protection Authority (“Datatilsynet”) requested a binding decision from the EDPB in its Meta case, asking for a permanent ban on behavioral advertising on the platform and extending it to the entire EU/EEA. The Datatilsynet had imposed a ban on Meta earlier in the year due to findings that Meta processed personal data for behavioral advertising unlawfully. The ban aimed to enhance user data control, addressing behavioral advertising as a significant privacy risk, especially concerning sensitive data and potentially discriminatory practices. Meta is, as it was.
🛒 E-Commerce & Digital Consumer
The European Commission launched the DSA Transparency Database. The Transparency Database collects statement of reasons from online platform providers regarding their moderation decisions, as per Articles 17 and 24 of the DSA. The database is established to promote transparency and oversight on content moderation and track the spread of illegal/harmful content. It is managed by the Directorate-General for Communications Networks, Content and Technology, and publicly accessible and machine-readable. Furthermore, the database allows near real-time updates as online platforms submit their statements, which are to be devoid of personal information. Sounds pretty legit for now?
New report alert! All major online platform signatories of the Code of Practice on Disinformation delivered a second set of reports on the implementation of the Code of Practice, which can be accessed through the Transparency Centre . To quote a selection:
- Google reported to have prevented more than €31 million in advertising from flowing to disinformation actors in the EU.
- Meta reported that over 40 million pieces of content received a factchecking label on Facebook.
- TikTok reported that 29.93% of users cancel their sharing action when encountering an ‘unverified content’ label on the platform
- Microsoft reports that more than 6.7 million fake LinkedIn accounts were prevented from being created (blocking registration) or restricted in the EU.
Overwhelming to think about, especially knowing it’s only a selection.
The General Court decided on interim relief from DSA obligation for Amazon, temporarily suspending the requirement to publicize its ad repository. The Court stated that improper implementation of the DSA could result in irreversible commercial damage to Amazon. However the court upheld the DSA’s requirement on Amazon to provide users with a non-profiling option regarding recommendations. The EU had listed Amazon as a very large online platform (“VLOP”) as per the DSA. Amazon contested this classification on grounds that its primary profit source was from North American retail. VLOP status pending- really does sound like something a tech age human would say.
📄 Recommended Readings
Hello to those of you who made it all the way down here, here is a concise list –in no particular order– of recent publications that caught my eye this week that you may also find interesting.
Reflections on the Data Governance Act by Jukka Ruohonen & Sini Mickelsson
The European AI liability directives – Critique of a half-hearted approach and lessons for the future by Philipp Hacker
A Critical Analysis of Consent in Human–Robot Interaction by Mona Naomi Lintvedt
Some things don’t change, and I still include readings that are open access due to the accessibility of knowledge and science. I am in no way affiliated with the authors or publishers in sharing these.
One thought to “Berry Picks in IT Law #23”