Locations
In this month's episode from Fieldfisher's Data & Privacy Matters podcast, Lorna Cropper, Charley Guile and Sophia Steiger round up the key data and privacy news that has caught their attention throughout July 2024.
The episode begins with the announcement that the EU AI Act has entered the Official Journal and details the important dates you need to know about in terms of when particular aspects of the Act become applicable. Specifics about the EU AI Office's call for expressions of interest for its first Code of Practice on general-purpose AI as well as its consultation on general-purpose AI models are discussed besides AI guidance from the CNIL and commentary on AI from the Irish DPC and Hamburg DPA. We round off our EU AI update with a look at the EDPB's statement on the DPA's role in the AI Act framework.
Attention then turns to the UK and the relevant content in the King's Speech on AI and the proposed Digital Information and Smart Data Bill before focusing on AdTech and in particular IAB Europe's opinion about the on going discussions on "consent or pay" mechanisms. With the EU considering that this model also breaches the Digital Markets Act, we look at the interplay between the GDPR, the DMA as well as the DSA (Digital Services Act) touching on the European Commission's preliminary findings on X (formerly Twitter). With Ofcom's fine of TikTok for £1.875 million for not providing accurate information about parental controls, following a formal request, action appears swifter in comparison to DPAs.
The podcast then discusses a referral from the Swedish Supreme Administrative Court's to the CJEU for a determination with respect to the obligation on organisations collecting data via a body camera in the matter of the Swedish DPA and transport operator, Storstockholms Lokaltrafik. Does GDPR Article 13 or Article 14 apply? We'll be monitoring this one to find out. We conclude with ICO enforcement news, Lithuanian's fine of Vinted for €2 million and the Netzpolitik investigation about how location data sold to data brokers provided a continuous stream of information which could identify people, including someone working for the German secret service.
Sources of the news discussed:
EU AI Act
Regulation - EU - 2024/1689 - EN - EUR-Lex (europa.eu)
EU AI Office
EU AI Guidance and commentary
CNIL
Entry into force of the European AI Regulation: the first questions and answers from the CNIL | CNIL
How to Deploy Generative AI: CNIL Provides Initial Clarifications | CNIL
CNIL's Q&A on the Use of Generative AI Systems | CNIL
Irish DPC
AI, Large Language Models and Data Protection | 18/07/2024 | Data Protection Commission
Hamburg DPA
Hamburger Thesen zum Personenbezug in Large Language Models | HmbBfDI
EDPB
edpb_statement_202403_dpasroleaiact_en.pdf (europa.eu)
Fieldfisher AI content
Bytesize Legal Update - The EU AI Act becomes law - what now? (buzzsprout.com)
International Data & Privacy AI Webinars series – Part 1 - YouTube
International Data & Privacy AI Webinars series – Part 2 - YouTube
King's Speech, UK
ICO
Do I really need to read the privacy notice? | ICO
London Borough of Hackney | ICO
Chelmer Valley High School | ICO
ICO reprimands the Electoral Commission after cyber attack compromises servers | ICO
AdTech
IAB Europe Sends Position Paper to the EDPB on the ‘Consent or Pay’ Model - IAB Europe
DMA and DSA
Preliminary findings, pay or consent model and Meta - Digital Markets Act (europa.eu)
Commission and national authorities take action against Meta (europa.eu)
Commission sends preliminary findings to X for breach of DSA (europa.eu)
Ofcom
TikTok fined £1.875m for providing inaccurate data on safety controls - Ofcom
NGL settlement with US Federal Trade Commission and the Los Angeles District
A view from DC: FYI, FTC says SMH at NGL, teens G2G | IAPP
AB Storstockholms Lokaltrafik and the Swedish DPA
Body cameras question referred to ECJ - Lexology Pro (Subscription required)
Lithuanian DPA fine
Location data and data brokers