We are delighted to welcome you to the July 2023 edition of our Data, Privacy & Cyber Bulletin. Our monthly newsletter features thought leadership and practical guidance from our market leading Data, Privacy & Cyber team. This month’s edition takes in a wide selection of content, including a review of the key questions following the granting of adequacy status for the EU-US Data Privacy Framework.
Our Dublin and Madrid offices comment on following the recent publication of a new regulation by the European Commission, aiming to ensure the effectiveness of enforcement in cross-border GDPR cases. We also have contributions from our Dublin office on the recent agreement between EU institutions on the provisions of the proposed European Data Act, and commentary on one of the first written judgements in Ireland regarding non-material damage under the GDPR.
For those with a keen interest in the litigation environment surrounding AI in the United States, we cover the latest updates on regulatory issues and emerging class actions. We examine comments by the Chief Executive of the Financial Conduct Authority on whether the regulator intends to control the use of artificial intelligence in financial services.
The ICO has recently issued new guidance on the use of privacy enhancing technologies, and we review their useful reference tool for organisations considering when and how to use PETs. The progression of the Online Safety Bill is also discussed, highlighting recent amendments and how Ofcom has provided further insight into how they plan to regulate online safety.
Finally, we consider recent developments involving Amazon, including one of the first tests of New York City's Biometric Identifier Statute and discussion of the recent FTC crack down on Amazon in respect of data privacy.
The EU Commission’s adequacy decision on the EU-US Data Privacy Framework: six key questions answered
We answer the six most common questions that organisations on both side of the Atlantic may have following the European Commission’s adequacy decision.
Cross-border GDPR enforcement: European Commission proposes to enhance cooperation
We consider the new rules proposed by European Commission to streamline and harmonise various aspects of the administrative mechanisms necessary in cross-border cases. The proposals do not aim to amend the GDPR or the 'one-stop-shop' in a substantive manner, rather supporting them by provide additional detailed rules for the cross-border enforcement system.
Agreement reached by EU on new European Data Act
We review the proposed European Data Act, which is intended to address the lack of clarity regarding who can use and access data generated by connected products, and barriers to switching between cloud computing services in the EU. The Act aims to be consistent with and build upon the existing provisions of the GDPR.
On the Increase - Non-Material Loss in Ireland
We comment on Arkaiusz Kaminski v Ballymaguire Foods Limited, which is one of the first written judgements in Ireland regarding non-material damage under the GDPR. The decision involved an examination of the limited Irish case law in this area, as well as English and CJEU case law.
AI investigations and claims gather pace in the United States
We examine the recent announcement of an investigation into OpenAI by the Federal Trade Commission, and the growing number of claims being commenced against AI platforms by various individuals alleging the improper use of data and images in order to train language models and image generators.
Financial services: The FCA's emerging regulatory approach to Big Tech and AI
We review the recent speech by the Chief Executive of the FCA confirming that the regulator intends to control the use of artificial intelligence where appropriate. The speech emphasised the suitability of the current regulatory framework, such as the Consumer Duty and Senior Manager & Certification Regime, to deal with AI issues, but also confirmed that measures unique to the challenges of AI may be necessary.
ICO guides companies on the use of privacy enhancing technologies
We assess the recently published guidance from the ICO on the use of privacy enhancing technologies (PETs). The Information Commissioner has recommended that organisations which process large quantities of data should consider using PETs over the next five years.
The UK's Online Safety Bill: Royal Assent is on the horizon!
We provide an update on the legislative progression of the Online Safety Bill, considering the central theme of children to the most recent amendments, and where the Bill will go next on its legislative journey.
Amazon: One of the first tests of NYC's Biometric Statute voluntarily dismissed
We examine recent actions involving Amazon in the United States, including a now-dismissed action alleging the collection of biometric data in contravention of New York City's Biometric Identifier Information statute, and recent data privacy actions against Amazon by the FTC.
