#SypherPrivacyTalks - November 2023 - Week 46

by Sypher - November 13, 2023

Welcome to #SypherPrivacyTalks — Your news and article roundup. Bringing you the top privacy & compliance stories of the week.

1 in 3 social media GDPR fines linked to children

techdigest.tv • 3 min read

🚸In the last five years of GDPR, the most popular social media platforms (Facebook, Instagram, TikTok, Whatsapp and X, formerly Twitter) have been fined 💶 more than €2.9 billion for GDPR violations, of which €765 million was for failing to protect children's data, according to research by Dutch company Surfshark.

These cases include issues such as unclear privacy policies, setting accounts to public by default and failing to enforce age restrictions, highlighting the importance of 🛡️protecting children's online privacy … read more

The Biden Executive Order on AI: key takeaways

lexology.com • 3 min read

🇺🇸 The White House recently issued an Executive Order on 🤖 artificial intelligence, which promotes the "safe, secure, and trustworthy development and use of AI". The Order also sets out disclosure requirements and industry-wide obligations for AI systems, which are broadly defined to include any data system, software, hardware, application, tool or utility that operates in whole or in part using AI.

The Order was a clear signal from the US that it will continue to promote the regulation of AI, both domestically and internationally, to ensure that it "protects the public from potential harms and ensures that everyone can enjoy its benefits". The order focuses on key issues such as:

  • New Standards for AI Safety and Security
  • Protecting Americans’ Privacy
  • Wider Impact on Individuals - including a focus on healthcare and education by Standing Up for Consumers, Patients, and Students
  • Promoting Innovation and Competition
  • Ensuring Responsible and Effective Government Use of AI

Read more concluding thoughts by Stephenson Harwood LLP on Lexology … read more

Illinois’ Unique Biometric Privacy Law Presents Lessons for Businesses Everywhere

corporatecomplianceinsights.com • 4 min read

👁️The state of Illinois has been in the news recently for its unique biometric privacy law. More than a dozen US states are considering copycat legislation 👨‍⚖️.

The Illinois Biometric Information Privacy Act (BIPA) requires private entities to obtain 📝 written consent to collect, transmit and store an individual's biometric information. With the recent rise of technology to streamline processes in the workplace, it is important to consider whether the use of technology runs up against BIPA and what obligations the law imposes on employers.

This article breaks down the law's requirements and offers steps companies can take to ensure compliance and mitigate the risk of potential litigation. 
Besides obtaining prior written consent from anyone who will be asked to use biometric technology, companies must develop a written policy … read more

ICO and European Data Protection Supervisor (EDPS) sign Memorandum of Understanding

ico.org.uk • 2 min read

📣The UK's Information Commissioner's Office (ICO) and the European Data Protection Supervisor (EDPS) have signed a 📜 Memorandum of Understanding (MoU) that reinforces their 🤝shared mission to uphold the data protection and privacy rights of individuals and to work together internationally to achieve this goal.

The MoU builds on the strong cooperation already established in other forums in which both authorities participate, such as the Global Privacy Assembly and the G7 Data Protection Authorities Roundtable.

The MoU sets out how the authorities will continue to share experiences and best practices, cooperate on specific projects of interest, share information or intelligence to support their regulatory work, and promote dialogue between data protection authorities and other digital regulators… read more

Facebook Without Ads

wired.com • 3 min read

📢Meta recently launched its first 😎 ad-free option for Facebook and Instagram. The update is in response to the EU’s GDPR. 

💶 Subscriptions to the ad-free experience are only available to users in the EU, Iceland, Liechtenstein, Norway and Switzerland.
In these locations, anyone 18 or older on Facebook or Instagram can now choose to use the social media platforms for free or pay €10 (when signing up on desktop/ €13 on mobile) each month for ad-free access. Meta is offering the ad-free option for free to users under the age of 18.

When users sign up, Meta doesn't use any data for advertising purposes. The subscription turns off first-party data as well as from third parties that send information about the user.
While it won't be used for targeted advertising, Meta confirms that first-party data will still be used for non-advertising functions.

Users who choose the free option allow Meta to target advertising by tracking their information. The company has previously argued that consent is not required to target adults in the EU with hyper-specific advertising. Earlier in 2023, Meta was fined $1 billion for transferring data on European users to the US.

💥The change is controversial, according to privacy experts, because buying not to be tracked is more of a pay-for-privacy scheme than a pay-for-service scheme. Privacy advocates continue to push back against Meta's behavioural advertising... read more

Stay tuned for more by 📌 connecting with us on LinkedIn or, better yet, by subscribing to our weekly newsletter. We do our best to select the most interesting and relevant content in our field and deliver it to you in a bite-sized format, so you can stay up to date on topics such as Privacy Management & Compliance.