Issue 295

EU

  • Data Protection Authorities of UK, Jersey, Guernsey and Isle of Man launched a joint investigation into a cybersecurity incident involving a trade union. 
  • The UK Govt, Financial Authority and ICO issued a policy note clarifying lawful use of personal data for targeted support and direct marketing. 
  • France’s CNIL fined a software company EUR 1,700,000 for failure to implement adequate security measures. 
  • Italian Data Protection Authority published a request for rectification of personal data form in Schengen Information System. 
  • European Commission released the first draft of Code of Practice on marking and labelling of AI-generated content. 
  • Belgian Data Protection Authority extended the applicability of GDPR to unborn children.   
  • Dutch data watchdog fined a university EUR 175,000 for failure to protect students and employee’s personal data. 
  • Spanish Agency for the Supervision of Artificial Intelligence published practical guides to help organisations comply with the EU AI Act. 
  • Norway’s Financial Supervisory Authority published information on Digital Security Act, the related regulations and NIS directive.  
  • Liechtenstein’s Data Protection Office updated its guidance on use of cookies and similar technologies. 

Americas

  • Bill for Auto Data Privacy and Autonomy Act was introduced in the US Senate. 
  • Federal Trade Commission took enforcement action against blockchain company for data breach resulting from ineffective data security measures. 
  • A coalition of 42 US state AG urged major tech companies to implement safeguards to protect users from harmful AI chatbot interactions.   
  • The Texas Attorney General secured a restraining order against smart TV company for unlawful collection of personal data through automation. 
  • Attorney General of Florida sued online game platform for misrepresenting its child safety measures. 
  • Lawsuit filed in Illinois against AI notetaking platform for illegal biometric data collection from virtual meetings and for failing to maintain data retention policies. 
  • California’s Privacy Protection Agency published a blog on Delete Request and Opt-Out Platform (DROP). 

APAC

  • Artificial Intelligence (Ethics and Accountability) bill introduced in the Indian Parliament. 
  • China’s technical committee launched consultation on draft national standard for cryptographic devices used in network security technology. 
  • South Korea’s Internet and Security Agency published a guide on AI security. 
  • National AI Centre, Australia published a guidance to help users identify AI-generated content.  
  • Hong Kong’s Privacy Commissioner published guidelines addressing the misuse of AI-powered deepfakes.