The Court of Justice of the European Union has ruled in Case C‑394/23 Mousse v CNIL and SNCF that asking customers to state their gender title (Mr or Ms) when buying train tickets is not necessary for the contract and may violate GDPR rules, especially the principle of data minimisation. Mousse (a LGTB association) complained…
The ICO has issued updated guidance about the use of storage and access technologies with the primary aim of giving regulatory certainty to organisations. It explains how the Privacy and Electronic Communications Regulations 2003 (as amended) (PECR) and where relevant, data protection law apply when organisations use technologies that store information, or access information stored,…
Read More… from ICO updates guidance on the use of storage and access technologies
The UK government has announced that it intends to crack down on explicit deepfakes. It will introduce new offences covering both creating and sharing deepfake images. This reflects the government’s manifesto commitment to ban the creation of sexually explicit deepfakes as well as recommendations from the Law Commission relating to intimate images. The government will…
Read More… from UK government cracks down on explicit deepfakes
The European Data Protection Board (EDPB) has adopted an opinion about using personal data when developing and deploying AI models. The opinion looks at: It also considers the use of first and third party data. The Irish Data Protection Commission requested the opinion with a view to seeking Europe-wide regulatory harmonisation. Anonymity The opinion says…
Ofcom has published its first-edition codes of practice and guidance on tackling illegal harms, such as terror, hate, fraud, child sexual abuse and assisting or encouraging suicide, under the UK’s Online Safety Act. The Act places new safety duties on social media firms, search engines, messaging, gaming and dating apps, and pornography and file-sharing sites….
Read More… from Ofcom publishes final version of illegal harms guidance under Online Safety Act
The European Commission has opened formal proceedings against TikTok for a suspected breach of the Digital Services Act in relation to TikTok’s obligation to properly assess and mitigate systemic risks linked to election integrity, notably in the context of the recent Romanian presidential elections. The investigation will focus on management of risks to elections or…
The Irish Data Protection Commission (DPC) has announced its final decisions following two inquiries into Meta Platforms Ireland Limited. The DPC launched own-volition inquiries following a personal data breach, which was reported by MPIL in September 2018. The data breach affected approximately 29 million Facebook accounts globally, of which approximately 3 million were based in…
Read More… from Irish Data Protection Commission fines Meta €251 Million
In January 2024, the ICO launched its five-part generative AI consultation series. It has now published its consultation response. The series set out to address regulatory uncertainties about how specific aspects of the UK GDPR and the DPA 2018 apply to the development and use of generative AI. It did that by setting out the…
Read More… from ICO responds to consultation series on generative AI
In June 2022, the ICO announced a two-year trial of a revised approach to working more effectively with public authorities across the UK. This is the “public sector approach”, which saw the use of the Commissioner’s discretion to reduce the impact of fines on public bodies and the services they provide, and aimed at improving…
Read More… from ICO consults on revised approach to public sector regulation
UK law Court of Appeal rejects appeal against UK Information Commissioner’s monetary penalty notice The ICO has issued a statement welcoming the Court of Appeal’s unanimous dismissal of an appeal by Doorstep Dispensaree Limited (DDL) against a monetary penalty notice (MPN) issued by the Commissioner on 17 December 2019. In its judgment, the CoA rejected…