On 12 September 2018, the EU Parliament has passed its negotiating position on the proposal for a New Copyright Directive. The new text follows the demise of the initial one in July, and means the trialogue negotiations between Parliament, Council, and Commission can now begin.
New York shows the pivotal role of cities in regulating online platforms
Two recent decisions of New York City’s Council have imposed stringent rules on platforms in the vehicle hire and in the short-term rentals markets (in short, this means Uber and Airbnb, respectively). The rulings create significant obstacles to the current business models of both companies, and show how the impact of these platforms on the life of cities is still, at best, unclear.
Far-reaching regulation of social media in the UK draws closer
The interim report published by the DCMS committee of the UK parliament has cast a light not only on the role of social media platforms in spreading disinformation, but more importantly on the willingness of policymakers to take the matter into their own hands. The report issues a set of recommendations which would result in strong regulatory safeguards around platforms’ activity. If the UK government takes the committee’s recommendations on board, the self-regulatory approach could be off the table, in the UK at least.
Why the ICO’s Facebook investigation demonstrates the power regulators now have
On 10 July 2018, the UK Information Commissioner Office (ICO) published an update on its investigation into data analytics in political campaigns i.e. the Facebook-Cambridge Analytica scandal. The ICO has decided to fine Facebook £500k – the maximum possible amount under pre-GDPR data protection rules. The fine would have been much higher had GDPR applied. It also sent warning letters to 11 political parties, requiring them to accept audits of their data protection practices, among other actions.
Technology companies start tackling screen addiction – social media should follow suit
The fact that the biggest OS providers have started taking action shows how important it is to tackle this issue; social media platforms now need to take similar steps, to avoid prescriptive regulation and to make sure they do not suffer reputational damage. We have captured these developments as part of our ongoing research into Fake News, which shows social media companies still have a lot to do in this respect.
Two weeks into GDPR: How do tech companies’ new privacy policies compare?
GDPR has been in place two weeks now, much to the relief of the many individuals who were swarmed with emails requiring fresh consent to the receipt of newsletters and other marketing messages. Leading up to the 25th May, customers have also been notified of the changes to the privacy policies most tech companies inevitably had to make. Assembly has studied how they compare, with particular regard to the validity of GDPR’s safeguards outside the EU, and to the legal bases adopted for treatment of personal data.
GDPR is almost here, but it will not change the world in a day
The most talked about day of the last two years is almost upon us. The European General Data Protection Regulation (GDPR) will come into force tomorrow, promising much stronger rights and safeguards for users’ personal data. For now, the main effect it has had has been, paradoxically, to irritate the very people it is supposed to protect, due to the deluge of emails we have all received from companies seeking fresh consent.
Are DPAs ready for the consistent approach required by GDPR?
Among the significant changes it will bring about, the GDPR includes detailed rules for Data Protection Authorities to adopt consistent approaches and interact more regularly and effectively with one another. To this end, the newly founded European Data Protection Board will play a key role in overseeing the consistency mechanism created by GDPR. Assembly’s research shows there are still striking differences in funding and staff across DPAs.
How are European data protection authorities approaching GDPR?
The entry into force of GDPR is now imminent. Assembly’s Privacy and Data Protection Tracker has analysed and compared the approach taken by Data Protection Authorities in various countries, to prepare businesses for the new regulation. Differences in approaches across countries remain, although the pan-European nature of GDPR means companies can find useful insight in the activity of all DPAs across the EU.
Where next for the regulation of Facebook?
After the emergence of large-scale data breaches on Facebook’s platform, CEO Mark Zuckerberg accepted to appear before the respective parliamentary committees of the US Senate and Congress. The hearings highlighted that US politicians are now turning their attention to social media platforms, but have no coherent plan (and unclear intentions) on the measures to adopt. At the same time, there are clear indications that the EU’s GDPR will become a benchmark for data privacy worldwide.