On 4 December 2018, ministers of EU member states gathered in the respective groups of the European Council, to discuss two proposals on a Digital Service Tax and on the e-Privacy regulation. On both issues, EU countries are still clearly divided, and are failing to make significant progress.
Summary of the global inquiries into the spread of misinformation (and data privacy)
This note will be updated as and when witnesses appear in front of various committees that are addressing the topic of misinformation and the use of personal data.
The debate on privacy regulation in the US has unequivocally begun
On 26 September 2018, the Commerce, Science, & Transportation Committee of the US Senate hosted a hearing with representatives of ISPs (AT&T, Spectrum) and tech companies (Amazon, Apple, Google, Twitter). The hearing examined privacy policies of those companies and reviewed the current state of consumer data privacy regulation in the US.
Why the ICO’s Facebook investigation demonstrates the power regulators now have
On 10 July 2018, the UK Information Commissioner Office (ICO) published an update on its investigation into data analytics in political campaigns i.e. the Facebook-Cambridge Analytica scandal. The ICO has decided to fine Facebook £500k – the maximum possible amount under pre-GDPR data protection rules. The fine would have been much higher had GDPR applied. It also sent warning letters to 11 political parties, requiring them to accept audits of their data protection practices, among other actions.
Two weeks into GDPR: How do tech companies’ new privacy policies compare?
GDPR has been in place two weeks now, much to the relief of the many individuals who were swarmed with emails requiring fresh consent to the receipt of newsletters and other marketing messages. Leading up to the 25th May, customers have also been notified of the changes to the privacy policies most tech companies inevitably had to make. Assembly has studied how they compare, with particular regard to the validity of GDPR’s safeguards outside the EU, and to the legal bases adopted for treatment of personal data.
GDPR is almost here, but it will not change the world in a day
The most talked about day of the last two years is almost upon us. The European General Data Protection Regulation (GDPR) will come into force tomorrow, promising much stronger rights and safeguards for users’ personal data. For now, the main effect it has had has been, paradoxically, to irritate the very people it is supposed to protect, due to the deluge of emails we have all received from companies seeking fresh consent.
Are DPAs ready for the consistent approach required by GDPR?
Among the significant changes it will bring about, the GDPR includes detailed rules for Data Protection Authorities to adopt consistent approaches and interact more regularly and effectively with one another. To this end, the newly founded European Data Protection Board will play a key role in overseeing the consistency mechanism created by GDPR. Assembly’s research shows there are still striking differences in funding and staff across DPAs.
How are European data protection authorities approaching GDPR?
The entry into force of GDPR is now imminent. Assembly’s Privacy and Data Protection Tracker has analysed and compared the approach taken by Data Protection Authorities in various countries, to prepare businesses for the new regulation. Differences in approaches across countries remain, although the pan-European nature of GDPR means companies can find useful insight in the activity of all DPAs across the EU.
Where next for the regulation of Facebook?
After the emergence of large-scale data breaches on Facebook’s platform, CEO Mark Zuckerberg accepted to appear before the respective parliamentary committees of the US Senate and Congress. The hearings highlighted that US politicians are now turning their attention to social media platforms, but have no coherent plan (and unclear intentions) on the measures to adopt. At the same time, there are clear indications that the EU’s GDPR will become a benchmark for data privacy worldwide.
Facebook’s privacy practices will now face thorough scrutiny
What started as criticism for not doing enough to spread disinformation online is now quickly escalating into inquiries about the way in which Facebook allows third parties to access its users’ data. Allegations that Facebook’s data have been misleadingly obtained, and used to profile approximately 50m users to run targeted political campaigns, have now prompted the Federal Trade Commission (FTC) to investigate the company’s privacy practices.
