Data & Privacy Matters podcast: EP3 Legal updates - March 2024

In this third episode of Fieldfisher's new Data & Privacy Matters podcast, Martin McElroy, Kristina Holm and Sophia Steiger look at the key data and privacy news from March 2024. 

March gave the team much to discuss! First up they take us through the latest on AI legislation, including the EU AI Act being approved by MEPs on 13 March and the UK Private Members Bill – AI (Regulation) reaching the Committee Stage in the House of Lords. The EU's Cyber Resilience Act ("CRA") is also going to the European Council to be adopted. 

The episode also explores the ICO's consultation on the "pay or OK" model and its recent fining guidance, and touches on the top fines hitting the headlines around Europe and a variety of ICO enforcement action including Amazon's appeal of the $34.6 million fine from the CNIL.

With the volume of continuous developments in the data and privacy ecosystem, it can be hard to stay on top of the key news stories. This is a must-listen podcast to catch up on notable data and privacy news in the past month and consider what your business or organisation needs to be doing in response.

Sources of the news discussed:

AI legislation

• European Parliament news - Artificial Intelligence Act: MEPs adopt landmark law | News | European Parliament (europa.eu)
• Parliamentary Bill - Artificial Intelligence (Regulation) Bill [HL] - Parliamentary Bills - UK Parliament
• Fieldfisher blog - New UK Artificial Intelligence (Regulation) Bill introduced | Fieldfisher
• UN News - General Assembly adopts landmark resolution on artificial intelligence | UN News
• Fieldfisher's AI Governance Webinar invitation - AI Governance: What it is and what it should never be… | Fieldfisher
• YouTube Channel where Fieldfisher Webinars are uploaded - Fieldfisher Data & Privacy Team - YouTube

Cyber Resilience Act

• Summary of Act - Cyber Resilience Act | Shaping Europe’s digital future (europa.eu)

Consent or Pay

• ICO consultation - ICO launches “consent or pay” call for views and updates on cookie compliance work | ICO
• Smart Survey article - Introduction : Call for views on "Consent or Pay" business models (smartsurvey.co.uk)

CJEU – IAB Europe

• Fieldfisher blog - A step closer to TCF v3.0 for the ad tech industry? | Fieldfisher

CJEU – OC v European Commission

• Summary of case - CURIA - List of results (europa.eu)

ICO – recent fining guidance

• ICO - ICO publishes new fining guidance | ICO

Fines

• CNIL - Amazon appeals $34.6 mln fine by French regulator over staff monitoring | Reuters
• Garante – Newsletter of 7/03/2024 - Data breach: the Italian Data Protection Authority sanctions UniCredit... - Privacy Guarantor (garanteprivacy.it)
• Finnish DPA – Verkkokauppa.com fined a penalty for not defining the retention period of customer data – the customer's registration requirement was also unlawful | Office of the Data Protection Ombudsman (tietosuoja.fi)
• Norwegian DPA – Decision on fees and orders to NAV | The Norwegian Data Protection Authority (datatilsynet.no)

ICO Enforcement Action

• Princess of Wales – ICO statement in response to reports of data breach at The London Clinic | ICO
• Home Office – ICO finds the Home Office’s pilot of GPS electronic monitoring of migrants breached UK data protection law | ICO
• Dover Harbour Board and Kent Police – ICO reprimands Dover Harbour Board and Kent Police over information sharing | ICO
• Penny Appeal – ICO warns charities about direct marketing rules as it orders Penny Appeal to stop sending spam texts | ICO
• Pinnacle Life - ICO warns charities about direct marketing rules as it orders Penny Appeal to stop sending spam texts | ICO