Data & Privacy Matters: Legal Updates – September 2024
Skip to main content
Select location
  • Insights
  • Data & Privacy Matters: Legal Updates – September 2024
Insight

Data & Privacy Matters: Legal Updates – September 2024

Nuria Pastor
28/10/2024
Charley Guile
 
A bright, glowing padlock icon in neon blue is displayed at the center against a dark background filled with floating binary code in shades of purple. The image conveys themes of digital security and encryption.

In the latest episode of Fieldfisher's Data and Privacy Matters podcast, hosts Nuria Pastor, Charley Guile, and Imogen Boffin provide a comprehensive roundup of significant legal updates in September.

 

The key topics include the European Commission's announcement of new standard contractual clauses (SCCs) set for consultation, aimed at filling regulatory gaps under GDPR, and the European Data Protection Board’s (EDPB) new guidance focusing on digital gatekeepers' obligations under the Digital Markets Act (DMA).

The discussion also covers significant legal actions and new regulations in the realm of artificial intelligence (AI). California has introduced new laws requiring watermarks on AI-generated content and addressing the distribution of sexually explicit deepfake material. Further, the National Institute for Standards and Technology (NIST) is launching a program to manage cybersecurity and privacy risks associated with AI use.

Don't miss a thing, subscribe today!

Stay up to date by subscribing to the latest Data and Privacy insights from the experts at Fieldfisher.

Subscribe now

Notable legal opinions and court rulings are also highlighted, including an Advocate General opinion on data protection and gender identity, confirming the right to rectify gender data without the need for surgical proof. The Court of Justice of the European Union's interpretation of supervisory authorities' discretionary powers in relation to data breaches also emphasises that enforcement actions like fines are not always mandatory.

The podcast concludes with discussions on fines imposed, including to a French health sector company for data protection infringements, alongside a reprimand issued to Sky Betting & Gaming by the ICO for improper cookie practices. The ICO’s broader crackdown on non-compliant cookie practices in the UK’s top websites is also mentioned, demonstrating a continued focus on safeguarding data privacy and compliance in the digital landscape.

Sources of the news discussed:

European Commission

Standard contractual clauses for the transfer of data to third country controllers and processors subject to the GDPR

EDBP

EDPB to work together with European Commission to develop guidance on interplay GDPR and DMA

Commercial prospecting: French SA fined CEGEDIM SANTÉ EUR 800 000 | European Data Protection Board

ICO

Our statement on changes to LinkedIn AI data policy | ICO

Action taken against Sky Betting and Gaming for using cookies without consent | ICO

Irish DPC

Data Protection Commission launches inquiry into Google AI model | 12/09/2024 | Data Protection Commission

Data Protection Commission welcomes conclusion of proceedings relating to X’s AI tool ‘Grok’ | 04/09/2024 | Data Protection Commission

Irish Data Protection Commission fines Meta Ireland €91 million | 27/09/2024 | Data Protection Commission

CJEU

AG Collins issues opinion piece on data protection and gender identity

CJEU update in relation to the obligations of a data protection authority in the event of a personal data breach

Opinion of Advocate General Medina in respect of what turnover is taken into account when calculating GDPR fines

Governor Gavin Newsom

Governor Newsom signs bills to crack down on sexually explicit deepfakes & require AI watermarking

National Institute of Standards and Technology

Managing Cybersecurity and Privacy Risks in the Age of Artificial Intelligence: Launching a New Program at NIST | NIST

Facebook

Building AI Technology for the UK in a Responsible and Transparent Way | Meta

Areas of Expertise

Data and Privacy