Locations
In this action-packed second episode of Fieldfisher's new Data & Privacy Matters podcast, Camille Ebden, Charley Guile and Sophia Steiger look at the key data and privacy news from February 2024.
First up they discuss the second phase of the EU Digital Services Act ("DSA") coming into force on the 17 February and how it now applies to a broader range of online intermediary service providers. On a related note, they touch on the European Commission launching formal proceedings into TikTok's compliance with the DSA, which particularly focuses on underage users. For more information about the Digital Services Act, do check out the Fieldfisher blog and more detailed webinars on this topic - Digital Services Act | Fieldfisher.
The ICO's new content moderation guidance is then explored, followed by the latest on AI from the EU and the UK, including the launch of an EU AI Office and some criticism claiming a lack of clarity regarding its role versus that of the European Commission as a whole. The episode continues with a look at the ICO's enforcement notice to Serco regarding employee tracking via biometric data, the EDPB's opinion on when the One-Stop-Shop mechanism applies, as well as updates on regulator and court views regarding Meta's "pay or ok" model (which will of course have an impact for many publishers relying on advertising or subscription to fund their platform).
If that is not enough, the episode touches on the new cookie guidance from the Spanish and Dutch regulators; a €79m marketing fine to Enel Energia from the Italian Garante; and a £350,000 ICO fine to the Ministry of Defence for not using "Bcc" where appropriate.
With the volume of continuous developments in the data and privacy ecosystem, it can be hard to stay on top of the key news stories. This is a must-listen podcast to catch up on notable data and privacy news in the past month and consider what your business or organisation needs to be doing in response.
Sources of the news discussed:
Digital Services Act
- Text of the Act - Regulation - 2022/2065 - EN - DSA - EUR-Lex (europa.eu)
- TikTok - DSA: Commission opens formal proceedings against TikTok (europa.eu)
- Fieldfisher webinars and blogs - Digital Services Act | Fieldfisher
Content Moderation
- ICO guidance - content-moderation-and-data-protection-0-0.pdf (ico.org.uk)
AI Act
- European AI Office: European AI Office | Shaping Europe’s digital future (europa.eu)
- AI Act enforcement - AI Act enforcement faces an uncertain future - Lexology Pro
- AI Act plenary vote - SYN_PDOJ_March_STR_EN.pdf (europa.eu)
*Update – this is now scheduled for the 12th March, not 13th March as reported in our podcast*
AI White Paper
- UK Government response - A pro-innovation approach to AI regulation: government response - GOV.UK (www.gov.uk)
- Regulatory guidance - Implementing the UK’s AI regulatory principles: initial guidance for regulators - GOV.UK (www.gov.uk)
ICO's consultation on Generative AI
- Call for evidence - Generative AI second call for evidence: Purpose limitation in the generative AI lifecycle | ICO
- Consultation - ICO consultation series on generative AI and data protection | ICO
ICO
- John Edwards at IAPP – John Edwards speaks at IAPP’s Data Protection Intensive UK | ICO
- Serco enforcement notice - ICO orders Serco Leisure to stop using facial recognition technology to monitor attendance of leisure centre employees | ICO
- Biometric data guidance - Biometric data guidance: Biometric recognition | ICO
- Monitoring employees guidance -Employment practices and data protection: monitoring workers | ICO
EDPB One Stop Shop
Meta Pay or Ok
- EDPB - EDPB plenary meeting - 13 February | European Data Protection Board (europa.eu)
- NOYB - Pay-or-okay_edpb-letter_v2.pdf (noyb.eu), 28 NGOs urge EU DPAs to reject “Pay or Okay” on Meta (noyb.eu)
- Dusseldorf - North Rhine-Westphalia: Düsseldorf Higher Regional Court issues decision on Meta's pay or okay model | News post | DataGuidance
Cookie Guidance
- Spain - https://www.aepd.es/guias/guia-cookies.pdf
- Netherlands - https://autoriteitpersoonsgegevens.nl/actueel/ap-pakt-misleidende-cookiebanners-aan
Fines
- Enel Energia - Telemarketing: the Italian Data Protection Authority fines Enel Energia. The company does not... - Garante Privacy
- Ministry of Defence - Ministry of Defence | ICO
- Bulk communications guidance - Email and security | ICO