The Latest Privacy & Data Protection News for May 2023


Photo of author

Donata Stroink-Skillrud

Co-founder and President of Termageddon

Welcome to the exciting world of online privacy and data protection!

This month, there are three privacy bills eligible for a Governor’s signature: in Montana, Tennessee and Indiana. If these bills are passed, then our state privacy patchwork and Privacy Policy requirements will become more complex. We’re tracking these bills (and others) – make sure to follow us on social media at @termageddon for the latest updates! We hope that you find this newsletter helpful for staying up to date with the myriad changes in the privacy field. 

What’s new in privacy? 

Below are some of the most notable news in privacy from this month: 

  1. Montana SB384 clears state legislature. The Montana Consumer Data Privacy Act has passed the state legislature and is eligible for the Governor’s signature. If passed, this bill will require certain businesses to have a Privacy Policy and will provide privacy rights such as the right to access, delete, correct, opt out, portability and non-discrimination to residents of Montana. Read the full text of the bill here. 
  2. Tennessee HB1181 clears state legislature. The Tennessee Information Protection Act has cleared the state legislature and is eligible for the Governor’s desk. If passed, this bill will provide privacy rights to residents of Tennessee such as the right to access, delete, correct, opt out, portability and anti-discrimination. In addition, companies that need to comply will need to update their Privacy Policies with new required disclosures. Read the full text of the bill here.
  3. House of Commons passes Canada’s Bill C-27. The House of Commons have passed Canada’s Bill C-27, which includes the Consumer Privacy Protection Act, the Personal Information and Data Protection Tribunal Act and the Artificial Intelligence and Data Act. The bill aims to reform Canada’s current privacy law, PIPEDA. The bill is now headed to the Standing Committee on Industry and Technology for further consideration. Read the full text of the bill here. 
  4. Meta prepares for GDPR fine and data transfers suspension order. In its filing to the U.S. Securities and Exchange Commission, Meta stated that it is preparing to halt operations and data transfers in the European Union. Meta is also preparing for a steep monetary fine and corrective measures from Ireland’s Data Protection Commission. Read more here. 
  5. Maine introduces biometric privacy legislation. Members of the Maine Legislature have reintroduced a biometric information privacy bill (similar to Illinois BIPA), which would prohibit private entities from selling biometric information, would require written consent prior to the collection of biometric information, and would include a private right of action. Learn more here. 
  6. German regulators investigate ChatGPT for GDPR compliance. The Commissioner for the northern German state of Schleswig-Holstein stated that regulators are investigating whether OpenAI has conducted a data protection impact assessment and if the data protection risks are under control as required by GDPR. Learn more here. Italy’s Data Protection Authority has ordered a temporary limitation of the processing of the data of Italian users by ChatGPT. In addition, the French Minister for Digital Transition and Telecommunications has said that ChatGPT violates GDPR
  7. Italy’s Data Protection Authority publishes a guide on dark patterns. The guidance identifies the types of dark patterns in an aim to educate companies so that such dark patterns can be avoided in the future. Read more here. 
  8. Italy’s Data Protection Authority issues a 300,000 euro fine to a marketing company. The company was fined for allegedly violating GDPR by using dark patterns on online portals to entice users to consent to the processing of personal data for marketing purposes. Read more here. 
  9. Austrian Data Protection Authority rules against newspaper cookie paywalls. The Austrian Data Protection Authority ruled in favor of NOYB against multiple Austrian newspapers. The complaints stemmed from the newspapers using cookie paywalls that ask users to either agree to data sharing with tracking companies or pay for a tracking -free subscription. Learn more here. 
  10. Tesla facing class-action lawsuit. Tesla is facing a class action lawsuit in the U.S. District Court for the Northern District of California for alleged privacy violations. The lawsuit alleges that Tesla employees accessed and shared videos and images recorded by customers’ vehicle cameras for their enjoyment. Read more here. 

What privacy bills are we tracking? 

As part of our service, we keep track of privacy bills that would affect the way Privacy Policies are written. Below is our most recent list of privacy bill proposals in the United States. You can access the privacy bill tracker any time on our blog


Here are some great virtual events that you can attend to learn more about the hottest issues in privacy and meet other privacy professionals: 

  1. Transatlantic Privacy: Comparing the current state of US and EU privacy laws – May 9;
  2. FinTech and Data Privacy in the Metaverse – June 27
  3. How to use the CNIL PIA and NIST PRAM Toolkits – May 18

If you made it this far, there’s a good chance you just can’t get enough of privacy. Be sure to subscribe to our podcast, Privacy Lawls, where we talk privacy with some of the leaders in the industry. 

Photo of author
About the Author
Donata Stroink-Skillrud

Donata is the Co-founder and President of Termageddon and a licensed attorney and Certified Information Privacy Professional. She serves as the Vice-Chair of the American Bar Association's ePrivacy Committee and the Chair of the Chicago Chapter of the International Association of Privacy Professionals.

Search the Site
Popular Articles
Browse by Category

Comparing Policy Generators

Cookie Consent Banner

Cookie Policy




How To's

Privacy Policy

Terms of Service

Subscribe for Updates