We are pleased to provide you with our law firm partners newsletter for March 2023. The most important developments in privacy come from the legislatures of certain states such as New York and West Virginia which have proposed new privacy bills, as well as Australia, which proposed multiple amendments to the Australia Privacy Act 1988 (see below). In addition, it appears that there is some opposition to the EU-US data transfers framework, which you can read more about below as well. We hope that you find this newsletter helpful for staying up to date with the myriad changes in the privacy field.
Table of Contents
What’s new in privacy in March 2023?
Below are some of the most notable news in privacy from this month:
Privacy in the State of the Union Address.
Much has been written about the mentions of privacy in President Biden’s State of the Union address. Highlighting the need for both regulation and enforcement in hot topic data privacy issues, he focused on children’s privacy and online mental health, as well as Big Tech, data minimization, algorithmic transparency and health data. The volume and breadth of privacy topics in the speech far outnumber his predecessors, perhaps signaling a shift in priorities. Read the official speech, the fact sheet, and the commentary by Wired.
Executive Order and FTC Shakeup.
Perhaps following up on the State of the Union address, agencies received instructions from the White House and some restructuring in the FTC. President Biden issued an executive order directing federal agencies to address algorithmic discrimination. He renominated FTC Commissioner Rebbeca Kelly Slaughter for another term, while FTC Commissioner Christine Wilson, the agency’s sole Republican commissioner, resigned. Finally, FTC Chair Lina Khan announced the creation of an Office of Technology, to be led by Chief Technology Officer Stephanie Nguyen. Read more about the executive order, Commissioner Slaughter’s renomination, Commissioner Wilson’s resignation, and the Office of Technology.
MEP Opposition to the EU-US Data Privacy Framework.
The European Parliament Committee on Civil Liberties, Justice and Home Affairs issued a draft resolution discouraging the Commission from finding adequacy for the US under the EU-US Data Privacy Framework. Holding that the agreement fails to create “actual equivalence” in the level of privacy protections, the Committee took issue with the relevant executive order’s scope and reversibility, as well as the lack of a federal data privacy law in the US, the breadth of US state surveillance and the limitations of available remedies. Read the full release. Notably, the US Supreme Court recently declined to review Wikimedia’s case against the NSA “upstream surveillance” program.
AI Act Negotiations in EU, AI Enforcement in Member States.
European Commission Bans TikTok on Corporate Devices, Canada investigates TikTok.
Citing data protection concerns, the European Commission has banned TikTok from corporate devices, with their IT service asking for employees to uninstall the app from corporate devices and personal devices using corporate apps. The same week, Canada’s privacy authorities announced an investigation into TikTok’s privacy practices, especially as they relate to children’s data. More on the Commission ban and Canada’s investigation.
Australian Privacy Act Reform.
Australia’s Attorney-General released its highly anticipated Privacy Act Review Report, seen as a key step in its privacy law reform. The report includes 116 recommendations acquired from stakeholders over a two-year period of review of the 1988 Privacy Act. Public comments are accepted until March 31. If you’re interested in learning more, check out the report and some commentary.
Norwegian DPA finds that Google Analytics is not compliant.
Norway’s Data Protection Authority issued a preliminary conclusion ruling that Google Analytics breaches GDPR’s data transfer rules. The formal decision will come at the end of April but the DPA states that companies should seek alternatives to Google Analytics.
US Marshals Service hit with ransomware attack.
The US Marshals Service recently confirmed that it was subject to a ransomware attack that compromised sensitive information. The attack occurred on a server, which was taken off its network after the ransomware was discovered. The attack did not target the Witness Security Program databases but certain other sensitive information such as PII relating to employees and subjects of investigations was accessed.
Researchers uncover ChatGPT Android malware and phishing campaigns.
Cybersecurity firm Cyble found phishing websites containing malware that are spread via a spoofed social media page for ChatGPT and OpenAI. Other phishing sites posed as payment portals for users to pay for ChatGPT services in order to steal credit card information.
CPPA to hold board meeting.
The California Privacy Protection Agency will hold a board meeting on March 3. The agenda will focus on the first draft of CPRA regulations, the annual budget, agency priorities and the second CPRA rulemaking procedure.
What privacy bills are we tracking?
As part of our service, we keep track of privacy bills that would affect the way Privacy Policies are written. Below is our most recent list of privacy bill proposals in the United States. You can access the privacy bill tracker any time on our blog.
- Hawaii – HI SB1110/HB1497;
- Hawaii – HI SB 974;
- Illinois – IL HB3385;
- Indiana – IN SB5;
- Indiana – IN HB 1554;
- Iowa – IA House File 2506;
- Iowa – IA House Study Bill 12;
- Kentucky – KY S 15;
- Maryland – MD HB807;
- Massachusetts – MA HD2281/SB745;
- Massachusetts – MA HD3263/SD1971;
- Mississippi – MS SB 2080;
- Minnesota – MN SF950;
- Montana – MT DB1086;
- New Hampshire – NH SB255;
- New York – NY S2277;
- New York – NY SB365;
- New York – NY SB3162;
- New York – NY AB4374;
- New Jersey – NJ S 332;
- New Jersey – NJ A505;
- New Jersey – NJ A 1971;
- Oklahoma – OK HB1030;
- Tennessee – TN SB73;
- Washington – WA HB1616;
- West Virginia – WV HB3453;
- Vermont – VT HB121
Here are some great virtual events that you can attend to learn more about the hottest issues in privacy and meet other privacy professionals: