The Latest Privacy News for December 2023

We recently released a new episode of our podcast, Privacy Lawls, where we spoke with Justin Brookman, the Director of Technology Policy for Consumer Reports regarding what it means to collect, share and sell data. We also discussed the implications of collecting, sharing and selling data, including how consumers can protect themselves and how businesses can meet their compliance requirements. Check out the episode here. We hope that you find this newsletter helpful for staying up to date with the myriad changes in the privacy field. 

What’s new in privacy? 

Below are some of the most notable news in privacy from this month: 

1. California Privacy Protection Agency releases proposed rules on automated decision-making. The proposed rules discuss how to provide notice of automated decision-making technology (e.g. Privacy Policy disclosures), when and how opting out is allowed and how consumers can access the information used by the business for automated decision-making. Learn more here.
2. NOYB files a complaint against Meta regarding its ad-free subscription model. The complaint, filed with Austria’s Data Protection Authority, alleges that Meta’s new model, requiring individuals to pay to not be tracked, goes against EU consent rules and amounts to paying a fee to ensure privacy. Read more here.
3. Data Act adopted by the Council of the European Union. The Data Act aims to promote fairness in the digital economy, stimulate competitive data markets, and make data more accessible to all. The Act also aims to make it easier to switch between providers. The scope of the legislation covers manufacturers of connected products and providers of related services in the EU market. Read more here.
4. Amendments made to UK Data Protection and Digital Information Bill proposal. The amendments address cookies, reducing paperwork, tackling benefit fraud, and making it easier to protect residents of the UK from criminals. Learn more here.
5. United Airlines considers using passenger data to sell targeted advertisements. United Airlines is considering using passenger information such as flight history or United rewards to serve targeted ads. The ads may be served on the United mobile app or on planes’ entertainment systems. United Airlines stated that consumers would have the option to opt out of data tracking and use of the data for targeted ads. Learn more here.
6. The UK Information Commissioner’s Office delivers written warnings regarding cookies. The ICO delivered warnings to the UK’s most visited websites stating that companies have 30 days to comply with privacy laws regarding cookies. The ICO stated that some websites do not give users a fair choice as to whether or not to be tracked for advertising and that websites must provide a “reject all”, as well as an “accept all” option to users. Read more here.
7. European Data Protection Board adopts guidelines on ePrivacy Directive. The guidelines concern Article 5(3) of the ePrivacy Directive, clarifying which technical operations are covered by the ePrivacy Directive. Learn more here.  
8. Federal Trade Commission files complaint against Global Tel Link. The complaint alleges that the company, which provides prison communications, failed to notify customers after a data breach. The FTC claims that the company did not have a secure firewall and experienced a data breach that led to consumers’ personal information leaking to the dark web. Read more here.  
9. The Court of Justice of the European Union rules that individuals have the right to a free copy of their personal data. The case involved a patient who requested a copy of their medical records from their dentist, who denied the request and requested that the individual pay for such records. The CJEU ruled that GDPR mandates controllers to provide a free copy of processed personal data to individuals, regardless whether the data requested may be used to file a lawsuit. Learn more here. 
10. Morgan Stanley reaches a $6.5 million settlement over data security. The company was subject to a multistate lawsuit which claimed that the company put consumer data at risk by failing to decommission its computers and erase unencrypted data from computer devices that were later sold at an auction. Read more here.   

What privacy bills are we tracking? 

As part of our service, we keep track of privacy bills that would affect the way Privacy Policies are written. Below is our most recent list of privacy bill proposals in the United States. You can access the privacy bill tracker any time on our blog.

• Georgia – GA HB798;
• Hawaii – HI SB1110/HB1497;
• Hawaii – HI SB 974;
• Illinois – IL HB3385;
• Indiana – IN HB 1554;
• Iowa – IA House File 2506;
• Iowa – IA House Study Bill 12;
• Kentucky – KY S 15;
• Louisiana – LA SB199;
• Maine – ME SB807;
• Maine – ME HB1270;
• Maryland – MD HB807;
• Massachusetts – MA HD2281/SB745;
• Massachusetts – MA HD3263/SD1971;
• Mississippi – MS SB 2080;
• Minnesota – MN SF950;
• New Hampshire – NH SB255;
• New York – NY S2277;
• New York – NY SB365;
• New York – NY SB3162;
• New York – NY AB4374;
• New Jersey – NJ S 332;
• New Jersey – NJ A505;
• New Jersey – NJ A 1971;
• North Carolina – NC SB525;
• Oklahoma – OK HB1030;
• Pennsylvania – PA HB708;
• Pennsylvania – PA HB1201;
• Washington – WA HB1616;
• West Virginia – WV HB3453;
• Vermont – VT HB121

Events

Here are some great virtual events that you can attend to learn more about the hottest issues in privacy and meet other privacy professionals: 

1. Artificial Intelligence Comes with Real Responsibility: Keeping Safety First – December 6, 2023; 
2. Privacy and Security – December 13, 2023;
3. Privacy Strategy: surviving and thriving during the economic downturn – December 12, 2023.

If you made it this far, you’re our type of privacy people! Be sure to subscribe to our podcast, Privacy Lawls, where we have fun talking to some of the biggest names in privacy.

Thanks for reading!