Blog
Meta vs DPC over data-scraping breach
Meta has been granted leave by the Irish High Court to appeal a November 2022 decision by the Irish Data Protection Commission ("DPC") to impose fines totalling €265 million against Meta in connection with a major data-scraping breach involving personal data of over 500 million Facebook users.
ICO Publishes First Tech Horizons Report
The Information Commissioner's Office ("ICO") has published the first of its annual Tech Horizons Reports (the "Report") which examines the implications of technological developments for privacy law in the next two to five years.
The European Commission has concluded its first review of Japan-EU mutual adequacy decision
On 23 January 2019, the European Commission adopted its adequacy decision in respect of Japan. The effect of that decision was that personal data could flow between the EEA and businesses in Japan without further safeguards, as it was determined that Japanese data protection laws ensured an adequate level of protection for personal data transferred.
13 April – A big day for the future of Meta and its EU-US transfers
On 13 April 2023, the EDPB adopted a dispute resolution decision in relation to the Irish Data Protection Commission's ("DPC") draft decision, as lead supervisory authority, against Meta, which proposed a suspension of data transfers to the US.
Spotlight on TikTok – ICO fines TikTok £12.7 million as global concerns relating to the app's security and data privacy practices continue to mount
On 4 April 2023, the ICO announced that it has fined TikTok £12.7 million for various data protection breaches related to the misuse of children's data. The ICO investigation found that between May 2018 and July 2020 TikTok had processed the data of more than one million children under the age of 13 without parental consent. Further, TikTok had been aware that children under the age of 13 were using the platform (in direct contravention of its terms of use), but had not taken any action to remove these users' accounts or to prevent continued use, nor did it do enough to check who was actually using the platform. TikTok also failed to provide proper information to users in a concise, transparent and easy to understand manner.
ChatGPT banned in Italy over alleged privacy violations
On Friday, 31 March 2023, the Italian data protection regulator, the Garante, banned ChatGPT citing data privacy concerns.
The PRC announces the creation of a new data regulator
The People's Republic of China's ("PRC") parliament approved State Council reform plans on 10 March 2023, including the plans for the creation of a new data regulator. This body will work towards centralising the management of the PRC's data.
Meta verification subscription service signals end to data for free services
On 19 February 2023, Meta founder and CEO Mark Zuckerberg announced the launch of a paid subscription service, “Meta Verified”, which will allow Facebook and Instagram users to verify their accounts. Previously, verified badges were reserved for public figures or businesses, and were free of charge. But now users will be able to get a blue verification badge, by paying a fee of US$11.99-$14.99 a month.
Data breach claim transferred from High Court to County Court
This blog examines a recent case that highlights that the High Court is not necessarily suitable for low-value data breach claims. In Cleary v Marston (Holdings) Ltd [2021] EWHC 3809, the claimants issued their claim in the High Court on the basis that a specialist judge was required and that the very high legal costs would only be fully recoverable if the claim were handled by the High Court. However, the judgment found that the straightforward nature of the case, including its factual matrix, meant that it was more appropriate for the County Court.