Recent data breaches in Australia highlighted the lack of effective privacy controls in organizations and led to changes to the Privacy Act 1988, including increased penalties from AU$2.2 million to AU$50 million.
On Dec. 13, the European Commission released its highly anticipated draft adequacy decision for the EU-U.S. Data Privacy Framework. Included within this latest draft is an update to similar privacy principles that were found within in the predecessor arrangement, the EU-U.S. Privacy Shield Framework.
The U.K. government and Dubai International Financial Centre Authority released a joint statement committing to increased facilitation of personal data flows. The two sides called the new agreement "a robust data bridge" that will help realize "the benefits of the important role that the trustworthy use of data across borders play." The U.K.
Lawmakers are questioning tax filing companies, Meta and Google over the sharing of users' financial information, The Markup reports. U.S. Sen. Elizabeth Warren, D-Mass., and others cited a report by The Markup that companies — including H&R Block and TaxAct — shared filers' data with Facebook through Meta Pixel code. TaxAct also reportedly shared data with Google.
Technology trade association NetChoice filed a lawsuit against the state of California aiming to block the California Age-Appropriate Design Code Act from taking effect, The New York Times reports. The group, whose membership includes most major Big Tech platforms, submitted a complaint alleging the recently-passed legislation "presses companies to serve as roving censors of speech on the internet." The law is set to take effect July 1, 2024, and includes requirements for privacy-by-default settings and data protection impact assessments.
In the U.S., 96% of applications used in schools share student personal information with third parties, CyberScoop reports, citing a study conducted by Internet Safety Labs. The data is shared with advertisers often without informing or obtaining consent from students or the schools, the study found.
Microsoft is beginning a phased rollout of its "EU data boundary" enabling EU cloud customers to process and store data in the region, Reuters reports. The "EU data boundary" applies to Microsoft's core cloud services. A first phase will include customer data, followed by logging and service data, Microsoft Chief Privacy Officer Julie Brill said.
The U.S. Senate passed legislation banning federal government employees from downloading TikTok on government-owned devices, The Wall Street Journal reports. A spokesperson for Speaker of the House Nancy Pelosi, D-Calif., did not respond when asked if the bill would be taken up before the new Congress is convened. TikTok claimed it does not share U.S.
The European Data Protection Board adopted a statement on the Court of Justice of the European Union's judgment for limited data processing and retention under the EU Passenger Name Record Directive. The board said the judgment "significantly narrows the ways" PNR data can be used and opined "most EU member states" do not comply with the judgment.