What’s been happening in the world of technology law so far this year? These are a few of our favourite things.
1. Artificial Intelligence
The EU’s General Data Protection law as set the standard for data protection laws around the world. The European Commission is now seeking to steal a march in the field of Artificial Intelligence, publishing a draft Regulation which will, if adopted, regulate various aspects of the use of AI.
There’s no guarantee that the regulation will be adopted in anything like its current form, or even at all, and even if it is, it may take several years to reach the statute books. Extensive lobbying can be expected from all sides, such as human rights and technology businesses.
But for the moment, highlights include:
For our further thoughts on AI, please see our webinar from November 2020.
2. Data protection – mass actions
Two major mass actions have kicked off in April, involving TikTok and Facebook.
The Facebook claim is being brought in Ireland, as that is Facebook’s “seat” in the EU for data protection purposes. The case arises from the leak of user data relating to more than half a billion (yes, billion) accounts in 2019, which only came to light recently when the information was made freely available on the dark web. Not only will Facebook face criticism about the fact of the breach, but also, and perhaps worse, about its failure to report it. As noted above, there’s a potential fine of up to 4% of worldwide turnover if they’re found to have breached the GDPR, potentially amounting to billions (yes billions) of dollars.
TikTok, on the other hand, faces a claim on behalf of millions of children in the UK and EU, regarding how it collects and uses their data. The case is being led by the former Children’s Commissioner for England, Anne Longfield OBE. The claim is based on TikTok gathering and using far more information about users than is necessary for them to use the service, such as children’s phone numbers, pictures, location and facial recognition information. Again, the claim could run to billions.
3. Data protection & Brexit
Following on from our recent articles on the effect of Brexit on data protection law in the UK, the European Data Protection Board announced on 14 April that it had adopted two opinions on draft adequacy decisions issued by the European Commission. The EDPB is effectively the EU’s advisory committee on data protection.
The opinion is broadly in favour of adopting an adequacy decision in relation to the UK, noting that UK data protection law is essentially the same as the EU GDPR. Such a decision would mean that the flow of personal data from Europe to the UK could continue largely unabated after the expiry of the latest transitional period. However, it flagged some isolated issues, for example in the context of law enforcement, that the EDPB felt needed further investigation before an adequacy decision could be made.
So we still have to wait for further news to see whether Europe to UK data flows can continue. The transitional period expires on 30 June at the latest.