Privacy Roundup: Top 10 Stories of June 2023

CPRA enforcement date has been pushed to 2024, while privacy laws in Colorado and Connecticut came into effect on July 1. Meanwhile, the EU moves a step closer to passing one of the first laws governing AI. Take a look at all the top stories from June.

In a last-minute ruling, a California court delayed enforcement of the California Privacy Rights Act (CPRA) regulations until March 29, 2024. The enforcement date of CPRA was set for July 1. The delay comes in the wake of a lawsuit filed by the California Chamber of Commerce to extend the enforcement date. The Court noted that the California Privacy Protection Agency failed to publish regulations by the July 1, 2022 deadline and does not adhere to the voter’s intent for a 12-month period between the finalization and enforcement. Read more

On June 14, the European Parliament voted in favour of the draft proposal for the AI Act, aimed at placing tougher restrictions on artificial intelligence technology. The draft law takes a risk-based approach and establishes different legal obligations depending on the level of risk – unacceptable, high, limited and minimal. Some of the biggest companies in Europe have signed an open letter claiming that the law could negatively impact competition. Read story

State-level data privacy laws in Colorado and Connecticut came into effect on July 1, 2023. Colorado Privacy Act was signed in July 2021 while the Connecticut Data Privacy Act was passed in May 2022. Both laws apply to entities that do business in the respective states, as well as businesses that process the personal data of their residents. Read more

Criteo, the French adtech giant faces a €40 million fine by the country’s data protection agency, CNIL for violation of GDPR including failure to get consent to process personal data for targeted advertising. The fine is the result of a  complaint filed by Privacy International and None of Your Business (noyb) in 2018 about how Criteo processed personal data to profile internet users for behavioural retargeting. Read more 

On June 18, 2023, Texas Governor signed the Texas Data Privacy and Security Act into law, making Texas the tenth US state to have a comprehensive privacy law. The law will go into effect on July 1, 2024, while provisions relating to universal opt-out will be effective from January 1, 2025. On June 25, 2023, the Oregon House and Senate signed the Oregon Consumer Privacy Act. Once signed by the Governor, it is set to become effective from July 1, 2024. Read more

Google has delayed the launch of its generative AI chatbot, Bard, in the European Union owing to privacy concerns raised by the Irish Data Protection Commission (DPC) — Google’s lead data protection authority in the EU. The DPC asked for a data protection impact assessment, that Google failed to present. Google’s Bard, a competitor to OpenAI’s ChatGPT, was released in 180 countries since March this year, including in the US and the UK. Read more

Meta has recently introduced two new privacy features for WhatsApp. The first feature called “Silence Unknown Callers” allows users to automatically screen out spam and calls from unknown individuals. The second feature called “Privacy Checkup” is a self-assessment guide for users to navigate through all of WhatsApp’s privacy settings. Read more

Sweden’s data protection authority fined Spotify $5.4 million (€5m) for violation of the transparency principle of EU’s GDPR .related to transparency. The case stems from a complaint filed in 2019 by privacy rights group noyb (none of your business) for alleged violation of Article 15 of the GDPR requires that companies provide disclosure to users about what data is stored, who it is shared with and for what reasons. Read more

Video conferencing platform Zoom announced new privacy enhancements to give users more control and be transparent about their policies. New features include data storage within EEA, a GDPR-compliant tool for administrators to manage data subject requests, audit log tracking, a marketing preference centre and more visibility of Zoom’s data retention and deletion policies. These new privacy features and tools are available in the Zoom web portal. Read more

The European Union is urging online platforms like Google, Meta and Microsoft to “immediately” label content and images generated by artificial intelligence to step up the fight against false information. EU Commission Vice President, Vera Jourova, called on the signatories to its Code of Practice on Online Disinformation to build “necessary safeguards that these services cannot be used by malicious actors to generate disinformation.” Watch here