Privacy News Roundup — August 2023

The FTC takes aim at dark pattern practices

The FTC has begun taking action against organizations abusing privacy consent principles by tricking individuals into providing more personal information than they intended or needed to. This, among other deceptive practices — known as “dark patterns,” has drawn the attention of the FTC, UK Advertising Standards Authority, European Data Protection Board and more.

State and international privacy laws include clauses that require transparency of information collection, including what data is collected and why. Connecticut, Colorado and California’s laws explicitly prohibit the use of dark patterns to obtain consent, while the EU GDPR states that, “consent must be unambiguous, informed, specific and freely given.”

India soon to establish Data Protection Board

Earlier this month, India passed its new Digital Personal Data Protection Bill (DPDPB), despite some criticism from privacy rights groups.

The government is expected to establish the Data Protection Board (DPB). The criteria for selecting members and the rules governing the function of the board are in development.

Rajeev Chandrasekhar, Minister of State for Electronics and IT, also confirmed that the rules for reporting personal data breaches and other reporting obligations are in progress.

Canada issues code of practice for generative AI

The Canadian government has issued a code of practice for the use and development of generative AI systems. The recently tabled Bill C-27 includes a proposed new law, the Artificial Intelligence and Data Act (AIDA), that will provide a legal basis for regulating AI once enacted.

The code of practice aims to provide a framework to guide the development of generative AI systems that protect the privacy rights of individuals and ensure their fairness ahead of future regulation.

UK ICO issues consultation on biometric data guidance

The UK ICO has published draft guidance on biometric data, inviting feedback through a consultation process. The guidance covers what biometric data is, how it is used in biometric recognition systems and the data protection requirements that organizations must satisfy when using and processing biometric data.

Data discovery can give you the insight you need for privacy compliance. Find out more.