Privacy Law Update: November 15, 2021
On November 10, 2021, the UK Supreme Court issued a unanimous Judgment in Lloyd v Google LLC  UKSC 50, overturning a ruling of the Court of Appeal and disallowing a data privacy class action. The Judgment denied Mr. Lloyd the ability to pursue a collective claim for compensation on behalf of around four million iPhone users in England and Wales whose internet activity data were allegedly collected by Google in late 2011 and early 2012 for commercial purposes without the users’ knowledge or consent, and in alleged breach of section 4(4) of the Data Protection Act 1998 (“the 1998 Act”). The 1998 Act has since been replaced by the UK GDPR and the Data Protection Act 2018 (“the 2018 Act”). The claim was backed by substantial litigation funding.
On his third day as New Zealand’s Privacy Commissioner in 2014, John Edwards was asked during a committee hearing about his approach to the role. “I said I want to make privacy easy,” Edwards said. “I want to make privacy easy for agencies to implement, I want to make it easy for consumers to access privacy-friendly options, and I want to make it easy for people to have access to remedies when things are wrong. That became my mantra and I think it fits.”
IAB Europe is informed by the Belgian data protection authority (the APD) that its Litigation Chamber is close to finalizing a draft ruling that will conclude its investigation of IAB Europe and its role in the Transparency & Consent Framework (TCF). The draft ruling is expected to be shared with other Data Protection Authorities (DPAs) in the coming 2-3 weeks under the Cooperation Procedure laid down in the GDPR. Those DPAs will have 30 days to review it. Depending on the outcome of that review, the APD may adopt a final ruling or the matter may be referred to the European Data Protection Board for a binding decision.
Today, demand for qualified privacy professionals is surging. Soon, societal, business and government needs for practitioners with expertise in the legal, technical and business underpinnings of data protection could far outstrip supply. To fill this gap, universities around the world are adding privacy curricula in their law, business and computer science schools. The IAPP’s Westin Research Center has catalogued these programs with the aim of promoting, catalyzing and supporting academia’s growing efforts to build an on-ramp to the privacy profession.
Facebook Inc (FB.O) said on Tuesday it plans to remove detailed ad-targeting options that refer to “sensitive” topics, such as ads based on interactions with content around race, health, religious practices, political beliefs or sexual orientation. The company, which recently changed its name to Meta and which makes the vast majority of its revenue through digital advertising, has been under intense scrutiny over its ad-targeting abilities and rules in recent years
This data privacy update addresses the amendments to the Personal Data Protection Act, the changes to the Spam Control Act, the publication of the Cyber Security Agency of Singapore (CSA)’s report on the Singapore Cyber Landscape in 2020, and the proposed new licensing framework for cybersecurity service providers.