Big Tech pushes back against GDPR and DMA. What is Europe's next chess move?
View in browser

Data Privacy Happenings 📰

Hello from MineOS's monthly newsletter, The Privacy Mindset! 👋

 

Big Tech and the EU have a bit of an adversarial relationship when it comes to data privacy and protection, with the Silicon Valley giants bearing the vast majority of the financial brunt of enforcement in the past half decade.

 

Meta has been hit with numerous 9-figure GDPR violations, and the EU AI Act will also likely touch the social media giant as it attempts to use the platform's user content to train its own AI. 

 

Beyond GDPR, the Digital Markets Act hasn't gotten enough attention as a viable sword of data privacy. The DMA is designed specifically to combat Big Tech and uncompetitive market practices, and it's made an impact even within its first year on the books.

 

Apple made adjustments to its App Store operations back in January in response to the DMA, but they did not do enough, as the EU announced several weeks ago that Apple was in violation of the DMA.

 

EU Commissioner Thierry Breton noted, "We have reason to believe that the App Store rules not allowing app developers to communicate freely with their own users is in breach of the DMA."

 

Apple and Meta aren't taking these compliance challenges lying down, as both have decided to withhold products from the EU in retaliation. Meta will not be releasing a multimodal AI model there, and Apple will not release Apple Intelligence features on the continent. 

 

Meta, of course, is in the middle of the pay-or-consent drama as the company tries to navigate around several GDPR decisions against the company's data processing activities, but the avalanche of compliance mandates and decisions has seemingly pushed some of Big Tech over the edge.

 

Where do we go from here? It's hard to say, but things could get messy, and we need to see how much of a stomach the EU has to stare down these types of threats. 

 

On one hand, EU users might suffer from missing out on the newest updates from companies that are ever-present in people's lives, but on the other, Europe cannot blink once data protection regulation is meaningfully challenged, otherwise it renders the laws toothless.

 

Oftentimes people get much too caught up in the regulation itself and not the enforcement of the regulation, because without the latter, the former is really nothing more than guidelines, hoping companies will act on good faith. How enforcement is carried out in response to Meta's and Apple's actions will go a long way in the future of data protection. 

Product Spotlight 🔦

A crucial element of compliance is assessments, from data protection impact assessments and transfer impact assessments to legitimate interests assessments. Understanding the various impacts before executing actions matters, and every organization's circumstances are unique.

 

That's why a major focus for MineOS over the past few months (and next few) is revamping our Assessments capabilities. To enable more customization in assessments, the platform now offers a variety of new blocks, with development underway on additional blocks for data types and data flows, multiple choice blocks, and additional sorting and filtering options. 

 

We've also added predefined templates to make getting started easier, helping teams initiate assessments without as much legwork needed to get the process going.

 

Regulation Focus 🔬

Kids Online Safety & Privacy Act Sec. 111A

"KIDS ONLINE SAFETY COUNCIL

Establishment -- not later than 180 days after the enactment of this Act, the Secretary of Commerce shall establish and convene the Kids Online Safety Council for the purpose of providing advice for matters related to this subarticle."

 

We're bending the rules a bit here since this bill isn't official, but today (!) it's taking its spotlight in the US Senate as the country desperately tries to update the Children's Online Privacy Protection Act of 1998.

 

(In fact, the link above leads to a Linkedin post from IAPP's Cobun Zweifel-Keegan, a must follow if you need regulatory updates in real time or want to see draft bills and their changes over time. I would highly recommend reading at least the full scope of the council beyond section A, as we didn't copy it here for length reasons).

 

KOSPA, as it will be called, is a compromise mish-mash bill of the Kids Online Safety Act and COPPA 2.0, as Congress has been circulating various bills in an urgency to get this done amidst renewed concerns about children's safety online and social media's general atmosphere of child endangerment and addictive design.

 

There's a lot to go over in there, and this version isn't even guaranteed to pass before the elections--although the bill is bipartisan and widely supported--but we will almost certainly see some form of children's privacy protections come through before the end of 2025, at the latest.

 

What's interesting about setting up an advisory council to study and direct action is that very few of these bodies exist in data privacy in America at all. There isn't even a federal data protection authority equivalent like there is in European nations, as the FTC acts as the regulator for the various privacy laws on the books (despite a million other things being on the agency's plate). 

 

The only state to create a separate data privacy agency has been California, with most content to let or financially-hamstrung enough to need the AG to run enforcement alone. The creation of this council is a gigantic neon sign in blinking letters that children's privacy is a priority for the government to get right, and that's a good sign for the industry.
Galgo

Founder's Corner 🎙️

CTO & co-founder Gal Golan

 

Q: What do you think is an issue around AI that is not getting enough attention?

 

A: Accessibility and how easy it is to use. Some AI tools being released are very complicated when they don't need to be, and for wider consumer adoption I think most of these solutions should be more transparent and easy to use no matter a person's technical prowess. 

Webinars & Events 📅

The MineOS team is gearing up for a big one, as we're heading to IAPP Privacy. Security. Risk. 2024 in LA on September 22-24!

 

Follow us on Linkedin as we announce more details on our live session, booth, and fun times galore at the event! 

 

Already know you're going? Drop us a line to make sure we connect there.

 

Register here, if you haven't yet: https://iapp.org/conference/iapp-privacy-security-risk/

 
Talk with us

How did you like this month's issue?

Let us know
footer

"MineOS" (Saymine Technologies Inc), One Marina Park Drive, Suite 1100, Boston, MA 02210, United States

Unsubscribe Manage preferences