The UK Government recently published its long-awaited response to its data reform consultation, ‘Data: A new direction’ (see our post on the consultation, here).

As many readers are aware, following Brexit, the UK Government has to walk a fine line between trying to reduce the compliance burden on organizations and retaining the ‘adequacy’ status that the European Commission granted in 2021 (see our post on the decision, here).

While we’ll have to wait to review the detail of the final legislation, we outline below some of the more eye-catching proposals for reform.

Continue Reading 8 Eye-catching Reforms in the UK Government’s Response to its Public Consultation on Data Protection Law

On March 21, 2022, the European Data Protection Board (“EDPB”) published its draft Guidelines 3/2022 on Dark patterns in social media platform interfaces (hereafter “Guidelines”, available here), following the EDPB’s plenary session held on March 14, 2022.  The stated objective of the Guidelines is to provide practical guidance to both designers and users of social media platforms about how to identify and avoid so-called “dark patterns” in social media interfaces that would violate requirements set out in the EU’s General Data Protection Regulation (“GDPR”).  In this sense, the Guidelines serve both to instruct organizations on how to design of their platforms and user interfaces in a GDPR-compliant manner, as well as to educate users on how certain practices they are subject to could run contrary to the GDPR (which could, as a result, lead to an increase in GDPR complaints arising from such practices).  The Guidelines are currently subject to a 6-week period of public consultation, and interested parties are invited to submit feedback directly to the EDPB here (see “provide your feedback” button).

In this blog post, we summarize the Guidelines and identify key takeaways.  Notably, while the Guidelines are targeted to designers and users of social media platforms, they may offer helpful insights to organizations across other sectors seeking to comply with the GDPR, and in particular, its requirements with respect to fairness, transparency, data minimization, purpose limitation, facilitating personal data rights, and so forth.

Continue Reading EDPB Publishes Draft Guidelines on the Use of “Dark Patterns” in Social Media Interfaces

As readers of the InsidePrivacy blog know, we often save some fun reading on privacy issues for the weekend, given the crush of business during the week.  Sure, you’re reading the FTC’s just‑released Internet of Things report (and hopefully Shel’s helpful analysis of it), but a little broader reading might be just right for our (somewhat) snowy weekend.

At the top of my list for this weekend is Neil Richards’ new book, Intellectual Privacy: Rethinking Civil Liberties in the Digital Age.  This book follows up on Neil’s great law review article of the same name, but develops and updates the arguments, examples and use cases.  The subject of the work is the conflict between privacy and free expression, one of the most important issues in our area of law and policy.  Topics such as the “right to be forgotten” place this issue squarely into today’s headlines.  Neil suggests that free speech should win out in the event of a true conflict between the two values, but concludes that true conflicts are exceedingly rare.  It is more likely that privacy should be seen as a precondition for the exercise of free speech — without some assurance that privacy rights will be honored, individuals will not speak freely.  It’s a great premise with which I agree, and one that I look forward to thinking more about.  And if you’re in New York on Monday and can stop by the book launch sponsored by Data & Society, you can ask Neil about it!
Continue Reading Privacy Weekend: Provocative Articles We’re Reading Now