Beyond our Shores - March 2024 summary

Published: 5 April 2024

This is the ODPA's monthly round-up of data-related developments from around the world.

On 1 March 2024, Elon Musk announced he is suing OpenAI and Sam Altman for violating the company’s principles of putting humanity first. Elon Musk sues OpenAI and CEO Sam Altman for abandoning mission | Reuters

On 1 March 2024, the Biden administration announced new cybersecurity-related measures including an executive order (EO) and advance notice of proposed rulemaking (ANPRM) aimed at better protecting Americans' personal data on everything from biometrics and health records to finances and geolocation from foreign adversaries like China and Russia: Biden acts to better protect Americans' personal data such as health records and finances (

On 5 March 2024, the EU Commission hosted the first ever high-level meeting on safe data flows. The meeting gathered together Commissioner for Justice, Didier Reynders; EDPB Chair, Anu Talus; and Ministers and heads of the Data Protection Authorities of 15 countries and territories (including Guernsey) for which the EU has adopted an adequacy decision: EU Commission hosts safe data flows conference for “adequate” countries (

On 6 March 2024, the UK’s Information Commissioner’s Office seeks views on 'consent or pay' model currently being discussed by EU colleagues: ICO launches “consent or pay” call for views and updates on cookie compliance work | ICO

On 8 March 2024, Jersey’s financial services regulator suffered a data breach: Jersey's financial services regulator suffers data breach - Channel Eye

On 8 March 2024, Bloomberg cast a spotlight on the ‘elite group of women keeping big tech in check’ (Paywall): Europe’s Female Data Regulators Keeping Meta, Google and Apple Reined In - Bloomberg

On 11 March 2024, the European Data Protection Supervisor (EDPS) announced that the European Commission violated data protection rules in its use of Microsoft 365, leading to the imposition of corrective measures by the watchdog: EU Commission breached data protection rules using Microsoft 365, EU watchdog found – Euractiv

On 13 March 2024, the US House of Representatives passed a bill that could potentially lead to a nationwide ban on TikTok. It would require the Chinese tech giant ByteDance to sell its stake in the app within six months or face a ban from US app stores and web hosting platforms: US House passes bill that could ban TikTok nationwide - BBC News

On 14 March 2024, the European Parliament approved the Artificial Intelligence Act, which is the world’s first comprehensive law on AI. It aims to ensure safety and compliance with fundamental rights, while boosting innovation: Artificial Intelligence Act: MEPs adopt landmark law | News | European Parliament (

On 20 March 2024, the 2024 World Happiness Report found that declining wellbeing among under-30s has driven the US out of the top 20 list of happiest nations. “The report does not reveal the causes of the changes, but they come amid increasing concern at the impact of rising social media use, income inequalities, the housing crisis, and fears about war and climate change on the happiness of children and young people”: Young people becoming less happy than older generations, research shows | Children | The Guardian

On 20 March 2024, the UK Information Commissioner's Office (ICO) confirmed to the BBC that it received a breach report after staff at the hospital where the Princess of Wales had surgery allegedly tried to view her private health information: Kate hospital privacy breach claims being 'assessed' by watchdog - BBC News

On 24 March 2024, the Scottish government announced details of a review into the use of WhatsApp and other messaging apps. The external review, commissioned by First Minister Humza Yousaf, will also look at whether personal devices ought to be used for government business. It will be led by former ODPA data protection commissioner Emma Martins: Inquiry to examine how Scottish ministers use WhatsApp - BBC News

On 25 March 2024, the European Commission announced it had opened non-compliance investigations into Alphabet, Apple and Meta under the EU’s Digital Markets Act:

On 25 March 2024, the BBC reported that millions of Americans' online accounts were caught up in a "sinister" Chinese hacking plot that targeted US officials: Millions of Americans caught up in Chinese hacking plot - US - BBC News

On 25 March 2024, Time Magazine said that the UK and New Zealand had also been targeted by the cyberattacks targeting politicians and voters. US authorities said the hacking campaign involvd more than 10,000 malicious emails sent to targets that often appeared to be from prominent news outlets or journalists and appeared to contain legitimate news articles. The emails contained hidden tracking links that would allow information about the recipient, including their location and devices used to access email, to be transmitted to a server controlled by the defendants and others that they were working with. The UK has accused China of accessing details of some 40 million voters held by the Electoral Commission, according to Deputy Prime Minister Oliver Dowden: U.S. and U.K. Accuse China of Undermining Cybersecurity | TIME

On 26 March 2024, Reuters published a fact file on APT31, the Chinese hacking group believed to be behind the global cyberespionage campaign. It came after both the US and UK filed charges and imposed sanctions on a company and individuals linked to the state-backed hacking group that targeted millions of people including MPs: APT31: the Chinese hacking group behind global cyberespionage campaign | Reuters