Data Privacy Frontline Reports

• EU: The European Parliament Committee responsible for protecting civil liberties and human rights wants the European Commission to reject the proposed EU-U.S. Data Privacy Framework, stating it fails to create protection equivalent to GDPR.
• US: In its first action under the Health Breach Notification Rule, the FTC has fined company GoodRx $1.5M for sharing health data with Facebook and Google.
• Australia: The Attorney-General’s Department has released its Privacy Act Review Report 2022, delivering 116 recommendations that, if adopted, will fundamentally change how Australia deals with data.

And more…

• EU: The Irish Data Protection Commission has fined Meta €390M over what it deems an invalid basis for collecting personalized data, highlighting a divide between European regulators and raising uncertainty around GDPR compliance.
• US: The NIST has released its “AI Risk Management Framework 1.0” after 15 months of work, taking a big step toward developing a national AI strategy.
• Brazil: A senate committee has presented a report on AI regulation and a draft AI law to serve as the starting point for senate deliberation on new AI legislation.

And more…

• EU: The European Commission has published its draft adequacy decision recognizing the essential equivalence of US data protection standards, hoping for a final decision by July 2023.
• US: The Department of Health and Human Services has issued a bulletin on tracking technology for a wide range of healthcare companies subject to HIPAA.
• Australia: The country’s Privacy Act Review is now complete, with the Attorney General likely to release it publicly alongside the government’s response in the first half of 2023.

And more…

• Australia: The country’s parliament has approved final passage of the Privacy Legislation Amendment Bill 2022, increasing data breach fines and aligning more closely with the EU’s GDPR.
• EU: The European Medicines Agency (EMA) has shared new guidance on anonymizing protected data and deleting commercially confidential information (CCI) when preparing risk-management plans.
• India: The government has taken a second attempt at establishing a privacy law with the proposal of its Digital Personal Data Protection Act 2022.

And more…

• US: The White House has mandated new legal safeguards over access and use of personal data by federal agencies, moving closer to resolving the uncertainty around the legality of data transfers between the EU and the US.
• Africa: Nigeria has released a draft Data Protection Bill outlining a legal framework for personal data protection covering the largest population on the African continent.
• EU: The European data processing board has approved Europrivacy. It’s the first certification mechanism that demonstrates compliance with GDPR, allowing data controllers and processors to certify their data handling is valid in all member states.

And more…

• Indonesia: The world’s 4^th most populous country has passed its long-awaited personal data protection law, which has been in the works since 2016.
• EU: The European Commission has published the Cyber Resilience Act, proposing a regulation to reduce vulnerabilities in both hardware and software products.
• Australia: The government is looking to overhaul privacy laws after a record-breaking telecommunications hack that affected ~10 million people.

And more…