Here are key highlights from April 2024 detailing global news and regulatory updates.
US & Canada
- California Privacy Protection Agency (CPPA) issues first enforcement advisory, focused on data minimization obligations
- Colorado produces a new law extending privacy measures to brainwave data and covering neurotechnologies that monitor brain activity
- Connecticut Senate passes AI Bill, aimed to establish Connecticut as a leader in the national movement to regulate and standardize the development and use of AI
- Nebraska Legislature gives final approval to a comprehensive privacy statute that mirrors Texas’ law and, if enacted, will take effect on January 1, 2025
- US congress members release the American Privacy Rights Act (APRA), a draft bi-partisan federal privacy bill which includes requirements on data minimization, as well as consumer rights to opt out of targeted advertising, and view, correct, export, or delete their data
- US Consumer Financial Protection Bureau (CFPB) and the Federal Trade Commission (FTC) seek to hold consumer reporting companies accountable for error correction
- US FTC finalizes changes to the Health Breach Notification Rule, clarifying its applicability to health apps and expanding the information covered entities must provide consumers in the event of a breach
- US FTC publishes a blog post addressing the ways to systematically address security vulnerabilities
- US Federal Communications Commission (FCC) fines wireless carriers $200 million for illegally sharing access to customer location data without consent
- US and UK AI Safety Institutes sign a memorandum of understanding, laying out plans to build a common approach to AI safety testing and to share capabilities for tackling risks (also in EMEA)
EMEA
- Denmark’s data protection authority updates guidance on conducting data transfers to third countries, responding to new information from the European Data Protection Board and European Commission (guidance in Danish)
- EU European Commission releases questions and answers on the European Health Data Space, including a description of its benefits
- EU European Parliament adopts new GDPR procedural rules to improve handling of cross-border cases and to speed up procedures
- France’s National Commission on Informatics and Liberty (CNIL) releases its first recommendations on the development of artificial intelligence systems and will supplement these recommendations in coming months (in French)
- France’s CNIL comments on the economic impact of GDPR after five years, finding returns on investment from GDPR in a number of areas
- Germany’s Health Data Act, which went into effect on March 26, aims to advance health research by granting pharmaceutical companies access to patients’ health data
- UK Information Commissioner’s Office (ICO) publishes guidance for health and social care organizations to help them improve transparency and build public trust
- UK and US AI Safety Institutes sign a memorandum of understanding, laying out plans to build a common approach to AI safety testing and to share capabilities for tackling risks (also in US & Canada)
Gain confidence to use and share sensitive data
Find out how our advisory services can help you safely leverage data derived from information about people. Watch this 15-minute webinar.
APAC
- China’s new cross-border transfer issues discussed, including recent relaxations to the law and their impact on businesses
- India’s Ministry of Electronics and Information Technology (MeitY) convenes a working group to develop guidelines for data anonymization standards, with the guidelines currently under review
- South Korea’s Personal Information Protection Commission (PIPC) releases a guide to help overseas businesses comply with the Personal Information Protection Act (guidance in Korean)
LATAM
- Brazil’s National Data Protection Authority (ANPD) approves a regulation requiring controllers to inform the ANPD and data subjects about significant security incidents (in Portuguese)