August 2024

Data Privacy Frontline Report

August 2024

Here are key highlights from August 2024 detailing global news and regulatory updates.

US & Canada

  • California legislature passes controversial AI safety bill requiring companies making advanced AI models to test for potential harm to society and be able to shut down a covered model
  • Illinois passes bill to regulate the use of AI in certain employment settings, adding to the list of US state laws that address AI
  • Texas attorney general’s office recently active in enforcement, with USD 1.4 billion settlement against Meta and a lawsuit against General Motors for the sale of driving data without knowledge or consent
  • US added to Switzerland’s list of companies with an adequate level of data protection, allowing for the secure transfer of personal data from Switzerland to certified US companies (also in EMEA)

EMEA

  • EU European Commission to prioritize GDPR enforcement, with no plans to reopen the GDPR before 2028
  • EU AI Act criticized by CEOs from Meta and Spotify, who claim the tech industry in Europe faces “overlapping regulations and inconsistent guidance”
  • Israel’s Knesset approves comprehensive amendments to the Protection of Privacy Law, introducing a complex structure of fines for various obligations
  • Moldova enacts a new data protection law, granting individuals greater control over their personal data (article in Romanian)
  • Saudi Arabia’s data protection authority issues guidelines on drafting privacy notices
  • Switzerland adds US to list of companies with an adequate level of data protection, allowing for the secure transfer of personal data from Switzerland to certified US companies (also in US & Canada)
  • UK Information Commissioner’s Office publishes report on overcoming barriers to the adoption of privacy enhancing technologies (PETs)

Gain confidence to use and share sensitive data

Find out how our advisory services can help you safely leverage data derived from information about people. Watch this 15-minute webinar.

APAC

  • New Zealand’s data protection authority receives 250 submissions on draft biometrics rules from the public and organizations
  • Philippines’ data protection authority releases guidelines on the processing of personal data
  • Taiwan unveils the draft of its AI governance framework, outlining the government’s fundamental position towards AI development
  • Thailand publishes a notification on the deletion, destruction, and de-identification of personal information, making minor amendments to the legislation draft from June 2024

LATAM

  • Brazilian regulation on international data transfers establishes procedures and rules for recognizing the adequacy of other countries, including standard contractual clauses (article in Portuguese)
  • Chile approves the Personal Data Protection Law, updating current legislation and aligning with the GDPR (article in Spanish)

Global

  • Multinational meeting with officials from a range of nations is held to address national security risks associated with connected vehicles

Archiving / Destroying

Are you unleashing the full value of data you retain?

Your Challenges

Do you need help...

OUR SOLUTION

Value Retention

Client Success

Client: Comcast

Situation: California’s Consumer Privacy Act inspired Comcast to evolve the way in which they protect the privacy of customers who consent to share personal information with them.

Evaluating

Are you achieving intended outcomes from data?

Your Challenge

Do you need help...

OUR SOLUTION

Unbiased Results

Client Success

Client: Integrate.ai

Situation: Integrate.ai’s AI-powered tech helps clients improve their online experience by sharing signals about website visitor intent. They wanted to ensure privacy remained fully protected within the machine learning / AI context that produces these signals.

Accessing

Do the right people have the right data?

Your Challenges

Do you need help...

OUR SOLUTION

Usable and Reusable Data

Client Success

Client: Novartis

Situation: Novartis’ digital transformation in drug R&D drives their need to maximize value from vast stores of clinical study data for critical internal research enabled by their data42 platform.

 

Maintaining

Are you empowering people to safely leverage trusted data?

Your Challenges

Do you need help...

OUR SOLUTION

Security / compliance efficiency

CLIENT SUCCESS

Client: ASCO’s CancerLinQ

Situation: CancerLinQ™, a subsidiary of American Society of Clinical Oncology, is a rapid learning healthcare system that helps oncologists aggregate and analyze data on cancer patients to improve care. To achieve this goal, they must de-identify patient data provided by subscribing practices across the U.S.

 

Acquiring / Collecting

Are you acquiring the right data? Do you have appropriate consent?

Your Challenge

Do you need help...

OUR SOLUTIONS

Consent / Contracting strategy

Client Success

Client: IQVIA

Situation: Needed to ensure the primary market research process was fully compliant with internal policies and regulations such as GDPR. 

 

Planning

Are You Effectively Planning for Success?

Your Challenges

Do you need help...

OUR SOLUTION

Build privacy in by design

Client Success

Client: Nuance

Situation: Needed to enable AI-driven product innovation with a defensible governance program for the safe and responsible use
of voice-to-text data under Shrems II.

 

Join the next 5 Safes Data Privacy webinar

This course runs on the 2nd Wednesday of every month, at 11 a.m. ET (45 mins). Click the button to register and select the date that works best for you.