Here are key highlights from December 2022 detailing global news and regulatory updates.
US & Canada
- California’s CPRA regulations delayed again and now likely to take effect around April
- Colorado Attorney General’s office publishes revised draft Colorado Privacy Act rules, with a public rulemaking hearing to be held on February 1, 2023
- US Department of Health and Human Services issues bulletin on use of tracking technology by healthcare companies subject to HIPAA
- US Department of Health and Human Services proposes major changes to substance abuse confidentiality laws, bringing them in line with HIPAA and strengthening de-identification standards
- US data protection standards recognized as essentially equivalent to EU standards in European Commission draft adequacy decision, with the decision to be reviewed by a number of EU stakeholders (also in EMEA)
- US-EU Trade and Technology Council to collaborate on a pilot project on synthetic data in medicine and health and on privacy-enhancing technologies (also in EMEA)
EMEA
- EU Council of the European Union adopts its common position on the Artificial Intelligence Act, in anticipation of negotiations with the European Parliament
- EU European Commission publishes its draft adequacy decision recognizing the essential equivalence of US data protection standards, with the decision to be reviewed by a number of EU stakeholders (also in US & Canada)
- EU standard contractual clauses are now no longer valid, requiring either use of clauses updated in 2021 or another transfer tool
- EU-required privacy assessments explained and compared by OneTrust
- EU-US Trade and Technology Council to collaborate on a pilot project on synthetic data in medicine and health and on privacy-enhancing technologies (also in US & Canada)
- Germany’s Federal Ministry of Research commits 70 million euros for research on and development of anonymization methods
- German Data Protection Foundation releases two documents on the anonymization of personal data, with one providing general rules and the other practical guidelines
- Slovenian National Assembly adopts the Personal Data Protection Act, transposing the GDPR into Slovenian law
- Spanish government releases an introduction to data anonymization, including techniques and practical cases
Gain confidence to use and share sensitive data
Find out how our advisory services can help you safely leverage data derived from information about people. Watch this 15-minute webinar.
APAC
- Australia’s Privacy Act Review complete after three years, with the Attorney General to examine it over the summer and likely release it publicly alongside the government’s response in the first half of 2023
- Australian Competition & Consumer Commission publishes guide outlining the obligations of accredited data recipients (ADRs) in relation to the treatment of de-identified and redundant data under the Consumer Data Right
- China’s Cybersecurity Administration assessments for transferring data explained, with a focus on procedures and timelines
- India’s Ministry of Electronics and Information Technology has no view on whether it will republish anonymization guidelines that it published and promptly withdrew in September