Here are key highlights from December 2023 detailing global news and regulatory updates.
US & Canada
- Canada’s provincial privacy commissioners oppose the proposed creation of a federal privacy tribunal, arguing that this would be a waste of time and money
- Quebec’s draft regulation for the anonymization of personal information is published in the government’s official gazette and is subject to a 45-day consultation period
- US Department of Health and Human Services (HHS) finalizes rule establishing first of its kind transparency requirements for AI and other predictive algorithms that support hospital and office-based physician care
- US HHS settles first-ever phishing cyberattack investigation, one that affected the electronic protected health information of close to 35,000 individuals
- US Federal Communications Commission (FCC) launches first-ever enforcement partnerships with state attorneys general, sharing expertise and resources in conducting privacy, data protection, and cybersecurity-related investigations
- US National Institute for Standards and Technology (NIST) publishes a report summarizing current practices, challenges, and proposed solutions for securing genomic data
- EU reaches a deal on the world’s first comprehensive AI legislation, with pressure to finalize the text soon
- EU Council of the European Union members agree to a negotiating stance on the proposed European Health Data Space
- EU Court of Justice of the European Union (CJEU) clarifies legal grounds for issuing fines, finding that fines should only be given for violations committed “intentionally or negligently”
- EU’s European Data Protection Board (EDPB) publishes a report claiming the application of the GDPR over the last five and a half years has been successful and making no call for revisions to the regulation
Gain confidence to use and share sensitive data
Find out how our advisory services can help you safely leverage data derived from information about people. Watch this 15-minute webinar.
- South Korea’s Personal Information Protection Committee (PIPC) publishes a guide for the new amendment to the Personal Information Protection Act, which includes a requirement for private entities to participate in dispute resolution