February 2022

Data Privacy Frontline Report

February 2022

Here are key highlights from February 2022 detailing global news and regulatory updates.

US & Canada

California Privacy Rights Act (CPRA) regulations delayed past July 1 deadline, expected Q3 or Q4

Canadian Privacy Commissioner says the government should have let Canadians know it was tracking statistics on their movements during COVID

Uniform Law Commission (ULC) develops model data protection legislation to bring clarity and stability to conflicting US state and federal laws

US, EU trade, technology body to meet May 15-16 in France

US Senators (LA and WI) introduce the Health Data Use and Privacy Commission Act to start modernizing health data use and privacy policies

EMEA

Africa and the Near East: The region’s privacy landscape facing rapid and dramatic changes

EU, US trade, technology body to meet May 15-16 in France (as noted above under US & Canada)

EU Data Governance Act: What privacy professionals need to know from law firm Bird & Bird

European Commission proposes measures for a fair and innovative data economy in draft Data Act

European Commission’s ambitious proposal to regulate AI progresses slowly due to the file’s technical, political and juridical complexity

European Data Protection Board (EDPB) is looking for experts on investigation and enforcement activities, including anonymization experts

France’s privacy regulator, CNIL, is latest authority to rule Google Analytics violates GDPR

Greece’s HDPA fines Cosmote €6M for data breach and unlawful data processing

Oman approves data protection law

UAE publishes new Federal Data Protection Law

UK’s privacy regulator, the ICO, publishes guidance on pseudonymization

UK’s ICO consults health organizations to shape thinking on privacy-enhancing technologies

APAC

China’s Personal Information Protection Law explained here with five operational impacts

China outlaws “algorithmic discrimination as part of what may be the world’s most ambitious effort to regulate AI” (see new rules)

China publishes first regional data-related regulation – International Trademark Association (inta.org)

India’s Data Protection Bill may be replaced by fresh legislation

Indonesia’s Personal Data Protection Bill: will it follow in the footsteps of the EU member states by having an independent public DPA?

 

LATAM

Brazil is making data protection a fundamental right

Other tools and resources

Future of Privacy Forum (FPF) compares data protection laws in Ten Countries/Regions

Archiving / Destroying

Are you unleashing the full value of data you retain?

Your Challenges

Do you need help...

  • Unleashing the full value of retained data so they can be put to work safely and responsibly in line with privacy regulation?
  • Defining and implementing effective archival and disposal processes for personal data?

OUR SOLUTION

Value Retention

  • Retain the business value in your data through anonymization.
  • Ensure compliance in your retention & destruction strategy.
  • Maximize the reuse of information by removing what is personal.

Client Success

Client: Comcast

Situation: California’s Consumer Privacy Act inspired Comcast to evolve the way in which they protect the privacy of customers who consent to share personal information with them.

Read the full story >

Evaluating

Are you achieving intended outcomes from data?

Your Challenge

Do you need help...

  • Optimizing the use / analysis of data to achieve your organization’s intended outcomes with measured success?

OUR SOLUTION

Unbiased Results

  • Reduce / minimize risk of bias in your data for machine learning.
  • Ensure transparency, fairness, and AI ethics / compliance.
  • Ensure data ethics & compliance in your data models and results.

Client Success

Client: Integrate.ai

Situation: Integrate.ai’s AI-powered tech helps clients improve their online experience by sharing signals about website visitor intent. They wanted to ensure privacy remained fully protected within the machine learning / AI context that produces these signals.

Read the full story >

Accessing

Do the right people have the right data?

Your Challenges

Do you need help...

  • Ensuring the right people have access to the right data at the right times?

OUR SOLUTION

Usable and Reusable Data

  • Enable internal access and / or external sharing of data for primary and / or secondary uses.
  • Ensure data are useful and reusable in alignment with FAIR principles.
  • Ensure data have the right level of privacy protection for the use.

Client Success

Client: Novartis

Situation: Novartis’ digital transformation in drug R&D drives their need to maximize value from vast stores of clinical study data for critical internal research enabled by their data42 platform.

 

See the full story >

Maintaining

Are you empowering people to safely leverage trusted data?

Your Challenges

Do you need help...

  • Maintaining / processing data securely and efficiently to promote data enablement with auditable proof of compliance?

OUR SOLUTION

Security / compliance efficiency

  • Creating synthetic versions of data to be used for innovation / AIML.
  • Applying data minimization principles to reduce your risk exposure.
  • Transforming your data for secondary uses and access.

CLIENT SUCCESS

Client: ASCO’s CancerLinQ

Situation: CancerLinQ™, a subsidiary of American Society of Clinical Oncology, is a rapid learning healthcare system that helps oncologists aggregate and analyze data on cancer patients to improve care. To achieve this goal, they must de-identify patient data provided by subscribing practices across the U.S.

 

Visit ASCOPubs.org to read the full story >

Acquiring / Collecting

Are you acquiring the right data? Do you have appropriate consent?

Your Challenge

Do you need help...

  • Ensuring the acquisition / collection of the right data under the appropriate consent / contracts to maintain corporate integrity?

OUR SOLUTIONS

Consent / Contracting strategy

  • Developing a consent / contractual framework for collecting / sourcing.
  • Creating a comms strategy for internal / external stakeholders.
  • Ingesting and transforming data safely to earn trust.

Client Success

Client: IQVIA

Situation: Needed to ensure the primary market research process was fully compliant with internal policies and regulations such as GDPR. 

 

Read the full story >

Planning

Are You Effectively Planning for Success?

Your Challenges

Do you need help...

  • Defining a clear data strategy to achieve desired outcomes?
  • Getting it right at the start to avoid costly privacy missteps later?

OUR SOLUTION

Build privacy in by design

  • Building privacy into your data plan / platform / pipeline upfront.
  • Establishing a trusted data strategy (ethics, compliance, privacy).

Client Success

Client: Nuance

Situation: Needed to enable AI-driven product innovation with a defensible governance program for the safe and responsible use
of voice-to-text data under Shrems II.

 

Visit Nuance.com to read the full story >

Join the next 5 Safes Data Privacy webinar

This course runs on the 2nd Wednesday of every month, at 11 a.m. ET (45 mins). Click the button to register and select the date that works best for you.

Register Now