February 2022

Data Privacy Frontline Report

February 2022

Here are key highlights from February 2022 detailing global news and regulatory updates.

US & Canada

California Privacy Rights Act (CPRA) regulations delayed past July 1 deadline, expected Q3 or Q4

Canadian Privacy Commissioner says the government should have let Canadians know it was tracking statistics on their movements during COVID

Uniform Law Commission (ULC) develops model data protection legislation to bring clarity and stability to conflicting US state and federal laws

US, EU trade, technology body to meet May 15-16 in France

US Senators (LA and WI) introduce the Health Data Use and Privacy Commission Act to start modernizing health data use and privacy policies


Africa and the Near East: The region’s privacy landscape facing rapid and dramatic changes

EU, US trade, technology body to meet May 15-16 in France (as noted above under US & Canada)

EU Data Governance Act: What privacy professionals need to know from law firm Bird & Bird

European Commission proposes measures for a fair and innovative data economy in draft Data Act

European Commission’s ambitious proposal to regulate AI progresses slowly due to the file’s technical, political and juridical complexity

European Data Protection Board (EDPB) is looking for experts on investigation and enforcement activities, including anonymization experts

France’s privacy regulator, CNIL, is latest authority to rule Google Analytics violates GDPR

Greece’s HDPA fines Cosmote €6M for data breach and unlawful data processing

Oman approves data protection law

UAE publishes new Federal Data Protection Law

UK’s privacy regulator, the ICO, publishes guidance on pseudonymization

UK’s ICO consults health organizations to shape thinking on privacy-enhancing technologies


China’s Personal Information Protection Law explained here with five operational impacts

China outlaws “algorithmic discrimination as part of what may be the world’s most ambitious effort to regulate AI” (see new rules)

China publishes first regional data-related regulation – International Trademark Association (inta.org)

India’s Data Protection Bill may be replaced by fresh legislation

Indonesia’s Personal Data Protection Bill: will it follow in the footsteps of the EU member states by having an independent public DPA?



Brazil is making data protection a fundamental right

Other tools and resources

Future of Privacy Forum (FPF) compares data protection laws in Ten Countries/Regions

Archiving / Destroying

Are you unleashing the full value of data you retain?

Your Challenges

Do you need help...


Value Retention

Client Success

Client: Comcast

Situation: California’s Consumer Privacy Act inspired Comcast to evolve the way in which they protect the privacy of customers who consent to share personal information with them.


Are you achieving intended outcomes from data?

Your Challenge

Do you need help...


Unbiased Results

Client Success

Client: Integrate.ai

Situation: Integrate.ai’s AI-powered tech helps clients improve their online experience by sharing signals about website visitor intent. They wanted to ensure privacy remained fully protected within the machine learning / AI context that produces these signals.


Do the right people have the right data?

Your Challenges

Do you need help...


Usable and Reusable Data

Client Success

Client: Novartis

Situation: Novartis’ digital transformation in drug R&D drives their need to maximize value from vast stores of clinical study data for critical internal research enabled by their data42 platform.



Are you empowering people to safely leverage trusted data?

Your Challenges

Do you need help...


Security / compliance efficiency


Client: ASCO’s CancerLinQ

Situation: CancerLinQ™, a subsidiary of American Society of Clinical Oncology, is a rapid learning healthcare system that helps oncologists aggregate and analyze data on cancer patients to improve care. To achieve this goal, they must de-identify patient data provided by subscribing practices across the U.S.


Acquiring / Collecting

Are you acquiring the right data? Do you have appropriate consent?

Your Challenge

Do you need help...


Consent / Contracting strategy

Client Success

Client: IQVIA

Situation: Needed to ensure the primary market research process was fully compliant with internal policies and regulations such as GDPR. 



Are You Effectively Planning for Success?

Your Challenges

Do you need help...


Build privacy in by design

Client Success

Client: Nuance

Situation: Needed to enable AI-driven product innovation with a defensible governance program for the safe and responsible use
of voice-to-text data under Shrems II.


Join the next 5 Safes Data Privacy webinar

This course runs on the 2nd Wednesday of every month, at 11 a.m. ET (45 mins). Click the button to register and select the date that works best for you.