Here are key highlights from February 2023 detailing global news and regulatory updates.
US & Canada
- British Columbia’s privacy management and breach reporting requirements take effect
- US company GoodRx fined $1.5M for sharing health data with Facebook and Google, the first FTC action under the Health Breach Notification Rule (see also analysis from IAPP staff contributors)
- US state laws introduce new audit and internal review requirements for personal information collection and processing
- US Federal Trade Commission launches a new Office of Technology to strengthen the agency’s ability to keep pace with technological challenges in the digital marketplace
- US Department of Health and Human services announces new divisions within the Office for Civil Rights to better address growing need of enforcement in recent years
EMEA
- EU Court of Justice of the European Union rules that DPOs can maintain other tasks and duties within their roles if they do not result in a conflict of interest
- EU Members of the European Parliament urged the European Commission to reject the proposed EU-U.S. Data Privacy Framework, stating that it fails to create actual equivalence with the level of protection offered under the GDPR
- EU data protection authorities and their regulatory strategies are presented in a report from the Future of Privacy Forum
- EU European Commission will propose a new law before the summer aimed at improving how EU countries’ data protection authorities enforce the GDPR
- EU’s European Data Protection Board releases its work program for 2023–24, including developing guidelines on anonymization and pseudonymization
- Nigeria’s Federal Executive Council approved the Nigeria Data Protection Bill, 2022, and transmitted it to the National Assembly for consideration
- Spain’s AEPD produces guidance on handling the residual probability of re-identification associated with anonymized data
- UK tribunal rules in Experian appeal that businesses can weigh the benefits to consumers in their favour when assessing whether they can lawfully process data based on legitimate interests
Gain confidence to use and share sensitive data
Find out how our advisory services can help you safely leverage data derived from information about people. Watch this 15-minute webinar.
APAC
- Australia’s Attorney General Department released its Privacy Act Review Report 2022, delivering 116 recommendations that, if adopted, will fundamentally change how data is dealt with
- China’s new standard contractual clauses (SCCs) explained
- Indian government announces launch of a National Data Governance Policy to enable access to anonymised data
LATAM
- Brazil’s General Data Protection Law (LGPD) and how it is applied by the courts, as analyzed in a recent jurimetrics report
- Guatemala’s Congress to consider proposed data protection law