Here are key highlights from January 2022 detailing global news and regulatory updates – including legislative predictions, interactive tools and updates from EMEA, North America and APAC.
US & Canada
Canada’s Public health agency’s data tracking of Canadians spurs calls for new laws while privacy watchdog probes health officials’ use of cellphone location data
US HIPAA Data Privacy and Security Regulations could be in for changes, including more flexibility to share certain data under the Privacy Rule, with many questions remaining
US states may consider CCPA-like consumer privacy bills in 2022, including AZ, CT, FL, MN, MS, WA, with several others carrying bills over from 2021, including AK, MA, NY, NC, OH, OK, SC, VT
US Bill to promote digital privacy technology was favorably reported to the House
US government agency NIST publishes guide to privacy, security controls assessments
EMEA
Austrian watchdog rules German company’s use of Google Analytics breached GDPR by sending data to US (responses from Google here and here) – the implications could be far-reaching
EU policy events anticipated in 2022 include presenting the Data Act on Feb 23, solving international data transfers following “Schrems II”, presenting a new cybersecurity law, and more summarized here
European Data Protection Board (EDPB) publishes breach notification, handling guidelines – five take-aways from the final Guidelines on Examples shared here
European Data Protection Supervisor emphasizes data protection is about protecting people: “You don’t need to know how airplanes fly to entrust your life to the pilot. That should happen with data protection.“
European Parliament gives initial approval to rules that would change big tech data collection, advertising
EU data protection authorities have handed out a total of $1.2 billion in fines over breaches of the bloc’s GDPR law since 28-Jan-2021, according to law firm DLA Piper
France’s privacy regulator, CNIL, sets parameters for processors’ reuse of data for product improvement
Israel privacy protection bill includes steep sanctions – and a DPO
Jordan drafts law to protect citizens’ personal data
Russia’s president, Putin, emphasizes effective mechanisms for the anonymisation of data at the international conference on artificial intelligence and data analysis in Moscow (2021)
Turkish data protection authority has proposed amendments to controversial provisions of the Law on Personal Data Protection [LPDP] numbered 6698
APAC
Australia’s privacy regulator welcomes proposals to strengthen privacy protections
Australian IAB pushes back on Feds privacy review: ‘This goes further than any other jurisdiction, including GDPR’
India’s Personal Data Protection Bill (now Data Protection Bill) has undergone an expansion and will now cover both personal and non-personal data
India Joint Parliamentary Committee report reinstates the concept of ‘consent managers’ and recommends its insertion into the definition clause of the upcoming Data Protection Act
Mongolian legal environment has been created for e-transition
LATAM
No updates reported this month.
Other tools and resources
International Association of Privacy Professionals (IAPP) report includes legislative predictions for 2022 for over 40 countries worldwide.
IAPP Global Privacy Law and DPA Directory tool has an interactive map identifying those countries with data protection laws