Here are key highlights from January 2023 detailing global news and regulatory updates.
Global
- ISO standard on Privacy by Design to be adopted in February 2023 as ISO 31700
- United Nations PET Lab: Results, analysis and key takeaways from their first hackathon on privacy-enhancing technologies
US & Canada
- California and Virginia have comprehensive privacy laws that took effect on January 1
- Canada’s provincial and federal private-sector law reform for 2023, explained by Chantal Bernier from Dentons LLP
- Canada’s draft Consumer Privacy Protection Act: Feedback from industry participants
- Colorado Attorney General’s office publishes revised draft Colorado Privacy Act rules, with a public rulemaking hearing to be held on February 1, 2023
- New York state privacy bill introduced already this year, along with comprehensive privacy bills in Kentucky, Tennessee and Oklahoma
- US NIST publishes AI Risk Management Framework 1.0, making a big contribution to the development of a national AI strategy
- US and EU sign an administrative agreement on AI and computing to address global challenges in healthcare and other areas (also in EMEA)
EMEA
- EU NIS2 and CER cybersecurity directives have entered into force
- EU’s legislative priorities for 2023 outlined, including the Data Act and the Digital Markets Act
- EU GDPR may need a new exception to prevent AI discrimination, according to this IAPP article
- EU and US sign an administrative agreement on AI and computing to address global challenges in healthcare and other areas (also in US & Canada)
- France’s data protection agency CNIL to support an interdisciplinary project on the protection of personal data
- French social security organization exposes data on over 10,000 payment recipients, failing to anonymize the data adequately
- Irish Data Protection Commission (DPC) fines Meta 390M euros over legal basis for personalized ads, with the decision highlighting a divide between European regulators and raising uncertainty around GDPR compliance
- Qatar’s role in protecting personal data privacy discussed
- Slovenia’s new Personal Data Protection Act (ZVOP-2) enters into force
Gain confidence to use and share sensitive data
Find out how our advisory services can help you safely leverage data derived from information about people. Watch this 15-minute webinar.
APAC
- Australia to consider right to be forgotten and other European-style privacy reforms to the Privacy Act
LATAM
- Brazil’s senate committee publishes AI report and draft AI law, to serve as the starting point for senate deliberation