Here are key highlights from June 2023 detailing global news and regulatory updates.
US & Canada
- Canada’s draft Artificial Intelligence and Data Act (AIDA) explored in a scholarly review of the content and constraints shaping the Act
- Canada’s Office of the Privacy Commissioner (OPC) provides guidance on the practice of data de-identification in a new report of findings from a completed investigation
- Florida enacts a privacy law, but one that only applies to companies making more than $1 billion in annual revenue
- Nevada passes a health data privacy bill modeled after Washington’s My Health My Data Act, with finalization of the bill pending the governor’s approval
- Oregon is set to finalize SB 619, an act related to protecting the personal data of consumers that would take effect July 1, 2024
- Quebec’s Bill 64—with most of its key provisions entering into force on September 22—places the province’s privacy laws between those of Canada and Europe
- Texas is poised to become the 10th state to have a comprehensive privacy law, with the new bill slated to take effect on July 1, 2024
- US Federal Communications Commission (FCC) announces the establishment of a new Privacy and Data Protection Task Force to coordinate on privacy and data protection sector needs
- US Federal Trade Commission (FTC) proposes changes to clarify the Health Breach Notification Rule, formalizing interpretations consistent with recent enforcement decisions, such as against GoodRx
- US and UK announce the Atlantic Declaration, the latest step in a comprehensive partnership on data and artificial intelligence that would provide organizations in the UK with a streamlined route to transfer data to the US (also in EMEA)
EMEA
- EU appears to be moving towards a more pragmatic risk-based approach to anonymization
- France’s data protection authority (CNIL) imposes fine of 40 million euros on the Internet advertising group Criteo for violations related to ad retargeting that did not sufficiently anonymize individuals
- Nigeria’s President signs the Nigeria Data Protection Bill, 2023, into law, establishing the Nigeria Data Protection Commission and replacing the Nigeria Data Protection Bureau (NDPB) established in February
- UK’s Information Commissioner’s Office (ICO) urges organizations to harness the power of data safely by using privacy enhancing technologies
- UK’s ICO recommends changes to the definition of personal data in the UK’s draft Data Protection and Digital Information
- UK National Health Service (NHS) trusts shared patient details with Facebook without consent through covert tracking tools in their websites
- UK and US announce the Atlantic Declaration, the latest step in a comprehensive partnership on data and artificial intelligence that would provide organizations in the UK with a streamlined route to transfer data to the US (also in US & Canada)
Gain confidence to use and share sensitive data
Find out how our advisory services can help you safely leverage data derived from information about people. Watch this 15-minute webinar.
APAC
- India’s Digital Personal Data Protection Bill to appear on their parliament’s upcoming agenda
LATAM
- Bermuda’s Personal Information Protection Act (PIPA) 2016 to take effect on January 1, 2025
- Brazil’s national data protection authority (ANPD) publishes guidance on the processing of personal data for academic purposes (Portuguese only)
- Ecuador’s Personal Data Protection Law (PDPL), which came into effect May 26, 2023, may still be challenging to implement
Global
- G7 data protection authorities endorse 3-pillar plan and are engaged in discussions to foster a common understanding of key concepts such as anonymization, de-identification, and privacy enhancing technologies