Here are key highlights from November 2022 detailing global news and regulatory updates.
US & Canada
- California’s CPRA regulations close to being finalized, with possibility of a delay in enforcement
- Canada’s former privacy commissioner calls for Bill C-27 to recognize privacy as a human right and to include financial sanctions for a wider range of violations
- US National Institute of Standards and Technology (NIST) proposes third draft of document on de-identifying government data sets, with feedback being accepted until January 15, 2023
EMEA
- Dubai issues new marketing regulation that is in tension with the country’s data protection law on the deletion and anonymization of data
- EU regulator European Data Protection Board adopts recommendations on controller binding corporate rules (BCR-C)
- EU’s European Medicines Agency shares guidance on anonymization of protected information in risk-management plans
- EU privacy-related institutions presented in an IAPP graphic
- German state data privacy authority releases a code of conduct for processors
- Israel’s government announces a public consultation on draft Privacy Protection Regulations for data transfers from European Economic Area nations
- Israel’s Privacy Protection Authority issues a guide with recommendations for conducting privacy impact assessments
- Saudi Arabian data authority launches public consultation on amendments to the Personal Data Protection Law
- Tanzanian parliament passes the Personal Data Protection Bill 2022
- UK government to hold further consultations on its post-Brexit data legislation, which could further delay its implementation
- UK signs data sharing deal with South Korea, the UK’s first adequacy decision since leaving the EU (also in APAC)
- Ukraine parliament receives a draft data protection law to regulate personal data processing
Gain confidence to use and share sensitive data
Find out how our advisory services can help you safely leverage data derived from information about people. Watch this 15-minute webinar.
APAC
- Australia’s parliament approves final passage of the Privacy Legislation Amendment Bill 2022, which increases data breach fines and creates closer alignment with the EU’s GDPR
- India proposes the new Digital Personal Data Protection Act 2022. See also explanation from a PwC Associate
- South Korea signs data sharing deal with the UK (also in EMEA)
LATAM
- Argentina finalizes proposed data protection reforms
- Brazil’s national data protection authority publishes its 2023–24 regulatory agenda, including plans for a document on anonymization techniques
- Brazil’s, Argentina’s, Colombia’s and Mexico’s notification requirements for cyber incidents explored in this IAPP article