September 2023

Data Privacy Frontline Report

September 2023

Here are key highlights from September 2023 detailing global news and regulatory updates.

US & Canada

  • California’s legislature passes the Delete Act, designed to streamline consumers’ ability to request the deletion of their personal information collected by data brokers
  • Canadian privacy groups and experts call for “major changes” to proposed Canadian privacy and artificial intelligence legislation
  • Delaware’s governor, John Carney, has signed the Delaware Personal Data Privacy Act— advertised as “the strongest privacy bill in the US”—which will go into effect on January 1, 2025.
  • Quebec Law 25 major provisions enter into force on September 22, 2023, with the province’s data protection authority empowered to enforce several new requirements
  • US district judge decides Meta must face a lawsuit for violating the medical privacy of patients treated by hospitals and other healthcare providers using the Meta Pixel tracking tool
  • US Federal Trade Commission (FTC) settles charges with 1Health.io that the genetic testing firm left sensitive genetic and health data unsecured and deceived consumers about their ability to get their data deleted
  • US National Institute of Standards and Technology (NIST) drafts updates to their guidance on implementing the HIPAA Security Rule
  • US Network Advertising Initiative (NAI) claims that digital advertising companies outside the health space should understand the rules governing sensitive data, with changes to these rules occurring over the last 18 months
  • US-EU Data Privacy Framework receives the first legal challenge in the EU court system, with more challenges expected (also in EMEA)
  • US-UK Data Bridge to take effect on October 12, 2023, with organizations in the UK able to transfer personal data to certified US organizations without the need for further safeguards (also in EMEA)

EMEA

  • EU Data Governance Act is now being enforced after a 15-month grace period, providing increased access to public sector data for developing new products and services
  • EU-US Data Privacy Framework receives the first legal challenge in the EU court system, with more challenges expected (also in US & Canada)
  • Saudi Arabia’s amended Personal Data Protection Law in effect as of September 14, 2023
  • UK-US Data Bridge to take effect on October 12, 2023, with organizations in the UK able to transfer personal data to certified US organizations without the need for further safeguards (also in US & Canada)

Gain confidence to use and share sensitive data

Find out how our advisory services can help you safely leverage data derived from information about people. Watch this 15-minute webinar.

APAC

  • India’s Digital Personal Data Protection Act (DPDPA) examined in series of six parts by leading Indian privacy law experts. The government may provide industry with 6 months to align with the new Act
  • New Zealand’s Parliament to consider changes to the Privacy Act that would allow citizens to better understand how their personal information is used
  • South Korea’s State Council approves enforcement amendments to the Personal Information Protection Act (PIPA)

LATAM

  • Argentina’s data protection authority creates an AI transparency and personal data program to promote state capacities for monitoring AI

Global

  • Global AI legislation now available in a new tracker from the International Association of Privacy Professionals (IAPP)

Archiving / Destroying

Are you unleashing the full value of data you retain?

Your Challenges

Do you need help...

OUR SOLUTION

Value Retention

Client Success

Client: Comcast

Situation: California’s Consumer Privacy Act inspired Comcast to evolve the way in which they protect the privacy of customers who consent to share personal information with them.

Evaluating

Are you achieving intended outcomes from data?

Your Challenge

Do you need help...

OUR SOLUTION

Unbiased Results

Client Success

Client: Integrate.ai

Situation: Integrate.ai’s AI-powered tech helps clients improve their online experience by sharing signals about website visitor intent. They wanted to ensure privacy remained fully protected within the machine learning / AI context that produces these signals.

Accessing

Do the right people have the right data?

Your Challenges

Do you need help...

OUR SOLUTION

Usable and Reusable Data

Client Success

Client: Novartis

Situation: Novartis’ digital transformation in drug R&D drives their need to maximize value from vast stores of clinical study data for critical internal research enabled by their data42 platform.

 

Maintaining

Are you empowering people to safely leverage trusted data?

Your Challenges

Do you need help...

OUR SOLUTION

Security / compliance efficiency

CLIENT SUCCESS

Client: ASCO’s CancerLinQ

Situation: CancerLinQ™, a subsidiary of American Society of Clinical Oncology, is a rapid learning healthcare system that helps oncologists aggregate and analyze data on cancer patients to improve care. To achieve this goal, they must de-identify patient data provided by subscribing practices across the U.S.

 

Acquiring / Collecting

Are you acquiring the right data? Do you have appropriate consent?

Your Challenge

Do you need help...

OUR SOLUTIONS

Consent / Contracting strategy

Client Success

Client: IQVIA

Situation: Needed to ensure the primary market research process was fully compliant with internal policies and regulations such as GDPR. 

 

Planning

Are You Effectively Planning for Success?

Your Challenges

Do you need help...

OUR SOLUTION

Build privacy in by design

Client Success

Client: Nuance

Situation: Needed to enable AI-driven product innovation with a defensible governance program for the safe and responsible use
of voice-to-text data under Shrems II.

 

Join the next 5 Safes Data Privacy webinar

This course runs on the 2nd Wednesday of every month, at 11 a.m. ET (45 mins). Click the button to register and select the date that works best for you.