Here are key highlights from September 2023 detailing global news and regulatory updates.
US & Canada
- California’s legislature passes the Delete Act, designed to streamline consumers’ ability to request the deletion of their personal information collected by data brokers
- Canadian privacy groups and experts call for “major changes” to proposed Canadian privacy and artificial intelligence legislation
- Delaware’s governor, John Carney, has signed the Delaware Personal Data Privacy Act— advertised as “the strongest privacy bill in the US”—which will go into effect on January 1, 2025.
- Quebec Law 25 major provisions enter into force on September 22, 2023, with the province’s data protection authority empowered to enforce several new requirements
- US district judge decides Meta must face a lawsuit for violating the medical privacy of patients treated by hospitals and other healthcare providers using the Meta Pixel tracking tool
- US Federal Trade Commission (FTC) settles charges with 1Health.io that the genetic testing firm left sensitive genetic and health data unsecured and deceived consumers about their ability to get their data deleted
- US National Institute of Standards and Technology (NIST) drafts updates to their guidance on implementing the HIPAA Security Rule
- US Network Advertising Initiative (NAI) claims that digital advertising companies outside the health space should understand the rules governing sensitive data, with changes to these rules occurring over the last 18 months
- US-EU Data Privacy Framework receives the first legal challenge in the EU court system, with more challenges expected (also in EMEA)
- US-UK Data Bridge to take effect on October 12, 2023, with organizations in the UK able to transfer personal data to certified US organizations without the need for further safeguards (also in EMEA)
EMEA
- EU Data Governance Act is now being enforced after a 15-month grace period, providing increased access to public sector data for developing new products and services
- EU-US Data Privacy Framework receives the first legal challenge in the EU court system, with more challenges expected (also in US & Canada)
- Saudi Arabia’s amended Personal Data Protection Law in effect as of September 14, 2023
- UK-US Data Bridge to take effect on October 12, 2023, with organizations in the UK able to transfer personal data to certified US organizations without the need for further safeguards (also in US & Canada)
Gain confidence to use and share sensitive data
Find out how our advisory services can help you safely leverage data derived from information about people. Watch this 15-minute webinar.
APAC
- India’s Digital Personal Data Protection Act (DPDPA) examined in series of six parts by leading Indian privacy law experts. The government may provide industry with 6 months to align with the new Act
- New Zealand’s Parliament to consider changes to the Privacy Act that would allow citizens to better understand how their personal information is used
- South Korea’s State Council approves enforcement amendments to the Personal Information Protection Act (PIPA)
LATAM
- Argentina’s data protection authority creates an AI transparency and personal data program to promote state capacities for monitoring AI
Global
- Global AI legislation now available in a new tracker from the International Association of Privacy Professionals (IAPP)