Here are key highlights from September 2024 detailing global news and regulatory updates.
US & Canada
- California’s governor vetoes Senate Bill 1047, a landmark and controversial AI safety proposal, but signs Assembly Bill 2013, which sets unprecedented documentation requirements on data for generative AI models
- California Privacy Protection Agency (CPPA) launches new blog with information about emerging privacy issues and the CPPA’s ongoing activities and priorities
- Colorado attorney general publishes proposed draft amendments to the Colorado Privacy Act rules, including new requirements related to biometric collection and use
- Texas attorney general reaches settlement in a healthcare generative AI investigation, addressing allegations that the company made false and misleading statements about product accuracy and safety
- US Federal Trade Commission (FTC) announces law enforcement action against five groups using AI or selling AI tech that can be used in deceptive and unfair ways
- US-Swiss data privacy framework goes into effect, enabling organizations to transfer personal data from Switzerland to certified organizations in the United States (also in EMEA)
- US National Institute of Standards and Technology (NIST) establishes a program to address how advancements in AI may impact cybersecurity and privacy risks
EMEA
- Belgium’s data protection authority publishes a brochure on AI systems and the interplay between the GDPR and the EU AI Act
- EU AI Code of Practice: Recommendations from the Computer & Communications Industry Association (CCIA) on how to make the code a success
- EU AI Pact pledges signed by over 100 companies from diverse sectors, driving trustworthy and safe AI development
- France’s data protection authority fines company €800,000 for processing health data without authorization and deems the processed data to be pseudonymous, not anonymous
- Saudi Arabia’s data protection authority issues guide on data anonymization and deletion
- Swiss-US data privacy framework goes into effect, enabling organizations to transfer personal data from Switzerland to certified organizations in the United States (also in US & Canada)
Gain confidence to use and share sensitive data
Find out how our advisory services can help you safely leverage data derived from information about people. Watch this 15-minute webinar.
APAC
- Australian government introduces reforms to Australia’s Privacy Act of 1988, including new enforcement powers and transparency requirements around automated decisions
- Australia develops the first iteration of a new AI safety standard, including 10 voluntary guardrails to help users benefit from AI while avoiding the potential risks
- Japan’s data protection authority outlines key points for preventing leaks of health care data and other errors
- New Zealand’s data protection authority issues a statement on anonymization, listing protective steps to avoid the inadvertent release of personal information through re-identification
- Sri Lanka’s data protection authority provides draft guidelines on data protection management, describing how to prepare and implement internal controls and procedures to comply with the law
LATAM
- Brazil’s new regulation on international data transfers examined
Global
- IAPP (formerly the International Association of Privacy Professionals) expands its mission to include privacy, AI governance, cybersecurity law, and other areas of digital responsibility
- United Nations adopts a Pact for the Future, including a comprehensive global framework for digital cooperation and AI governance