In brief The Saudi Data and AI Authority (SDAIA) has published a procedural guide to data breach incidents, notification and response (“Guide”). The Guide supplements the existing notification obligations under the Saudi Personal Data Protection Law (PDPL) and provides organizations with guidance on the various stages of responding to a personal data breach incident. The Guide can be found here. In this article, we have summarized the key takeaways for organizations to consider when implementing response…
Where can I find the text of the Data Act? The published text can be found here. What is the Data Act about? What else is governed by the Data Act? Who and what is in scope? 1. Actors, products and services 2. Categories of data Timeline
The ICO has recently launched a public consultation on the first chapter of its draft guidance on generative AI and data protection. This consultation has a particular focus, it is a call to explore the lawful basis for extracting data from the web to train generative AI models (a process which is becoming more common across numerous markets). The ICO is requesting input from developers, users and wider interested parties. What is generative AI? Generative…
With the passage of the Data Protection (Adequacy) (United States of America) Regulations 2023 (Adequacy Regulation), the UK government has made good on its intention to establish a data bridge with the US. This follows the commitment-in-principle reached by President Joe Biden and UK Prime Minister Rishi Sunak on June 8 2023, when the EU-US Data Privacy Framework (“DPF”) was still being evaluated by the European Commission under the EU GDPR. With the DPF’s completion and…
Brief refresher on the Childrenâs Code: In 2020, the ICO published its Age appropriate design: a code of practice for online services (the âCodeâ). The Code set out 15 standards applicable to information society services (âISSâ) aimed at or likely to be accessed by children, requiring the âbest interestsâ of the child to be the primary driver of product and service design. We have published an article setting out the aims of the Code and…
On 19 July 2023, the European Data Protection Board (EDPB) announced that it had adopted a statement on the European Commissionâs first review of the functioning of the adequacy decision for Japan during its 82nd plenary meeting. The context In January 2019 the European Commission adopted an adequacy decision in relation to transfers of personal data from the EU to businesses in Japan. The adequacy decision means that EU standard contractual clauses are not required…