Category

Data Privacy

Category

Copyright 2024 International Association of Privacy Professionals. Data minimization: An increasingly global concept. Data minimization requirements are not new but they are becoming more common, and enforcement is on the rise. “Legal basis” requirements for data processing, justifying data processing activities and transfers, and adhering to data minimization principles began hitting organizations’ radars with the EU General Data Protection Regulation. In response to the GDPR, many multinationals are differentiating regionally, or by jurisdiction, how they…

On April 4, 2024, the Personal Information Protection Commission (PIPC) of South Korea issued the “Guidelines on Applying the Personal Information Protection Act to Foreign Business Operators” (Guidelines). The Guidelines provide comprehensive guidance on how foreign operators can comply with their obligations under the Personal Information Protection Act (PIPA). The Guidelines are based on the amended PIPA, which was enacted last year. They clarify legal obligations that foreign operators may have overlooked or found difficult…

In late April 2024, the U.S. enacted the 21st Century Peace through Strength Act. In addition to approving aid for Israel, Taiwan and Ukraine and advancing other U.S. policy objectives, the 21st Century Peace through Strength Act establishes the Protecting Americans’ Data from Foreign Adversaries Act of 2024 (the “Act”), which prohibits “data brokers” from making available personally identifiable sensitive data of U.S. individuals to “foreign adversary countries” — namely, North Korea, the People’s Republic…

On April 4, 2024, the Kentucky Governor Andy Brashear signed HB 15, enacting the Kentucky Consumer Data Protection Act (“KCDPA” or the “Act”), to make Kentucky the 15th US state to adopt a comprehensive privacy law. Kentucky joins New Hampshire and New Jersey in a trifecta of states that have enacted privacy legislation in the opening months of 2024. In the days since the KCDPA’s signing, the consumer privacy stakes have been raised, with the…

Copyright 2024 Bloomberg Industry Group, Inc. (800-372-1033) AI: Real Money, Light Representations & Light Deal Certainties. Reproduced with permission. Editor’s note: For additional guidance on practice-specific areas of risk associated with the use of generative and other forms of AI, see our AI Legal Issues Toolkit. For additional information on laws, regulations, guidance, and other legal developments related to AI, visit In Focus: Artificial Intelligence (AI); Data Security, Professional Perspective – Regulation of AI Foundation Models. The wave of…

Background On February 28, 2024, California State Senator Dave Min proposed Senate Bill (SB) 1394, a new measure aimed at preventing vehicular data from being used to perpetuate domestic violence. Under the proposal, automobile manufacturers would be required to disable access to remote vehicle technologies upon the request of a victim of domestic violence. The bill arrives amid increasing reports of incidents of domestic abusers exploiting vehicular location tracking features to stalk and harass victims…

Where can I find the text of the Data Act? The published text can be found here. What is the Data Act about? It requires organisations to make data collected through connected products or related services (including virtual assistants in so far as they interact with a connected product or related service) available to users and, upon a user’s request, to third parties. By mixing concepts of both data and competition law, the Data Act…

For the first time, France has adopted a law protecting children’s privacy through the lens of right to their image: the Law n°2024-120 of February 19, 2024 (“Children’s Image Rights Law”). Unlike standards or bills related to the sharing of children’s personal data which may exist in other countries (e.g., UK Age Appropriate Design Code, California bill on collection of personal information of a consumer less than 18 years of age), which apply to data…

On February 28, President Biden issued Executive Order 14117 (the EO) directing the US Attorney General and other agencies to promulgate regulations that restrict and, in some cases, prohibit transactions that might involve the sharing of sensitive personal data and government-related data with “countries of concern” (currently China, including Hong Kong and Macau, Russia, Iran, North Korea, Cuba, and Venezuela). In tandem, the Department of Justice (DoJ) issued an Advance Notice of Proposed Rulemaking (ANPRM)…

The new EU regulation on electronic evidence will enable law enforcement authorities from one EU member state to order service providers in other EU member states to surrender digital evidence. Providers who fail to comply within ten days or, in urgent cases, within eight hours, could face fines of up to two percent of their global group turnover. We manage our calendars online, store photos in the cloud, many of us haven’t seen the inside…