Where can I find the text of the Data Act? The published text can be found here. What is the Data Act about? What else is governed by the Data Act? Who and what is in scope? 1. Actors, products and services 2. Categories of data Timeline
For the first time, France has adopted a law protecting children’s privacy through the lens of right to their image: the Law n°2024-120 of February 19, 2024 (âChildrenâs Image Rights Lawâ). Unlike standards or bills related to the sharing of childrenâs personal data which may exist in other countries (e.g., UK Age Appropriate Design Code, California bill on collection of personal information of a consumer less than 18 years of age), which apply to data…
On February 28, President Biden issued Executive Order 14117 (the EO) directing the US Attorney General and other agencies to promulgate regulations that restrict and, in some cases, prohibit transactions that might involve the sharing of sensitive personal data and government-related data with “countries of concern” (currently China, including Hong Kong and Macau, Russia, Iran, North Korea, Cuba, and Venezuela). In tandem, the Department of Justice (DoJ) issued an Advance Notice of Proposed Rulemaking (ANPRM)…
The new EU regulation on electronic evidence will enable law enforcement authorities from one EU member state to order service providers in other EU member states to surrender digital evidence. Providers who fail to comply within ten days or, in urgent cases, within eight hours, could face fines of up to two percent of their global group turnover. We manage our calendars online, store photos in the cloud, many of us havenât seen the inside…
On January 18, 2024, the New Hampshire legislature passed SB255, making the Granite State the 14th US state to pass a consumer privacy lawâand the second state to do so in January. Following enrolmentâa formality to excise clerical errorsâthe bill will move to Governor Chris Sununuâs desk for final enactment. If it becomes law, SB255 will go into effect on January 1, 2025, giving businesses less than one year to ensure compliance with the new…
28 January 2024 is Data Protection Day (or Data Privacy Day outside of Europe), which marks the anniversary of the Council of Europeâs Convention 108. Data Privacy Day encourages the global community to think about the importance of respecting privacy, safeguarding data, and enabling trust. In an increasingly connected and digitized world, where data protection, privacy and cybersecurity regulation are rapidly evolving, the work of the global data community is more vital, and more challenging,…
Sending a clear message, the Federal Trade Commission (FTC) announced the settlement of two separate enforcement actions against data brokers for selling precise location data that may be used to reveal sensitive information. On January 9, the FTC settled with Outlogic, LLC (formerly X-Mode Social) over allegations that it failed to obtain meaningful consent from consumers before collecting and selling data that could be used to track visits to sensitive locations like clinics and places of…
The ICO has recently launched a public consultation on the first chapter of its draft guidance on generative AI and data protection. This consultation has a particular focus, it is a call to explore the lawful basis for extracting data from the web to train generative AI models (a process which is becoming more common across numerous markets). The ICO is requesting input from developers, users and wider interested parties. What is generative AI? Generative…
Organizations subject to the Washington State My Health My Data Act (generally any organization with physical premises in Washington, and many organizations without it) are preparing for compliance by March 31, 2024. And should, in addition to the overall compliance requirements and immediate action items, be aware that the Washington Attorney General updated its guidance on the requirements for a consumer health privacy policy. Section 4(1)(b) of the My Health My Data Act explicitly provides…
On January 7, 2024, Chinaâs Cyberspace Administration (âCACâ) closed the public consultation period for its new cybersecurity incident reporting rules, which were released in December. If the draft rules are adopted as written, companies would be required to report certain cybersecurity incidents to the relevant Chinese regulator within one hour. The relevant regulator depends on the nature of the IT system compromised, the industry, and other factors and may be the local CAC, the public…