Topic: General

Subscribe to General RSS feed

ICO publishes guidance on bulk emails

Photo of Lesley BrowningPhoto of Shane O'ReillyBy Lesley Browning and Shane O'Reilly on Posted in General
The Information Commissioner’s Office has published new guidance on email security, with emphasis on safety when sending to multiple recipients which is relevant for pension schemes when emailing their membership. The principal points include: As regards pension schemes, administrators should remember that whether information is sensitive can depend on the context and consideration should be given to … Continue reading

China finalises its Generative AI Regulation

Photo of Anna GamvrosPhoto of Edward Yau (HK)Photo of Steven ChongBy Anna Gamvros, Edward Yau (HK) and Steven Chong on Posted in General
The Provisional Administrative Measures of Generative Artificial Intelligence Services (Generative AI Measures), were published by the Cyberspace Administration of China (CAC), together with six other authorities, on 13 July 2023 and will take effect from 15 August 2023. The Generative AI Measures, along with the likely enactment of the Artificial Intelligence Law in the 2023 legislative … Continue reading

The ICO urges organisations to start using privacy enhancing technologies to share personal data safely, securely and anonymously

Photo of Olivia WintPhoto of Lara White (UK)By Olivia Wint and Lara White (UK) on Posted in General, Privacy law
On 19 June 2023, the UK Information Commissioner’s Office (the ICO) published guidance on privacy enhancing technologies (or PETs) (the Guidance). The Guidance sits alongside the ICO’s recommendation that organisations should, if they haven’t already, start using PETs to share personal data safely, securely and anonymously. Structure of the Guidance The Guidance is split into … Continue reading

Singapore contributes to the development of accessible AI testing and accountability methodology with the launch of the AI Verify Foundation and AI Verify Testing Tool

Photo of Marcus Evans (UK)Photo of Anna GamvrosPhoto of Peter McBurneyPhoto of Jeremy Lua (SG)By Marcus Evans (UK), Anna Gamvros, Peter McBurney and Jeremy Lua (SG) on Posted in Data Protection, General
On 7 June 2023, at the ATxAISummit, Singapore launched the AI Verify Foundation, which aims to “harness the collective power and contributions of the global open source community” in order to develop the AI Verify testing tool for the responsible use of AI. In this short post, we discuss this development as well as the … Continue reading

Privacy notices – the ICO follows the lead of the EU data protection authorities in their interpretation of Article 13 UK GDPR

Photo of Marcus Evans (UK)Photo of Lara White (UK)By Marcus Evans (UK) and Lara White (UK) on Posted in General
Introduction On 15 May, the ICO published the monetary penalty notice (MPN) in relation to the £12.7 million fine it imposed on TikTok in April. This MPN and its accompanying annexes set out details of TikTok’s non-compliance with data protection law and the reasons why the ICO considered that a fine was appropriate. Whilst a … Continue reading

Schrems II – Irish DPC finally issues its decision – suspension order, deletion/ repatriation of data and fine

Photo of Lara White (UK)Photo of Marcus Evans (UK)Photo of Christoph Ritzer (DE)Photo of Jurriaan JansenPhoto of Nadège Martin (FR)By Lara White (UK), Marcus Evans (UK), Christoph Ritzer (DE), Jurriaan Jansen and Nadège Martin (FR) on Posted in General
Introduction: On 22 May, the Irish Data Protection Commissioner (the DPC) published its decision against Meta Platform Ireland Ltd (Meta Ireland) in relation to Facebook’s transfer of user’s personal data to the US (the Decision). In it, the DPC ordered Meta Ireland to suspend Facebook’s future transfers of personal data to the U.S. within five … Continue reading

NIST Proposes Revised Security Guidelines For Federal Contractors

Photo of Dan Pepper (US)By Dan Pepper (US) on Posted in General
In response to the constantly evolving landscape of cybersecurity threats, the National Institute of Standards and Technology (NIST) has recently updated their guidelines for Special Publication NIST 800-171, making its guidance more prescriptive, and potentially making it harder for contractors to comply. NIST 800-171 is a set of guidelines created to help federal agencies and … Continue reading

The AI Act – A step closer to the first law on Artificial Intelligence

Photo of Lara White (UK)Photo of Marcus Evans (UK)By Lara White (UK) and Marcus Evans (UK) on Posted in General
On 11 May 2023, members of the European Parliament passed their compromise text of the AI Act (the AI Act) at the committee stage, taking this law a step closer to being finalised. The compromise text (the Parliament Draft), which amends the Commission’s original proposal, includes quite a large number of amendments, some of which … Continue reading

Biden restricts U.S. government use of commercial spyware

Photo of Steve Roosa (US)Photo of Susan Ross (US)Photo of Daniel Rosenzweig (US)Photo of Gerar Mazarakis (US)By Steve Roosa (US), Susan Ross (US), Daniel Rosenzweig (US) and Gerar Mazarakis (US) on Posted in General
Governments state that they use commercial spyware exclusively for criminal investigations, but critics claim such spyware has purportedly been used for human rights abuses targeting journalists, human rights defenders, lawyers, and political dissidents.  Moreover, the U.S. Government and its employees have been allegedly targeted by such spyware.  To set an example for governments globally—both authoritarian … Continue reading

Italian Garante bans Chat GPT from processing personal data of Italian data subjects

Photo of Pietro Altomani (IT)By Pietro Altomani (IT) on Posted in General
IntroductionBy way of an interim measure adopted on 30 March 2023, the Italian Data Protection Authority (Garante per la protezione dei dati personali) (the Garante) ordered  the US company Open AI LLC to temporarily stop ChatGPT’s processing of personal data relating to individuals located in Italy, pending the outcome of the Garante’s investigation into the … Continue reading

UK AI White Paper

Photo of Marcus Evans (UK)Photo of Lara White (UK)By Marcus Evans (UK) and Lara White (UK) on Posted in Data Protection, General
At last, UK Government publishes its White Paper on AI – “A pro-innovation approach to AI regulation” – an opportune start, but as expected, a framework with detail to follow… The Department for Science, Innovation and Technology, has finally published its AI regulation white paper (the ‘White Paper’). Here are the key elements: What AI … Continue reading

Relying on the Legitimate Interests Exception under the Personal Data Protection Act 2012

Photo of Wilson AngPhoto of Jeremy Lua (SG)By Wilson Ang, Jeremy Lua (SG) and Terence De Silva on Posted in General
In a recent decision (the Decision),[1] the Personal Data Protection Commission (PDPC) considered for the first time a company’s reliance on the Legitimate Interests Exception (as defined below) under the Personal Data Protection Act 2012 (PDPA) when the consent procured is invalid. The General Legitimate Interests Exception The general Legitimate Interests Exception was introduced to … Continue reading

Cyber-insurance – 72 hours for the insured party to file a criminal complaint: GDPR’s false friend

Photo of Nadège Martin (FR)Photo of Geoffroy Coulouvrat (FR)By Nadège Martin (FR) and Geoffroy Coulouvrat (FR) on Posted in General
Cyberattacks have become more frequent, problematic and complex over the years – so much so that they now represent a real threat to economic activities. The French Information and Digital Security Experts Club (CESIN) has estimated that 54% of French companies were subject to cyberattacks in 2021,[1] while France Assureurs has put cyberattack risks on … Continue reading

FTC proposed consent order prohibits perpetual retention of personal information

Photo of David Kessler (US)Photo of Susan Ross (US)Photo of Susana Medeiros (US)By David Kessler (US), Susan Ross (US) and Susana Medeiros (US) on Posted in General
We had previously written about an FTC proposed consent order that would prohibit a company from perpetual retention of personal health information.  On March 2, 2023, the FTC announced a complaint and proposed consent with BetterHelp, Inc. that would prohibit the company from perpetual retention of personal information—a broader category.   Also unlike the previous matter, … Continue reading

EDPB Guidelines on international transfers: 6 key takeways

Photo of Marcus Evans (UK)Photo of Lara White (UK)By Marcus Evans (UK) and Lara White (UK) on Posted in General
EDPB Guidelines on the interplay between Article 3 and the provisions in Chapter V of the General Data Protection Regulation on international data transfers On 14 February 2023, the European Data Protection Board (EDPB) published its Guidelines on the interplay between Article 3 and the provisions in Chapter V of the General Data Protection Regulation … Continue reading

Hong Kong’s data privacy law reform may come in 2023

Photo of Anna GamvrosPhoto of Edward Yau (HK)By Anna Gamvros and Edward Yau (HK) on Posted in General
The reform of Hong Kong’s Personal Data (Privacy) Ordinance (Cap.486) (the PDPO) is back on the agenda. In our earlier post in 2020, we reported that the Constitutional and Mainland Affairs Bureau published a discussion paper (the Discussion Paper) seeking the Legislative Council’s Panel on Constitutional Affairs’ (the Panel) views on proposed changes to the … Continue reading

“Forever and forever, farewell”:  FTC prohibits indefinite retention of PHI in consent order

Photo of David Kessler (US)Photo of Susan Ross (US)Photo of Susana Medeiros (US)By David Kessler (US), Susan Ross (US) and Susana Medeiros (US) on Posted in General
innovation circuit boardOn February 1, 2023, the Federal Trade Commission announced a complaint and stipulated order with GoodRx, with the FTC using for the first time its interpretation of the Health Breach Notification Rule.  Under the Rule, the FTC interpreted a “breach” to include disclosures of personal health information without notice to the individual and consent by … Continue reading

BIPA Year in Review: Where Are We Now and What’s Coming Next?

Photo of Anna Rudawski (US)Photo of Alexis Wilpon (US)By Anna Rudawski (US) and Alexis Wilpon (US) on Posted in General
2022 has been a record year for Illinois Biometric Information Privacy Act (“BIPA”) litigation. Since its enactment in 2008, BIPA has been one of the most litigated privacy-related laws with some of the highest penalties. However, it wasn’t until last month that the first BIPA jury verdict was ever rendered.  The award, a whopping $228 … Continue reading

Canada’s artificial intelligence legislation is here

Photo of Maya MedeirosPhoto of Jesse BeatsonBy Maya Medeiros and Jesse Beatson on Posted in General
On 16 June 2022 the Canadian federal government introduced Bill C-27, also known as the Digital Charter Implementation Act 2022. If passed, this package of laws will: Implement Canada’s first artificial intelligence (AI) legislation, the Artificial Intelligence and Data Act (AIDA). Reform Canadian privacy law, replacing the Personal Information Protection and Electronic Documents Act with … Continue reading

Points to note on the European Commission’s questions and answers on the Revised Standard Contractual Clauses (SCCs)

Photo of Marcus Evans (UK)Photo of Shiv Daddar (UK)By Marcus Evans (UK) and Shiv Daddar (UK) on Posted in General
On May 25th 2022, the European Commission published a series of questions and answers on the SCCs to be used between controllers and processors within the European Economic Area (EEA), and the SCCs to be used for transfers to countries not considered adequate by the European Commission (Third Countries) (the Q&As). The text of the … Continue reading

EDPB publishes guidance on calculating GDPR fines

Photo of Steven Hadwin (UK)Photo of Marcus Evans (UK)Photo of Christoph Ritzer (DE)By Polina Maloshchinskaia, Steven Hadwin (UK), Marcus Evans (UK) and Christoph Ritzer (DE) on Posted in General
On 12 May 2022 EDPB adopted Guidelines on the calculation of administrative fines (the Guidelines).  The Guidelines supplement the Article 29 Working Party’s Guidelines on the application and setting of administrative fines (WP253) adopted in October 2017 and recommends that the two are read together.  Whereas the previous guidance set out general principles for when … Continue reading

The EU’s Data Act: Capstone of the EU Data Strategy

Photo of Jay Modrall (BE)By Jay Modrall (BE) on Posted in General
On 23 February 2022 the EU Commission published its long-awaited Data Act, the last major building block of the Commission’s February 2020 Data Strategy. The Data Act: Is an ambitious piece of legislation with implications for consumers and businesses across the economy, not limited to the technology sector. Aims to facilitate access to data by … Continue reading
LexBlog