The Dutch data protection authority, the Autoriteit Persoonsgegevens (AP) announced a fine of €290 million on Uber Technologies Inc. (UTI) and Uber B.V.,(UBV) (together Uber) with press releases in Dutch and English. The fine relates to the transfer of
Privacy law
Recent regulatory developments in training AI models under the GDPR
In 2024, many organisations have been eager to look at how they can use the data they hold to debut or build on their artificial intelligence (AI) programme. Many are looking to use that data to train AI models, or…
EDPB opines on the use of facial recognition in airports
Co-written by Swaathi Balajawahar, Trainee Solicitor
Introduction
On 23 May 2024, the European Data Protection Board (EDPB) issued Opinion 11/2024 on the use of facial recognition to streamline airport passengers’ flow (the Opinion). The Opinion considered the use of facial…
Minnesota enacts comprehensive privacy law
On May 24, 2024, the Minnesota Governor signed the Minnesota Consumer Data Privacy Act (“MCDPA”), making Minnesota the eighteenth state to enact a comprehensive privacy law. The new law takes effect on July 31, 2025, for most regulated entities, with…
Executive Order on access to Americans’ bulk sensitive data and Attorney General proposed regulations – Part 2
Approximately at the same time as the Executive Order that we described in Part 1 was issued, the Attorney General (AG) unofficially released 90 pages of Advanced Notice of Proposed Rulemaking (ANPRM), which will become official once published in the…
Executive Order on access to Americans’ bulk sensitive data – Part 1
On February 28, 2024, the White House issued an Executive Order on Preventing Access to Americans’ Bulk Sensitive Data and United States Government-Related Data by Countries of Concern. The 17-page Executive Order pointed out that “countries of concern” could use…
Singapore proposes Governance Framework for Generative AI
On 16 January 2024, Singapore’s Infocomm Media Development Authority (IMDA), in collaboration with the AI Verify Foundation, announced a public consultation on its draft Model AI Governance Framework for Generative AI (Draft GenAI Governance Framework), showing…
Thailand – The Regulation with respect to Cross-border Transfer of Personal Data
On 25 December 2023, the Personal Data Protection Committee (PDPC) published two notifications detailing regulations for cross-border transfers of personal data under Sections 28 and 29 (Notifications) of the Personal Data Protection Act B.E. 2562 (2019)…
ICYMI –December in privacy and cybersecurity
December tends to be a busy time for everyone, so you may have missed a privacy update or two. We have set out some updates in the form of questions, with links in the answers where you can find more…
California proposes rules for automated decision-making
On November 27, 2023, the California Privacy Protection Agency (“CPPA”) released a first draft of rules for automated decision-making technologies under California’s privacy law. The proposed rules revolve around providing notice of the technology’s use, opting out, and consumer access…