Approximately at the same time as the Executive Order that we described in Part 1 was issued, the Attorney General (AG) unofficially released 90 pages of Advanced Notice of Proposed Rulemaking (ANPRM), which will become official once published in the
Privacy law
Executive Order on access to Americans’ bulk sensitive data – Part 1


On February 28, 2024, the White House issued an Executive Order on Preventing Access to Americans’ Bulk Sensitive Data and United States Government-Related Data by Countries of Concern. The 17-page Executive Order pointed out that “countries of concern” could use…

Singapore proposes Governance Framework for Generative AI




On 16 January 2024, Singapore’s Infocomm Media Development Authority (IMDA), in collaboration with the AI Verify Foundation, announced a public consultation on its draft Model AI Governance Framework for Generative AI (Draft GenAI Governance Framework), showing…

Thailand – The Regulation with respect to Cross-border Transfer of Personal Data



On 25 December 2023, the Personal Data Protection Committee (PDPC) published two notifications detailing regulations for cross-border transfers of personal data under Sections 28 and 29 (Notifications) of the Personal Data Protection Act B.E. 2562 (2019)…
ICYMI –December in privacy and cybersecurity


December tends to be a busy time for everyone, so you may have missed a privacy update or two. We have set out some updates in the form of questions, with links in the answers where you can find more…

California proposes rules for automated decision-making
On November 27, 2023, the California Privacy Protection Agency (“CPPA”) released a first draft of rules for automated decision-making technologies under California’s privacy law. The proposed rules revolve around providing notice of the technology’s use, opting out, and consumer access…

2023 Technology privacy and cybersecurity summit | 1 November 2023

Norton Rose Fulbright Canada invites you to our annual technology, privacy and cybersecurity virtual summit. Navigating the evolving world of technology is not easy for companies today. From AI to effective company records management, privacy considerations, and cybersecurity breaches, there’s…
Act 25 – Demystifying privacy impact assessments with the CAI’s new tools
With most provisions of the Act to modernize legislative provisions as regards the protection of personal information (Act 25) having just come into effect on September 22, public bodies and enterprises (organizations) will now need to conduct privacy impact assessments…
Singapore Releases Proposed Advisory Guidelines on Use of Personal Data in AI Recommendation and Decision Systems


On 18 July 2023, Singapore’s Personal Data Protection Commission (PDPC) issued its Proposed Advisory Guidelines on Use of Personal Data In AI Recommendation and Decision Systems (the Proposed AI Advisory Guidelines) for public consultation.
The Proposed AI…
OCR and FTC Issue a Joint Letter Suggesting Enforcement Actions May Be in the Pipeline


On July 20, 2023 HHS and the Federal Trade Commission (“FTC”) issued a joint letter to approximately 130 companies regarding their online data collection processes. The letter follows the much discussed December 1, 2022, Bulletin that expanded the kinds of…