The European Data Act: New Rules for a New Age
In today’s digital age, data is the new currency. The European Union recognises this and has introduced the European Data Act, a set of new rules that will revolutionise the way data generated by connected devices is shared and used. Consumers and businesses will be able to access their devices’ data […]
EU’s Artificial Intelligence Act: The Last Stretch
On Friday, 8 December 2023, European Union lawmakers concluded a provisional agreement on the much-anticipated Artificial Intelligence Act (AI Act). The AI Act – a broad new piece of legislation governing the development, placing on the market and use of AI systems – will apply beyond the EU’s borders and […]
Balancing Act: Navigating Privacy Challenges Under UK’s Online Safety Act 2023
The UK’s Online Safety Act (OSA) 2023, which became law on 26 October 2023, imposes extensive new obligations on certain types of online service providers, requiring them to protect their users by identifying, mitigating, and managing risks relating to illegal and harmful content. Due to its extraterritorial reach, the OSA […]
FTC Adds New Data Breach Reporting Obligations Under Safeguards Rule
On October 27, 2023, the Federal Trade Commission (FTC) unanimously approved an amendment to the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule to require certain covered financial institutions to report a broad range of data breaches and other unauthorized data disclosures to the FTC. With a broader scope than existing obligations, quick […]
New York Department of Financial Services Amends Its Cybersecurity Regulations
On November 1, 2023, the New York Department of Financial Services (NYDFS) finalized its proposed cybersecurity rules, which build upon existing NYDFS cybersecurity requirements in the Part 500 Cybersecurity Rules. New class of covered entities The updated rules finalize a new class of financial services companies subject to NYDFS’ regulations […]
Biden Administration Issues Sweeping AI Executive Order
On October 30, 2023, the Biden administration issued a long-awaited executive order (EO) on artificial intelligence (AI). The EO expands on previous AI initiatives, such as the Blueprint for an AI Bill of Rights, and lays out the most comprehensive set of directions to date for federal agencies and the largest AI […]
Landmark Decision Handed Down on ICO’s Responsibilities in Handling Subject Access Requests
On 10 October 2023, the England and Wales Court of Appeal handed down its decision in Delo, R. (On the Application Of) v. The Information Commissioner, in which it upheld an earlier High Court ruling that the UK’s data protection regulator, the Information Commissioner’s Office (ICO), is not obliged to […]
California’s Delete Act – Key Takeaways for Data Brokers
On Tuesday, October 10, 2023, California Gov. Gavin Newsom signed into law Senate Bill 362, also known as the Delete Act, which amends certain aspects of California’s existing Data Broker Registration law. By January 1, 2026, the Delete Act will enable California consumers – as defined under the California Consumer […]
New UK Guidance on Workplace Monitoring
On 3 October 2023, the UK’s Information Commissioner’s Office (ICO) published new guidance on workplace monitoring. The previous guidance was issued in 2011, as part of the ICO’s Employment Practices Code, and was badly in need of updating, given both the development of new monitoring technologies over the last 12 […]
China Loosens Cross-Border Data Transfer Controls
On September 28, 2023, the Cyberspace Administration of China (CAC) released draft Provisions on Regulating and Promoting Cross-Border Data Flows (see the Chinese version and the unofficial English translation) for public comments. The commenting period ends on October 15, 2023. While this draft is subject to change after the commenting […]