Loading

Category: GDPR

GDPR

UK Government Shifts AI Strategy

The UK Government shifts AI strategy to focus on public sector efficiency amid industry concerns.   The UK government, led by Prime Minister Keir Starmer, is developing a new artificial intelligence (AI) strategy aimed at cutting costs ahead of the upcoming autumn budget. The strategy shifts focus from direct investment in AI technology towards prioritising

The Tennessee Information Protection Act: A Comprehensive Overview

The Tennessee Information Protection Act is a legislation that protects the privacy of personal information collected by businesses and government agencies in Tennessee.    The Tennessee Information Protection Act (TIPA) is a significant legislative development in the sphere of data privacy, mirroring the growing trend of state privacy laws across the United States. This legislation

The Connecticut Data Privacy Act

The Connecticut Data Privacy Act regulates and protects the personal data of Connecticut residents and requires businesses to implement comprehensive data protection measures.    The Connecticut Data Privacy Act (CDPA) is a robust legal framework designed to protect citizens’ privacy rights and regulate how companies and organizations handle personal data. The CDPA, like other state

California Consumer Privacy Act: A Comprehensive Overview

The California Consumer Privacy Act (CCPA) is a landmark piece of legislation that aims to strengthen privacy rights and consumer protection for the residents of California. This legislation was enacted in June 2018 and became effective as of January 2020. In November of 2020, California the California Privacy Rights Act (CPRA) was approved, which amended

Publication of user numbers: European Commission publishes guidance under Digital Services Act

The European Commission has recently published guidance on the publication of user numbers in the EU under the Digital Services Act.   The European Commission has recently published guidance for online platforms and search engines regarding the publication of user numbers in the EU. Regarding the requirement to publish user numbers in the EU under

Creation of an artificial intelligence department at CNIL

The CNIL has created an artificial intelligence department and is launching a two-year project using artificial intelligence.  The CNIL of France has created an artificial intelligence department and is launching a two-year project using artificial intelligence. The aim of this venture is to establish a regulatory framework for using AI in Europe. While preparing for

Controller Binding Corporate Rules: New recommendations from the EDPB

The EDPB recently published Recommendations 1/2022 on the Application for Approval and on the elements and principles to be found in Controller Binding Corporate Rules.   The European Data Protection Board (EDPB) has recently adopted recommendations for the Controller Binding Corporate Rules (BCR-Cs) during their November plenary. The document includes recommendations on the Application for

Processor Code of Conduct published by LfDI of Baden-Württemberg, Germany

Baden-Württemberg DPA, LfDI has published a Processor Code of Conduct to aid data processors with self regulation.    The DPA of Baden-Württemberg, Germany has published a code of conduct for processors, providing more legal certainty with regard to data processing under the GDPR. Businesses and organisations within Germany and in general within the EU, who

Guidance on international transfers from the ICO

The UK’s ICO has published guidance on international transfers for businesses and organisations which process personal data.   In the aftermath of the publishing of the International Data Transfer Agreement (IDTA) and the Addendum to the European Union Standard Contractual Clauses (SCCs), the ICO has published guidance on international data transfers. This guidance includes a

Processing of health data by complementary health insurance providers: CNIL calls for further clarification

CNIL calls for clarification regarding the processing of health data by complementary health insurance providers in the face of several complaints.   CNIL calls for clarification regarding which conditions under which complementary health insurance providers are allowed to collect health data, after receiving several complaints regarding the legality of these insurance providers receiving data generated