In this week’s Global News Roundup, the European Data Protection Board will continue its debate on the Ireland Data Protection Commission’s Meta data transfers case. France ratified the Council of Europe Convention 108+. Australian Information Commissioner Angelene Falk outlined her hopes for Privacy Act reforms. And, the Privacy Commissioner of Canada recommended including privacy protection to potential changes to the Competition Act.
Enforcement
The European Data Protection Board will continue its debate on the Ireland Data Protection Commission case regarding lawfulness of Meta's EU-U.S. data transfers at its plenary meeting 28 March.
The Office of the European Data Protection Supervisor announced its intention to join the European Data Protection Board in its coordinated enforcement of data protection officers.
France ratified the Council of Europe Convention 108+, modifying the original Convention 108 for the protection of individuals with regard to the automatic processing of personal data.
Italy's data protection authority, the Garante, ordered a "temporary limitation of the processing of data of Italian users" by ChatGPT developer OpenAI and opened an investigation into the artificial intelligence vendor.
U.K. Information Commissioner John Edwards said protecting the privacy rights of "people (who) may not even be aware those rights exist" was a core function of the Information Commissioner's Office following a U.K. High Court ruling that found the "immigration exemption" in the Data Protection Act 2018 illegal.
Asia-Pacific
Salinger Privacy Principal Anna Johnston, CIPP/E, CIPM, FIP, wrote a blog on the surprises she observed while analyzing the Australia Attorney-General Department's final report on the 116 proposed Privacy Act reforms.
In an interview with the Australian Financial Review, Australian Information Commissioner Angelene Falk discussed her office's hopes for pending Privacy Act reforms.
Members of India's Parliament on the Parliamentary Standing Committee on Information Technology proposed 40 amendments to the draft Digital Data Protection Bill.
Japan’s Ministry of Internal Affairs and Communications seeks public opinions on the revised draft of the Telecommunications Business Act.
Canada
Privacy Commissioner of Canada Philippe Dufresne submitted recommendations to include privacy considerations in potential reforms to Canada's Competition Act.
Europe
EU member states reached a common position on the proposed Data Act, enabling negotiations on the final version of the proposed legislation to begin among the Council of the European Union and European Parliament.
Both chambers of the French legislature approved draft legislation to temporarily utilize "intelligent surveillance systems" during the 2024 Paris Olympics and Paralympics.
The U.K. Regulatory Policy Committee, a government oversight entity, published its opinion on the proposed Data Protection and Digital Information Bill.
US
New York Attorney General Laetitia James imposed a USD200,000 fine on a law firm retained by several hospitals that sustained a ransomware attack in 2021.
Guidance
The European Commission announced the formation of a high-level group to advise companies on implementation of the Digital Markets Act.
Norway’s data protection authority, Datatilsynet, published guidance to help businesses identify potential cyberattacks that often spike during holidays, such as Easter.
Spain’s data protection authority, the Agencia Española de Protección de Datos, published guidance to help public administrations manage risks around data exchanges.
The U.K. Information Commissioner's Office Executive Director, Regulatory Risk, Stephen Almond published guidance for organizations developing or using generative artificial intelligence.
ICYMI
IAPP Westin Research Fellow Amy Olivero parsed through the EU General Data Protection Regulation's data protection officer provisions, spelling out key considerations companies and DPOs should bear in mind as regulators begin their enforcement sweep.
The role of EU data protection officers is under examination via coordinated enforcement among EU data protection authorities. In light of the upcoming assessments, the IAPP Research and Insights team produced an infographic to outline the requirements of the GDPR-mandated DPO.
The California Privacy Protection Agency announced the first California Privacy Rights Act rulemaking package was approved by the California Office of Administrative Law following a review. IAPP Staff Writer Joe Duball reported on the announcement the details.
Gov. Kim Reynolds, R-Iowa, signed Senate File 262 on consumer privacy into law. Reynolds touted the bill as giving consumers "a reasonable level of transparency and control over their personal data." IAPP Westin Research Fellow Anokhy Desai, CIPP/US, CIPT, analyzed the bill from top to bottom and provided key takeaways for privacy professionals.
