HONG KONG: Artificial Intelligence – Model Personal Data Protection Framework

By Carolyn Bigg & Gwyneth To on June 13, 2024

In the rapid development of artificial intelligence (“AI”), regulators are playing catch up in creating frameworks to aid and regulate its development.

As the AI landscape begins to mature, different jurisdictions have begun to publish guidance and frameworks. Most recently, on 11 June 2024, Hong Kong’s Office of the Privacy Commissioner for Personal Data (“…

The European Health Data Space – What lies ahead?

By Andreas Ruediger on June 10, 2024

Posted in EU privacy, Health Data

In March 2024, the Council of the European Union and the European Parliament reached a deal on a provisional agreement for the European Health Data Space (“EHDS”) regulation as part of the broader EU data strategy. The Council of the European Union published the compromise text of this agreement as a work-in-progress, providing…

Ireland: DPC Issues Record 87% of EU GDPR Fines in 2023; Breach Reports Increase by 20%

By John Magee, Eilis McDonald, Lorcan Moylan Burke, Sarah Dunne, David Brazil & Emer McEntaggart on June 6, 2024

Posted in Data security and breaches, Enforcement, EU privacy, General Data Protection Regulation

The Data Protection Commission (DPC) has published its 2023 Annual Report, highlighting a record year with DPC fines accounting for 87% of all GDPR fines issued across the EU. A busy year for the DPC also saw a 20% increase in reported personal data breaches as Helen Dixon steps down after 10 years in…

EU/UK: Data-Sharing Frameworks – A State of Play in the EU and the UK

By Heidi Waem, Simon Verschaeve, Muhammed Demircan, James Clark & Laura Dobson on June 6, 2024

Posted in Data Sharing, Digital transformation, EU Commission, EU data governance, EU privacy, New laws, UK

Disclaimer: This article first appeared in the June 2024 issue of PLC Magazine, and is available at http://uk.practicallaw.com/resources/uk-publications/plc-magazine.

In order to capture the benefits of data-driven innovation, the EU and the UK are taking action to facilitate data sharing across various industries.

In the EU, the European Commission is investing €2…

UK: ICO and Ofcom approach to regulation of online services

By Alexa Smith & Rachel de Souza on May 13, 2024

Posted in New laws, Privacy Law, UK

In the UK, there is currently heightened regulatory scrutiny and increased public interest in children’s data protection and online harm, with a raft of new guidance and regulation from both the ICO and Ofcom, the chief regulator of the Online Safety Act, in relation to children’s safety online.

Since the introduction of the ICO’s Children’s…

Australia: Privacy Act Updates Expected in August 2024

By Sarah Birkett on May 13, 2024

Posted in Privacy Law

The next steps in Australia’s long bubbling reform of the privacy regime has been announced, with draft legislation expected to be tabled by August 2024. The reform is being presented as part of the Federal Government’s efforts to improve online safety, particularly for women, but it’s not clear how broad its remit will be at…

UK: New cyber security requirements for consumer products

By James Clark on May 1, 2024

Posted in Cyber security, UK

On Monday 29 April, new cyber security requirements entered into force in the United Kingdom. They apply to connected products sold to consumers and place obligations on the manufacturers, importers and distributors of those products.

Background

The Product Security and Telecommunications Infrastructure (Security Requirements for Relevant Connectable Products) Regulations 2023 (Regulations) are the…

US: Kentucky Legislature Passes Comprehensive State Privacy Law

By Kate Lucente & Brandon Weinreb on April 29, 2024

Posted in Privacy Law

On April 4, 2024, Kentucky Governor Andy Beshear signed House Bill 15, an act related to Kentucky consumer data privacy (“KCDPA”). Kentucky now joins the expanding list of states with comprehensive state privacy legislation, with the KCDPA set to take effect January 1, 2026.

Scope

The KCDPA applies to entities conducting business in Kentucky…

US: The FTC Cracks Down on Sensitive Personal Information Disclosures

By Kate Lucente, Lea Lurquin, Madison Bucci & Matt Dhaiti on April 26, 2024

Posted in FTC

The Federal Trade Commission (“FTC”) is taking bold actions to challenge business’s collection and monetization of consumers’ personal data—particularly sensitive personal data. This month, the FTC reached settlements with a data broker, X-Mode Social and its successor Outlogic LLC (“X-Mode”), and an alcohol addiction treatment firm, Monument Inc. (“Monument”), for, among other things, allegedly selling…

Europe: The EU AI Act’s relationship with data protection law: key takeaways

By James Clark, Muhammed Demircan & Kalyna Kettas on April 25, 2024

Posted in Artificial Intelligence

Disclaimer: The blogpost below is based on a previously published Thomson Reuters Practical Law practice note (EU AI Act: data protection aspects (EU)) and only presents a short overview of and key takeaways from this practice note. This blogpost has been produced with the permission of Thomson Reuters, who has the copyright over the…