Africa news
Algeria - DP regulator gets to work
The National Data Protection Authority (ANPDP) has, with the appointment of a president, become fully functional, working to ensure compliance with the Algerian Data Protection Law. The Algerian Data Protection Law was enacted in 2018 but the deadline for compliance was stalled pending the establishment of the ANPDP.
Americas news
Canada (Quebec) - new guidelines on validity of consent
The Commission d’accès à l’information du Québec has issued new guidelines on consent for the public and private sectors. The guidelines - which include practical examples - aim to clarify the obligations of organisations in obtaining valid consent, considering both applicable laws, and recent case law.
View the guidelines (in French)
Argentina - Ibero-American Data Protection Network model approved
The Argentinian data protection regulator has approved the model contractual clauses for international transfers contained in the Ibero-American Data Protection Network’s Implementation Guide for Model Contractual Clauses for the International Transfer of Personal Data. Organisations can now undertake international transfers using the model clauses without additional consultation with, or approval from, the agency.
View the Implementation Guide (in Spanish)
United States - Colorado AG publishes opt-out mechanisms
The Colorado Attorney General has published a shortlist of three universal opt-out mechanisms (UOOMs) that have been recognised as meeting the standards for UOOMs under the Colorado Privacy Act. The shortlisted UOOMs, designed to automatically opt individuals out of the sale of their personal data and of targeted advertising, will now be subject to public consultation until 11 December 2023.
Asia news
Philippines - new guidelines on consent
The Philippines National Privacy Commission (NPC) has issued new guidelines on consent which cover:
- relying on consent as a lawful basis for processing personal data
- what exactly constitutes valid consent
- how consent must be obtained and managed in compliance with the Data Privacy Act and its Implementing Rules and Regulations
View the guidelines on consent
Singapore - cloud security guides published
The Cyber Security Agency of Singapore (CSA) and the Cloud Security Alliance have launched two cloud security companion guides to support national cybersecurity standards. The guides aim to help advisories for cloud customers better understand their cloud-specific risks and responsibilities as well as the necessary steps to take.
View the cloud security companion guides
Japan - new international agreement with EU on cross-border data flows
Japan and the EU have concluded a deal to make doing business in the online world easier, less costly, and more efficient, including by facilitating cross-border data flows.
Europe news
Sweden - new CCTV surveillance guidance
The Swedish data protection authority is providing new guidance for organisations that either use, or plan to use, CCTV camera surveillance. The guidance will be published online shortly.
Germany - Hamburg DPA publishes checklist for using chatbots
The Hamburg data protection authority has published a checklist for organisations using large language model (LLM) chatbots such as Chat GPT, Luminous or Bard.
View the checklist (in German)
Finland - updated data breach notification method and guidance
The Office of the Data Protection Ombudsman has introduced a new service to improve the functionality and security of its electronic forms. Organisations should now submit data breach notifications via the Ombudsman's online form.
View the data breach notification form
European Union - data subject access rights the subject of coordinated action in 2024
The European Data Protection Board has announced that the implementation of access rights by data controllers will be the topic of its third coordinated enforcement action. Further work will be carried out in the coming months to specify the details, and the action itself will be launched in 2024.
Middle East news
Turkey - Cooperation and Information Sharing Protocol signed
The Turkish Personal Data Protection Authority and the Turkish Competition Authority have signed a cooperation and information sharing protocol in response to the large number and variety of products/services being developed supporting the digital economy with data-based technologies.
Sanctions. We're keeping count.
35. That's the number of regulatory sanctions around the world that Rulefinder Data Privacy has tracked since October. It amounts to over 14 million US dollars in fines and numerous other reprimands, corrective actions, and orders to stop processing personal data.
Want to find out more?
Rulefinder Data Privacy subscribers hear about these and other privacy law developments as soon as we cover them.
