Privacy

Subscribe to Privacy via RSS

In 2024, businesses will continue to face an evolving landscape of privacy opportunities and challenges, including an increasingly complex data regulatory environment that extends beyond the General Data Protection Regulation (GDPR). With heightened scrutiny from regulators, consumers, and investors, the need to bolster privacy and data management practices has become even more important. Here’s our top 10 list of what to watch for in the privacy and data regulatory space in 2024:Continue Reading 10 Privacy Predictions in the EU for 2024

2023 was one of the busiest years for privacy yet—with more to come in 2024. Five new U.S. state privacy laws (in Texas, Florida, Oregon, Montana, and Washington) will come into effect in 2024. And federal and state regulators are sure to focus on hot areas like artificial intelligence, children’s privacy, and the collection, use, and sharing of consumer health data, among others. Given this backdrop, here are our top 10 predictions for privacy regulation in 2024:Continue Reading U.S. Privacy Predictions: What to Watch for in 2024

On December 8, 2023, the California Privacy Protection Agency (CPPA) Board discussed a draft of its forthcoming artificial intelligence (AI) regulations on automated decision making technology (ADMT). The proposed regulations, published earlier on November 27, 2023, would impose significant new requirements on businesses subject to the California Consumer Privacy Act (CCPA) that use ADMT for certain use cases. The ADMT draft rules are expected to be part of the Agency’s larger rulemaking package alongside rules governing cybersecurity audits and risk assessments under the CCPA, as amended by the California Privacy Rights Act. While the draft ADMT regulations currently have no legal effect and are likely to undergo further revision before formal rulemaking begins, the current draft nonetheless provides an important preview of the rigorous new compliance requirements that could later take effect. Notable items put forth for public discussion include:Continue Reading Draft California AI Regulations Become One Step Closer to Reality: An Analysis of Requirements on the Horizon

On December 8, 2023, the EU finally agreed on the world’s first comprehensive legal framework on AI: the AI Act. EU lawmakers reached a political agreement on a series of controversial issues after record-long negotiations. They are expected to formally adopt the agreed text within the next couple of months. If adopted, the AI Act will ban certain AI systems, regulate general purpose AI (GPAI), impose heavy obligations on high-risk AI systems, subject to high fines, and support innovation through regulatory “sandboxes.” The AI Act will have an extraterritorial reach. Being the first law of its kind globally, the AI Act has the potential to establish a benchmark for AI regulation in other regions, just as the EU General Data Protection Regulation (GDPR) has accomplished.Continue Reading EU Lawmakers Reach Political Agreement on the AI Act

Individuals are increasingly making use of their right to access their personal data under applicable privacy laws in the EU.

It can be a challenge for companies to handle such requests, and in particular, if a request concerns a complex data set, there are a high number of requests, or the right is exercised for strategic reasons, such as in HR or legal disputes. The right of access is, however, not absolute, and its restrictions vary across Member States, adding further complexity to the matter. How to handle such requests and apply these restrictions is commonly set out in internal policies and procedures. We set out below the current landscape as well as a recent enforcement trend.Continue Reading Weaponization of Data Subject Access Requests in the EU