This month, the European Parliament approved the AI Act, which it called the “first regulation on artificial intelligence.” In the US, Utah passed the AI Policy Act, with some declaring it America’s first private-sector AI law. As organisations increase their use of AI, we need new laws to help manage new risks. But this [...]
Nigeria DPC publishes guidance for data controller and processor registration requirements The Nigeria Data Protection Commission (NDPC) has released guidelines on the registration obligations for what it deems "data controllers and data processors of major importance," as stipulated by Nigeria’s Data Protection Act (NDPA). Passed in June 2023, the Act introduced a crucial requirement [...]
The right to access personal data is fundamental to data protection, and it was present in data protection laws as early as the Council of Europe’s Convention 108 (1981) and the UK’s Data Protection Act 1984. But providing access to personal data continues to challenge many organisations—particularly those handling high volumes of information or [...]
California Attorney General (AG) Rob Bonta reached a settlement with food delivery company DoorDash on 21 February — the second-ever enforcement action taken under the California Consumer Privacy Act (CCPA) since the law took effect in 2020. Under a proposed order, DoorDash must pay a $375,000 civil penalty, enter into a three-year compliance programme, [...]
The new EU Data Act enters into force The EU regulation on harmonized rules on fair access to and use of data, (the Data Act) was published in the EU’s official journal on 22 December 2023, and entered into force on 11 January 2024. The Data Act sets rules for accessing and using data [...]
On 22 January, journalist Luca Bertuzzi leaked a final draft of the EU’s long-awaited AI Act. While the EU’s institutions reached a broad agreement on the AI Act late last year, some technical details remained to be ironed out. The leaked draft of the AI Act is not absolutely final, but it includes almost [...]
2023 was a landmark year for privacy in the US, with five new comprehensive privacy laws taking effect, strong enforcement at the federal level, and new laws passing across the states. But 2024 could prove even more significant. FTC enforcement The year began with yet another privacy case from the Federal Trade Commission (FTC), [...]
The European Data Protection Board (EDPB) has published a report of its investigation into Data Protection Officers (DPOs). The research reveals that DPOs in many organisations lack sufficient resources to fulfil their tasks, and sometimes hold senior positions that could present a conflict of interest. DPO requirements under the GDPR The GDPR requires an organisation [...]
Foresight is crucial in a fast-moving field like data protection. So as 2023 draws to a close, the web is becoming saturated with privacy predictions for next year. But let’s put the crystal ball aside and consider some events that are unlikely to occur in 2024, with a focus on US privacy law, transatlantic [...]
ICO fines Ministry of Defence for Afghan evacuation data breach The UK Information Commissioner’s Office (ICO) has imposed a £350,000 fine on the Ministry of Defence (MoD) for a data breach involving the personal data of individuals seeking relocation to the UK after the Taliban's takeover of Afghanistan in 2021. On September 20, 2021, [...]
HewardMills Ltd is a company registered in England and Wales | Registered office: 77 Farringdon Road, London EC1M 3JU | Registration number: 11211970 | All rights reserved | © Copyright 2020 – 2024 | Privacy notice
