The European Data Protection Board (EDPB) backed the European Commission's plans to grant Brazil an adequacy decision to allow data flows but urged the EC to address "a few remaining points," it said Wednesday in an email.
GDPR
The General Data Protection Regulation (GDPR) is the European Union’s landmark privacy law governing how organizations collect, process and protect personal data. In effect since 2018 it applies to any entity handling EU residents’ information regardless of where the company is based and imposes strict requirements around consent, transparency, data minimization and user rights. GDPR enforcement has led to billions in fines against global companies setting a high bar for compliance frameworks worldwide and influencing privacy legislation in the U.S. and other regions.
French DPA CNIL is taking part in an initiative to assess the impact of AI on the role of data protection officers (DPOs), it announced Wednesday.
The ICO updated its guidance Tuesday on personal data processing for law enforcement purposes. Privacy rules for the police, criminal courts, prisons and other law-enforcement-related entities are governed by Part 3 of the Data Protection Act 2018, which is separate from the U.K. GDPR regime, the watchdog noted.
As the European Commission readies a "digital omnibus" proposal to simplify data laws and reduce business obligations, any reforms -- including to the GDPR -- must be evidence-based and continue recognizing data protection as a fundamental right, privacy lawyers said.
Differences in data transfer regulatory regimes adversely affect international trade in digital and data-reliant services, economists from the European Centre for International Political Economy said in a paper published last month.
Privacy regulation might have short-term costs, but there’s a dearth of evidence about its long-term economic harms, Carnegie Mellon University professor Alessandro Acquisti said. Speaking on a Thursday webinar hosted by George Washington University privacy professor Daniel Solove, Acquisti also addressed the so-called “privacy paradox” and the challenges of assigning a price to someone’s personal data.
The European Data Protection Board (EDPB) should revise its guidelines on the interaction between the GDPR and the Digital Services Act (DSA), and refrain from interpreting DSA provisions that fall outside its expertise, the Interactive Advertising Bureau Europe said Friday.
The ICO wants feedback on new guidance about its investigation and enforcement processes under the U.K. GDPR and Data Protection 2018, it announced Friday.
Balancing access to data and confidentiality is getting tougher as data sharing continues to drive innovation, European Data Protection Supervisor Wojciech Wiewiorowski said Thursday. However, secure multi-party computation (SMPC) could reconcile those conflicting goals by allowing organizations to jointly compute insights without revealing the underlying data, he said.
There remains a need for the federal government to establish “lanes” limiting how states can regulate AI technology, Rep. Jay Obernolte, R-Calif., told reporters Wednesday.