India’s Data Protection Bill Expected to Pass Summer 2023
Indian Minister for Railways, Communications, Electronics and Information Technology Ashwini Vaishnaw is targeting July or August 2023 for passage of the proposed Digital Personal Data Protection Bill. Vaishnaw said “sea change over the years” has led to the drafting of the latest bill and prior proposals, while also noting the prime minister’s mandate “to prepare a comprehensive digital legal framework.” Vaishnaw added the draft bill is currently under public consultation and review by an unspecified parliamentary committee.
Australia Passes Privacy Legislation Amendment Bill 2022
The Parliament of Australia approved final passage of the Privacy Legislation Amendment Bill 2022. The bill amends the Privacy Act of 1988 to increase data breach fines to AU $50 million, or penalties based on data monetization and 30% of adjusted quarterly turnover under a new three-factor penalty scheme. Australian Information Commissioner and Privacy Commissioner Angelene Falk said the changes create “closer alignment with competition and consumer remedies” under the EU General Data Protection Regulation and “facilitate engagement with domestic regulators and our international counterparts to help us perform our regulatory role efficiently and effectively.”
Brazil’s AI Commission to Deliver Final Report
Brazil’s commission of jurists charged with drafting artificial intelligence regulations will deliver its final report to President of the Federal Senate of Brazil Rodrigo Pacheco on December 6th. The final text “brings principles, rules, guidelines and fundamentals to regulate the development and application of artificial intelligence in Brazil.” Jurist Laura Schertel Ferreira said it is based on three principles: ensuring individuals’ rights, assessing risk and predicting “governance measures applied to companies that provide or operate the Artificial Intelligence system.”
Israel Opens Consultation on EEA Data Transfer Rules
Israel’s Ministry of Justice announced a public consultation on the draft Privacy Protection Regulations for data transfers from European Economic Area nations. The regulations outline obligations for Israeli entities to ensure an adequate level of data protection for data transferred from the EEA. Responsibilities include data retention limits as well as extending rights to deletion, accuracy and notification.
EU Lawmakers Reach Agreement on e-Evidence Regulation
The Council of the European Union, European Parliament and European Commission reached an agreement on the e-Evidence regulation, Euractiv reports. Aiming to facilitate cross-border criminal investigations, the regulation implements a mechanism for law enforcement agencies to obtain electronic evidence stored in another EU country. It includes the European Preservation Order, under which a judge could order a service provider to preserve data related to a suspect that could be accessed at a later date. The regulation must still be ratified by lawmakers and EU governments.
TSA Tests Digital ID Verification
The U.S. Transportation Security Administration is adding digital IDs to a program for testing passenger facial recognition verification technology at airports across the country, Nextgov reports. The TSA is considering using digital IDs to verify passenger information against real-time facial recognition scans at checkpoint security. The agency’s Privacy Impact Assessment said digital IDs are expected to “improve airport security and expedite checkpoint security processes.” The TSA said data collected will be anonymized, encrypted and deleted within two years.
EU-US Trade and Technology Council Settle on AI Roadmap
The EU-U.S. Trade and Technology Council announced results of its third summit, including an agreement on the Joint Roadmap on Evaluation and Measurement Tools for Trustworthy Artificial Intelligence and Risk Management. The two sides said the roadmap will help inform risk management and trustworthiness while building “a shared repository of metrics” for ongoing measurement. With respect to AI and privacy, the two sides said they will “assess the use of privacy enhancing technologies and synthetic data in health and medicine, in line with applicable data protection rules.”
New Jersey Introduces Bill to Establish Children’s Data Protection Commission
State Assemblyman Herb Conaway Jr., introduced a bill to create a New Jersey Children’s Data Protection Commission. The legislation concerns social media privacy and data management standards for children and establishes a nine-member commission to receive feedback from a broad range of stakeholders recommending best practices for protecting children’s personal data online. The bill requires digital companies operating in the state to conduct data protection impact assessments before launching new products likely to be accessed by children. Fines for failure to comply are proposed to be $2,500-$7,500 per affected child.
ICO Creates Children’s Code Design Tests
The U.K. Information Commissioner’s Office created design tests to help designers assess whether products or services likely to be accessed by children comply with the Children’s Code. The ICO said the tests will support designers in creating “online experiences that protect children’s personal data,” noting, “Each test provides a report detailing areas of good practice as well as steps you can take to improve your conformance.”
European Commission Publishes EU-US Draft Adequacy Decision
The remaining steps to finalizing the EU-U.S. Data Privacy Framework are coming into focus after the European Commission released its EU-U.S. draft adequacy decision Tuesday. The draft marks the start of the commission’s review toward finalization, which EU officials maintain could take up to six months. A potential July 2023 finalization of the EU-U.S. agreement on data flows would come three years after the Court of Justice of the European Union’s invalidation of the EU-U.S. Privacy Shield framework.
Microsoft Rolls Out ‘Data Boundary’ for EU Cloud Customers
Microsoft is beginning a phased rollout of its “EU data boundary” enabling EU cloud customers to process and store data in the region, Reuters reports. The “EU data boundary” applies to Microsoft’s core cloud services. A first phase will include customer data, followed by logging and service data, Microsoft Chief Privacy Officer Julie Brill said. “We are creating this solution to make our customers feel more confident and to be able to have clear conversations with their regulators on where their data is being processed as well as stored,” Brill said.
Slovenia Passes Personal Data Protection Act
The Republic of Slovenia’s National Assembly, the Drzavni Zbor, voted 50-8 to adopt the Personal Data Protection Act. The legislation transposes the EU General Data Protection Regulation into Slovenian, as the country met all the requirements to fully implement the GDPR. The law, written into Article 38 of the country’s constitution, covers human rights including the protection of personal data, the ability to access personal data collected by companies and judicial redress for the mishandling of one’s personal data.