Morrison Foerster Senior Counsel Lokke Moerel and Of Counsel Marijn Storm explored the implications of the Hamburg Commissioner for Data Protection and Freedom of Information's stance on large language models as a personal data storage conduit.
The proposed reform to the Australian Privacy Act will affect many aspects of consumer privacy and data security that organizations must prepare to comply with.
IAPP Managing Director, Washington, D.C., Cobun Zweifel-Keegan, CIPP/US, CIPM, offers his take on the latest privacy and AI governance developments in the nation's capital and around the U.S. This week, he dives into the U.S. Department of Justice's notice of proposed rulemaking to begin implementing requirements under the White House's executive order banning the transfer of sensitive data to adversarial countries. Full story
The U.S. Office of Management and Budget's request for information on commercially available data and AI helps regulators determine key AI policy responsibilities. IAPP Cybersecurity Law Center Managing Director James Dempsey wrote officials should ensure contestability features are "incorporated into the system design, beginning with the decision whether to use an automated system in a decision-making or decision-supporting role at all."Full story
The research firm Gartner's "Top 10 Strategic Technology Trends for 2025" highlights trends to "shape the future with responsible innovation," including AI governance platforms and increasing trust and security online. IAPP Managing Director, Europe, Isabelle Roccia, CIPP/E, details the insights and writes the privacy community "will need to be among those that shape the future."Full story
Norway announced intentions to revise the country's Personal Data Act to bar children under age 15 from accessing social media, Euractiv reports. Specifically, the provision of the PDA barring children under age 13 from consenting to their personal information being processed by social media companies would be raised to 15.
The New York State Department of Health published a new cybersecurity regulation for covered hospitals that "creates cybersecurity obligations related not only to (personal health information) but also to certain business information," while recommending hospitals evaluate any third-party cybersecurity management agreements to ensure compliance, according to a Norton Rose Fulbright blog post. While the majority of requirements under the regulation goes into effect 2 Oct.
Singapore's Personal Data Protection Commission accepted three remedial plans from companies disclosing ransomware attacks that collectively affected the personal data of 690,000 people. The entities must require multifactor authentication, conduct cybersecurity awareness training for employees and require stronger passwords for their services to bring them more in line with the Personal Data Protection Act.Full story
The U.K. Competition and Markets Authority launched an inquiry into Google's investment in AI company Anthropic due to antitrust concerns, The Wall Street Journal reports. Anthropic said the investment does not stifle competition as none of its "strategic partnerships or investor relationships diminish the independence of our corporate governance or our freedom to partner with others."Full story
Ireland's Data Protection Commission has had three successful cases before the Dublin Metropolitan District Court after companies allegedly failed to stop sending unsolicited marketing communications. Sky Ireland, Google Ireland and Stella Novus all pleaded guilty to continuing to text, call or email customers after being asked to stop.Full story