As part of its 25th anniversary, the IAPP will celebrate 25 trailblazing innovators and 25 defining moments in the last quarter century that helped establish the privacy and digital governance profession. This week, we highlight The New York Times technology reporter Kashmir Hill's groundbreaking investigative work calling attention to a range of privacy and digital issues.Full story
Thousands of comments have come in response to the White House's call for information on how to shape its AI Action Plan. IAPP Staff Writer Caitlin Andrews reports on the common themes raised among several submissions, giving a glimpse into what the U.S.'s future AI policy might look like.Full story
Luxembourg's Administrative Court issued a ruling upholding a 746 million euro EU General Data Protection Regulation fine issued by its National Commission for Data Protection against Amazon in 2021. The fine related to an alleged lack of transparency in data processing activities.
As the U.S. Health Insurance Portability and Accountability Act entered its "privacy era" in the early 2000s, WilmerHale Partner Kirk Nahra, CIPP/US, writes, there was also "a substantial expansion of thoughts around what health data is." Nahra opines on the hurdles to proper safeguards for personal health data with non-HIPAA protected health data on the rise and a lack of clarity around definitions.Full story
Switzerland's Federal Data Protection and Information Commissioner said the social platform X users have the right to request their public posts not be used to train the company's AI chatbot Grok. X has since introduced an opt-out option, which the commission said complies with data laws and closed the investigation.Full story
U.S. Rep. Lori Trahan, D-Mass., issued a public request for information to update the U.S. Privacy Act of 1974, which places restrictions on how personally identifiable information can be collected, used and disclosed by federal agencies.
Quebec's data protection authority, the Commission d'accès à l'information du Québec, laid out in a new guidance document what personal information can be collected during the recruitment process and considerations for maintaining necessity and proportionality. Full story
Advocacy group Privacy International filed a complaint against the U.K. over its use of Technical Capability Notices after the U.K. allegedly sent a TCN to Apple ordering the company to provide the government with consumers' personal data for investigative purposes.
The U.K. National Cyber Security Centre issued guidance urging companies to bolster their information systems by 2035 to ensure data is protected against quantum technology that could be used to hack encrypted data, the Guardian reports.
France's data protection authority, the Commission nationale de l'informatique et des libertés, discussed AI innovation and personal data protection with France's competition regulator, the Autorité de la concurrence. The CNIL said the authorities' joint cooperation aims to analyze AI development and the potential effect the technology has on both consumers and the economy.Full story