One unexplored area of China's Personal Information Protection Law is its Article 13, which stipulates the legal basis for collecting and processing personal data, Bird & Bird Associate Hunter Dorwart, Partner James Gong and Associate Harry Qu write.
IAPP Managing Director, Washington, D.C., Cobun Zweifel-Keegan, CIPP/US, CIPM, offers his take on the latest privacy developments in the nation's capital and around the U.S., including a dissection of the U.S. Consumer Financial Protection Bureau's soon-to-be-released proposed rulemaking to regulate data brokers under the Fair Credit Reporting Act.Full story
We know there is a lot of news to sift through these days. To help, we have gathered the top headlines of the week for you.
U.S. Sens. Edward Markey, D-Mass., and Marsha Blackburn, R-Tenn., are calling on the U.S. Federal Trade Commission to investigate reported children's privacy violations by YouTube and its parent company Google.
The U.S. Department of Health and Human Services' Office for Civil Rights is "heavily scrutinizing" health care websites alleged practice of embedding tracking technology that sells patient data to third parties, HHS OCR acting Deputy for Strategic Planning Susan Rhodes said in an interview with GovInfoSecurity. Rhodes said such practices can be potential violations of the U.S.
U.S. House of Representatives Judiciary Committee Chair Jim Jordan, R-Ohio, subpoenaed Citibank for a congressional investigation into alleged sharing of private financial data between banks and the FBI, Reuters reports. Jordan said lawmakers are questioning banks' potentially illegal data sharing for transactions made around 6 Jan. 2021 in the Washington, D.C. area. Full story
The U.K. Information Commissioner's Office issued the first phase of its guidance on biometrics use, which is now open for public consultation through 20 Oct. The second phase of the guidance will be issued early in 2024 and will focus on biometric classification and data protection, plus a call for evidence.Full story
The Government of Canada published a code of practice for generative artificial intelligence development and use. In anticipation of lawmakers passing the proposed Artificial Intelligence and Data Act, the government's voluntary code will help potential covered entities "avoid harmful impacts, build trust in their systems, and transition smoothly to compliance with Canada's forthcoming regulatory regime." The code includes principles for safety, fairness, transparency and human oversight.
Luminos.Law's Brenda Leong, CIPP/US, and Andrew Burt tackle the "inherent conflict between the need to train and then test (artificial intelligence) systems for bias," which often requires sensitive data, like race or gender, and the need for companies to comply with the data minimization principle. In this piece for the IAPP, they offer some recommendations and lessons for organizations navigating this complex space.
Brazil's Chamber of Deputies Economic Development Commission held a public hearing on the application of fines by the country's data protection authority, the Autoridade Nacional de Proteção de Dados. Deputies discussed potentially amending the General Data Protection Law so ANPD fines go beyond sanctioning an entity and provide educational resources to improve compliance.