A comprehensive federal law is needed to fill gaps in existing sector-specific U.S. laws, members of the House Energy and Commerce Committee's Subcommittee on Innovation, Data, and Commerce heard Thursday. In the 36th hearing held in U.S. Congress on privacy and data security over the last five years, witnesses urged the passage of federal legislation, namely the American Data Privacy and Protection Act.
IAPP Managing Director, Washington, D.C., Cobun Zweifel-Keegan, CIPP/US, CIPM, offers his take on the latest privacy developments in the nation's capital and around the U.S., including thoughts on how to forge trust at the intersection of privacy and artificial intelligence as new AI deployments keep cropping up.Full Story
A view from Brussels: Will the proposed EU-US Data Privacy Framework be enough to save data transfers?
Euractiv reports members of the European Parliament reached a provisional political deal Thursday on the EU Artificial Intelligence Act. According to the report, the text is still subject to small adjustments before a "key" vote on 11 May, but it is expected to move to a plenary vote in June. "We have a deal now in which all groups will have to support the compromise without the possibility of tabling alternative amendments," a European Parliament official said.
The IAPP published an infographic breaking down key data points and statistics around consumer privacy perceptions and trust in Australia. The infographic provides a snapshot of how concerned Australian consumers are with their online privacy, how well they understand data collection and use, what actions are motivated by privacy concerns and more.Full Story
U.S. Sens. Lindsey Graham, R-S.C., and Richard Blumenthal, D-Conn., will reintroduce the Eliminating Abusive and Rampant Neglect of Interactive Technologies Act for the third time, CyberScoop reports. The bill, which would set standards for technology companies around child sexual abuse materials, raised concerns from privacy advocates who said it could weaken end-to-end encryption.
The Irish Council for Civil Liberties filed a complaint with the European Commission over alleged failure to collect a full data set of cross-border investigations over the entire life of the EU General Data Protection Regulation. The ICCL claimed the European Commission has a "56 month data deficit," which makes it difficult to identify a "systemic failure" of GDPR enforcement by member states’ data protection authorities.
The Washington State Legislature completed the final step needed to pass the My Health, My Data Act 17 April. IAPP Westin Research Fellows Anokhy Desai, CIPP/US, CIPM, CIPT, and Amy Olivero break down the MHMDA's scope, obligations of regulated entities, enforcement and consumer rights — including the ability to sue companies for violating provisions of the act. "Working through the broad application of this health-focused law will take time," they said. Full Story
Ukrainian cyber police arrested a 36-year-old male in Netishyn, Ukraine, who allegedly sold personally identifiable information belonging to more than 300 million EU and Ukrainian citizens to Russian buyers, InfoSecurity Magazine reports. The individual’s name was withheld, but Ukrainian authorities allege the personal data he sold included taxpayer ID numbers, passport information and bank account data. Full Story
European Data Protection Supervisor Wojciech Wiewiórowski published his Annual Report 2022. International data transfers continued to be a priority in 2022, while the EDPS offered guidance and expertise on health, artificial intelligence and other areas.