As part of its multipart series on EU data strategy, the IAPP Resource Center published an informational chart on the NIS2 Directive, exploring the directive's measures for a high common level of cybersecurity across the EU. The infographic includes key changes, challenges and requirements of the NIS2 directive's measures, as well as information on enforcement and penalties and important upcoming dates.Full Story
Australia's passing of the Privacy Legislation Amendment Bill in November 2022 was a major upgrade to the country’s landmark federal privacy bill, originally passed in 1988. Motivation to pass the amendment was largely driven by largescale data breaches of telecommunications company Optus and health insurance provider Medibank.
Though data anonymization offers a reprieve from some of the “onerous requirements” of the EU and U.K. General Data Protection Regulations, VeraSafe’s Scott Quellhorst and Renata Valkova, CIPP/E, CIPP/US, write that practitioners are left with unclear guidance as both jurisdictions create diverging standards.
State-level privacy law regulations are at the front of many privacy professionals’ minds in 2023. California and Colorado are in the midst of drafting rules for their respective privacy legislations. Once finalized, each set of regulations will bring a number of requirements that differ from the statutes.
The European Commission released guidance to assist companies in complying with the Digital Services Act's user reporting requirements. The reporting will help determine whether increased DSA obligations for "very large" online platforms and search engines are to be applied. Under the law, additional obligations are triggered for companies that "show that they reach more than 10% of the EU's population." Companies are required to report initial user numbers by Feb.
France's data protection authority, the Commission nationale de l'informatique et des libertés, said "the year 2023 will be key" for the European Central Bank's plan to develop a digital euro and called for "broad public and democratic debate" on the topic. The CNIL said the European Data Protection Board recommended the digital currency include privacy and data protection by design principles and be designed like cash.
The Netherlands' data protection authority, Autoriteit Persoonsgegevens, said a proposal to create a central database containing passport application data "entails major privacy risks." In a letter to State Secretary of the Interior and Kingdom Relations Alexandra van Huffelen, the AP calls for the proposed amendment to the Passport Act, creating the centralized database, to be "thoroughly amended or otherwise withdrawn." It called maintaining passport photos, signatures and fingerprints of Dutch people in one location "a gold mine for cybercriminals."
The Office of the Information and Privacy Commissioner for British Columbia announced new requirements for privacy management programs and data breach reporting under the Freedom of Information and Protection of Privacy Act that entered into force Feb. 1. Covered entities are required to designate "someone responsible for privacy-related matters and the development, implementation and maintenance of privacy policies" and develop processes for privacy impact assessments and complaints.
The European Commission is accepting applicants for a chief technology officer to advise on digital strategy priorities and projects, including the Digital Markets Act.
U.S. Sen. Michael Bennet, D-Colo., called on Apple and Google to “immediately” remove TikTok from their application stores in letters sent to Apple CEO Tim Cook and Alphabet CEO Sundar Pichai, Reuters reports.