The IAPP 2023 Global Legislative Predictions preview an expectedly busy year ahead for privacy professionals across Europe. Legislators and supervisory authorities carry various priorities into this year that could bring implications for EU organizations’ approaches to compliance. Join the IAPP Feb.
The U.S. Health and Human Services Office for Civil Rights reached a $1.25 million settlement with Arizona-based health care provider Banner Health Affiliated Covered Entities over alleged violations of the Health Insurance Portability and Accountability Act Security Rule. The settlement resolves 2016 claims related to a hack and subsequent data breach that affected the protected health information of 2.81 million individuals.
U.S. Rep. Chris Stewart, R-Utah, introduced legislation barring children under age 16 from accessing social media platforms and requiring companies to verify user ages for compliance, The Washington Post reports. The bill would also let parents sue platforms for allowing underage users to access services. Stewart compared the negative mental health impacts of social media to substance abuse, and said, “We protect our children from drinking, from smoking, from driving. They can’t drive when they’re 12.
As part of its multipart series on EU data strategy, the IAPP Resource Center published an informational chart on the NIS2 Directive, exploring the directive's measures for a high common level of cybersecurity across the EU. The infographic includes key changes, challenges and requirements of the NIS2 directive's measures, as well as information on enforcement and penalties and important upcoming dates.Full Story
Australia's passing of the Privacy Legislation Amendment Bill in November 2022 was a major upgrade to the country’s landmark federal privacy bill, originally passed in 1988. Motivation to pass the amendment was largely driven by largescale data breaches of telecommunications company Optus and health insurance provider Medibank.
Though data anonymization offers a reprieve from some of the “onerous requirements” of the EU and U.K. General Data Protection Regulations, VeraSafe’s Scott Quellhorst and Renata Valkova, CIPP/E, CIPP/US, write that practitioners are left with unclear guidance as both jurisdictions create diverging standards.
State-level privacy law regulations are at the front of many privacy professionals’ minds in 2023. California and Colorado are in the midst of drafting rules for their respective privacy legislations. Once finalized, each set of regulations will bring a number of requirements that differ from the statutes.
The European Commission released guidance to assist companies in complying with the Digital Services Act's user reporting requirements. The reporting will help determine whether increased DSA obligations for "very large" online platforms and search engines are to be applied. Under the law, additional obligations are triggered for companies that "show that they reach more than 10% of the EU's population." Companies are required to report initial user numbers by Feb.
France's data protection authority, the Commission nationale de l'informatique et des libertés, said "the year 2023 will be key" for the European Central Bank's plan to develop a digital euro and called for "broad public and democratic debate" on the topic. The CNIL said the European Data Protection Board recommended the digital currency include privacy and data protection by design principles and be designed like cash.