The U.K. announced an update to the Network and Information Systems Regulations, including mandatory incident reporting obligations for managed service providers and minimum security requirements with fines of up to 17 million GBP for noncompliance, The Record reports.
Reuters reports Amazon will issue warning cards with some of its artificial intelligence-based products to bring light to potential discrimination issues the technologies may possess. The AI Service Cards will be attached to cloud-computing products, including facial recognition and audio transcription, to provide information on the limits of those services.
BBB National Programs' National Advertising Division referred advertising claims by information technology security company Zscaler about its Zero Trust Exchange Platform to the U.S. Federal Trade Commission. NAD recommended Zscaler stop making claims comparing its privacy protection attributes and benefits to its competitor and said it referred the case to "the FTC and other regulatory authorities for review and possible enforcement action."Full Story
The incoming 118th U.S. Congress must prioritize passing the American Data Privacy and Protection Act, National Consumers League Executive Director Sally Greenberg writes for The Hill. Despite widespread political division, individuals want better security over their personal data regardless of ideology, she said.
The proposed EU-U.S. Data Privacy Framework is on track to be finalized sometime during spring 2023, if the European Commission’s adequacy process aligns with timelines for its prior decisions. However, finalization does not put questions about the proposed framework’s durability compared to prior invalidated EU-U.S. agreements to rest. Many of those questions were raised by relevant officials and stakeholders at the IAPP Europe Data Protection Congress 2022. IAPP Staff Writer Joe Duball rounds up all the discussions contemplating the future of EU-U.S.
The European Data Protection Supervisor and the European Union Agency for Cybersecurity signed a memorandum of understanding to forge a strategic cooperation on data protection and cybersecurity matters.
The Hamburg Commissioner for Data Protection and Freedom of Information published its observations on the proposed EU-U.S. Data Privacy Framework. The HmbBfDI advised data transfer impact assessments must follow the ruling by the Court of Justice of the European Union on lawful EU-U.S. transfers until the proposed DPF is finalized. The regulator also said the U.S.
Israel's Ministry of Justice announced a public consultation on the draft Privacy Protection Regulations for data transfers from European Economic Area nations. The regulations outline obligations for Israeli entities to ensure an adequate level of data protection for data transferred from the EEA. Responsibilities include data retention limits as well as extending rights to deletion, accuracy and notification. The deadline for public comments is Dec. 20.
Italy's data protection authority, the Garante, fined perfume chain Douglas Italia 1.4 million euros for data protection violations. The Garante said the company maintained data of more than 3 million customers without requesting consent for processing.