A lack of implementation regulations and general clarity around China’s Personal Information Protection Law is creating potential compliance burdens. This is especially true with understanding conditions for cross-border data transfers under Article 38 of the PIPL.
The Chamber of Deputies of Brazil announced consideration of an amendment to the General Data Protection Law that would limit most processing activities involving national security data.
The Baden-Württemberg Commissioner for Data Protection and Freedom of Information released a dissenting opinion over a recent decision on data transfers by the Baden-Württemberg Public Procurement Chamber. The LfDI questioned the court's decision regarding insufficient supplementary measures to execute transfers through U.S.-based cloud service providers' EU subsidiaries.
In this week’s global legislative roundup, the U.S. Federal Trade Commission announced it will explore privacy and data security rulemaking. Updates to Russia’s personal data law will be formally implemented next month. The Irish Data Protection Commission’s children's privacy decision against Instagram could come by the end of August. And, the California state legislature advanced the California Age-Appropriate Design Code Act to a Senate floor vote. (IAPP member exclusive.)Full Story
Forbes reports on a study finding digital health companies are sharing their users’ personal data with Facebook to better refine targeted advertising. The study followed users active in an online cancer support community using applications from five companies. Researchers found third-party ad trackers utilized by the companies followed the users online and were used to directly market to them.
The European Parliament called for updating the EU Consumer Credits Directive, which would partially entail regulating artificial intelligence-based loan decision-making. MEPs said with “non-banks,” like crowd-sourcing loan applications having entered the loan market, it has made it easier for people to obtain loans online.
Oracle is auditing TikTok’s algorithms and content filters, Axios reports. The move is part of TikTok’s “Project Texas,” a campaign to assure U.S. lawmakers that the company’s American users’ data is secure and unable to be manipulated by the Chinese government.
The Czech Republic’s National Office for Cyber and Information Security was installed as the state authority for data security. The formal declaration was done through an amendment to the Act on Cybersecurity, which synchronized the Czech legal system with the European Parliament and the Council of the EU. The NÚKIB now has the authority to supervise rules included in the European cybersecurity certification systems.
The U.S. Federal Trade Commission announced a public forum Sept. 8 to discuss plans for and take public comments on its proposed privacy and data security rulemaking. FTC Chair Lina Khan and Commissioners Rebecca Kelly Slaughter and Alvaro Bedoya will each provide remarks over the course of the forum. The event program includes an agency plan presentation, panels for industry and advocate perspectives, and a public feedback session.
Politico reports U.S.-based Big Tech companies are planning efforts to comply with or challenge the EU Digital Markets Act. “There will be litigation, no doubt,” European Commission Directorate-General for Communications Networks, Content and Technology Gerard de Graaf said.