The Infocomm Media Development Authority (IMDA) and AI Verify Foundation have announced the draft Model AI Governance Framework for Generative AI (Framework), which adopts a systematic and balanced approach to addressing concerns posed by generative AI (GenAI) while continuing to facilitate innovation. The Framework expands on the Model AI Governance Framework that covered traditional AI, which was last updated in 2020.
On 24 January 2024, the EU Commission released its Decision establishing the European Artificial Intelligence Office (AI Office). This client alert focuses on the integration timeline, jurisdiction and scope of the AI Office, alongside questions yet to be addressed.
In the context of the International Data Protection Day, on 26 January 2024, the Agency of Access to Public Information (AAIP, its acronym in Spanish) published their “Recommendations to protect personal data on the internet”. The AAIP provided five recommendations to users of any digital platform that entails the assignment of personal data.
On 18 January 2024, the World Health Organization issued new guidance on the ethics and governance of artificial intelligence for health, focusing on large multimodal models (LMMs). The WHO guidance summarizes the broad applications of LMMs in the healthcare industry and includes recommendations for governments, which have the primary responsibility of setting standards for the development and deployment of LMMs, and their integration and use for public health and medical purposes.
“All information about employees!” In practice, this is what works councils often request from employers. Works councils have a legitimate interest in being involved in HR developments. However, personal employee data is usually a taboo for the works council. Sharing more information than necessary with the works council may result in severe consequences for companies.
Against a backdrop of economic stagnation and geopolitical conflict, businesses are preparing for a challenging year. Global disputes will continue at pace, according to insights from more than 600 senior lawyers at large corporations, with ESG and employment risks the greatest areas of concern. Our seventh annual report provides detailed analysis of disputes trends, as well as sectoral and region-specific developments, to prepare your organization for The Year Ahead.
The Doing Business in the Philippines handbook aims to equip both local and foreign entrepreneurs with a practical guide to navigating the ever-evolving business landscape in the Philippines. It provides information on the requirements needed when setting up and operating a business in the Philippines, including incentives under special registrations, taxation, employment, IP, dispute resolution, and industry-specific regulations.
Data is a critical asset in today’s globally connected economy. Rapidly evolving technologies have made it easier than ever for companies to collect, use and transfer data throughout the world. Yet strict data protection, privacy and cybersecurity regulation is evolving rapidly, imposing complex and often inconsistent standards. Our Global Data Privacy & Cybersecurity Handbook is updated annually to help you keep up with the dynamic legal landscape. We provide detailed overviews and allow a comparative perspective of the increasingly complex and sophisticated data privacy and cybersecurity standards in over 50 countries.
The National Privacy Commission (NPC) formally announced through its official website that the Annual Security Incident Report for the year 2023 must be filed by 31 March 2024.
Any natural and juridical person in the government or private sector processing personal data in or outside of the Philippines that are subject to the provisions of Republic Act No. 10173 or the Data Privacy Act of 2012 must submit the ASIR containing the following information:
• Summary of the number of security incidents encountered in a particular calendar year and categorized by type, i.e., theft, identity fraud, sabotage/physical damage, malicious code, hacking, misuse of resources, hardware failure, software failure, communication failure, natural disaster, design error, user error, operations error, software maintenance error, third-party service, and other analogous causes
• Summary of the number of personal data breaches encountered in a particular calendar year and classified based on the application of the breach notification obligations, i.e., mandatory and voluntary notification
Companies in the European Economic Area (EEA), Switzerland, and the UK are considering the pros and cons of the third attempt of the EU Commission and US government to establish interoperability between their data protection and privacy law systems after the demise of the US Safe Harbor Program and the EU–US Privacy Shield. Should US companies register? Are the efforts worth the potential benefits, given that the new programme has already been challenged and may be invalidated like previous programmes for reasons that businesses cannot control? Should companies that were already enrolled in the previous programmes accept automatic enrolment or leave the programme?