Beyond the statutory text of the new Washington state My Health My Data Act, the Washington Attorney General has published Frequently Asked Questions (FAQs) and will update such FAQs periodically. Some of the FAQs provide insight into possible interpretations of the law’s provisions that are summarized in this article.
The law addresses for the first time the processing of personal data via autonomous and semi-autonomous systems
Through Resolution No. 161/2023, published in the official gazette on 4 September 2023, the Agency for Access to Public Information (AAIP) created the Program for Transparency and Protection of Personal Data in the Use of Artificial Intelligence and entrusted its execution, monitoring and evaluation to the National Directorates of Evaluation of Transparency Policies and Protection of Personal Data.
In June 2023, the Office of the Privacy Commissioner for Personal Data issued an updated Guidance on Data Breach Handling and Data Breach Notifications (“Guidance”). The Guidance updates a non-binding, end-to-end framework for data users to tackle data breaches, including recommended elements that go into a data breach response plan, questions that need to be addressed in the course of investigating a data breach incident, how to make a data breach notification and tips for preventing recurrence of data breaches.
Baker McKenzie is pleased to invite you to a morning breakfast symposium exploring the legal ramifications of the Artificial Intelligence (AI) revolution on 11 October 2023 at 8:00 to 10:30 am ET. This event is ideal for corporate counsel and senior leaders responsible for managing the risks and leveraging the opportunities of the AI revolution, and for those wishing to learn more. It will take place in our Toronto office.
Over the past few years, regulators around the world have stepped up enforcement of privacy laws that protect minors online. All companies that offer online services may find themselves in possession of minors’ personal data. And so, companies that take part online should consider some general recommendations, especially in light of the growing body of youth online privacy and safety laws.
The revised Data Protection Act (nDPA) and the revised Data Protection Ordinance (nDPO) will enter into force on 1 September 2023. The revised Swiss data protection law is “a GDPR-like” legislation and provides for certain (new) obligations not contained in the current data protection law.
In an employment relationship, an employer inevitably processes employees’ personal data for various purposes. This client alert aims to inform employers about their data privacy obligations under the new data protection law and provides an opportunity to test data protection compliance.
The proposed law which regulates the use of Artificial Intelligence in Brazil considers a risk-based approach inspired by the EU AI Act and looks at high, medium and low risk obligations and liabilities.
If you are a data broker or a business that relies on data brokers for targeted advertising, you should be aware that the California Data Broker Law may be significantly changed under a proposed bill. Under Senate Bill 362, the California Privacy Protection Agency (CPPA) would be required to set up, by 1 January 2026, an accessible deletion mechanism where consumers could request deletion via the CPPA that all data brokers then have to honor. Data brokers would have to check the CPPA mechanism to process all deletion requests every 31 days, as well as delete personal information about every California resident who ever made a request through the mechanism every 31 days.
By means of Resolution No. 1200/2023 published in the official gazette on 22 August 2023, the National Communications Entity (Ente Nacional de Comunicaciones, or ENACOM for its acronym in Spanish) extended the term for mobile service providers to comply with the Regulation for the Collection of Personal Data and Identity Validation of Users of Mobile Services that Hold a Mobile Number, which was approved by Resolution No. 263/2023.