Data Privacy Archives

In Data Privacy

Saudi Arabia: New amendments have been introduced to the Personal Data Protection Law

April 27, 2023 by Abdulrahman AlAjlan, Zahi Y. Younes, Yousef Bugaighis, Maher Ghalloussi, Lucrezia Lorenzini and Hala Redwan 3 Mins Read

The Personal Data Protection Law of Saudi Arabia (“KSA”) was recently amended pursuant to Royal Decree No. M/148, dated 05/09/1444H (corresponding to 27 March 2023G) (“Amended PDPL”). These amendments were preceded by a public consultation launched by the Saudi Data and Artificial Intelligence Authority in late 2022.
The Amended PDPL expands the scope under which Controllers could collect personal data from third parties, and process it for purposes other than that for which it was originally collected. It also provides additional grounds for Controllers to disclose personal data, and introduces an updated regime for personal data transfers outside of KSA.

In Data Privacy

United Kingdom and United States: California age-appropriate design rules – Similar principles and subtle differences

April 27, 2023 by Jonathan Tam and Elizabeth Denham 7 Mins Read

Lawmakers have come to the conclusion that new regulations are needed to support the online protection and flourishing of children and young people. This has prompted the recent proliferation of codes, laws, bills and regulatory guidance documents aimed at governing how online service providers must interact with young people. Key examples are the UK Age-Appropriate Design Code and the California Age-Appropriate Design Code Act.

In Data Privacy

Argentina: Convention 108+ on the protection of privacy and personal data ratified

April 25, 2023 by Guillermo Cervio, Martin Roth, Sofía Requejado and Valentina Salas 1 Min Read

On 17 April 2023, Argentina became the 23rd country to ratify Convention 108+, which aims to protect the privacy of individuals against possible abuses in the processing of their personal data. Argentina ratified Convention 108+ during the Privacy 2023 Symposium held in Venice between 17 and 21 April.

In Data Privacy

United States: Iowa Consumer Data Protection Act takes effect in 2025

April 22, 2023 by Lothar Determann, Helena J. Engfeldt, Jonathan Tam and Michelle Shin 9 Mins Read

Companies around the world should start preparing for the Iowa Consumer Data Protection Act with respect to personal data of consumers in Iowa. With the Iowa Act, Iowa follows the California Consumer Privacy Act of 2018, as amended by the California Consumer Rights Act of 2020, but excludes consumers acting in a commercial or employment context. Businesses that have implemented measures to comply with the CCPA and other US state privacy laws can leverage some of their existing vendor contract terms, website disclosures and data subject rights response processes to satisfy requirements under the Iowa Act. The Iowa Act becomes effective January 1, 2025 and does not include a look-back period for violations.

In Data Privacy

Vietnam: Official issuance of Vietnam Decree on Personal Data Protection (PDPD)

April 22, 2023 by Manh Hung Tran, Huu Tuan Nguyen and Huyen Minh Nguyen 2 Mins Read

The long-awaited Decree on Personal Data Protection has finally been issued as Decree No. 13/2023/ND-CP.

In Data Privacy

Argentina: The Agency for Access to Public Information announced the presentation of the Bill of Law on Personal Data Protection in the National Congress

April 22, 2023 by Guillermo Cervio, Martin Roth, Valentina Biondi Grane and Sofía Requejado 2 Mins Read

In line with the process intended to update Data Protection Law 25,326, the Agency for Access to Public Information announced on its official website the presentation of the Bill of Law on Personal Data Protection in the National Congress.

In AML & Financial Services Regulatory

South Africa: Avoiding FICA fiascos – compliance with March 2023 FICA Directives

April 18, 2023 by Johan Botes 5 Mins Read

The South African Department of Finance has published Directive 8 on the compulsory screening of employees for competence and integrity. Failure to comply means that such businesses will risk sanction, including a fine of up to ZAR 50 million. Accountable institutions must record how the screening has been conducted and keep records of the outcome of such screening, which must be made available to the Financial Intelligence Centre upon request. It has been stipulated that screenings should begin as soon as possible.

In Cyber Security

Argentina: ENACOM Resolution No. 263/2023

April 13, 2023 by Guillermo Cervio, Martin Roth, Valentina Biondi Grane and Valentina Salas 2 Mins Read

With Resolution No. 263/2023, published on 17 March in the Official Gazette, the National Communications Entity (Ente Nacional de Comunicaciones (ENACOM)) approved a new Regulation for the Collection of Personal Data and Identity Validation of Users of Mobile Services that Hold a Mobile Number.

In Employment

Italy: Employment Law Newsletter | April 2023

April 13, 2023 by Massimiliano Biolchini, Antonio Luigi Vicoli and Serena Fantinelli 3 Mins Read

This publication features Italy’s latest developments in employment law.

In Whistleblowing

Italy: EU Directive on Whistleblowing implemented

April 12, 2023 by Francesca Rubina Gaudino, Serena Fantinelli and Luca Bassi 6 Mins Read

On March 15, the Law Decree No. 24/2023 (so-called “Whistleblowing” decree) has been published in the Italian Official Gazette. The decree enhances the principles of transparency and accountability in reporting and applies to all private companies that (i) employ an average of more than 50 employees or (ii), regardless of the number of employees, are active in sectors deemed particularly “sensitive” or (iii) already have in place an Organizational Model for the prevention of crimes (so-called “231” model). The new decree introduces the obligation to set up adequate reporting channels and whistleblower protection systems.