Search for:
Category

Data Privacy

Category

The Personal Data Protection Law of Saudi Arabia (“KSA”) was recently amended pursuant to Royal Decree No. M/148, dated 05/09/1444H (corresponding to 27 March 2023G) (“Amended PDPL”). These amendments were preceded by a public consultation launched by the Saudi Data and Artificial Intelligence Authority in late 2022.
The Amended PDPL expands the scope under which Controllers could collect personal data from third parties, and process it for purposes other than that for which it was originally collected. It also provides additional grounds for Controllers to disclose personal data, and introduces an updated regime for personal data transfers outside of KSA.

Lawmakers have come to the conclusion that new regulations are needed to support the online protection and flourishing of children and young people. This has prompted the recent proliferation of codes, laws, bills and regulatory guidance documents aimed at governing how online service providers must interact with young people. Key examples are the UK Age-Appropriate Design Code and the California Age-Appropriate Design Code Act.

Companies around the world should start preparing for the Iowa Consumer Data Protection Act with respect to personal data of consumers in Iowa. With the Iowa Act, Iowa follows the California Consumer Privacy Act of 2018, as amended by the California Consumer Rights Act of 2020, but excludes consumers acting in a commercial or employment context. Businesses that have implemented measures to comply with the CCPA and other US state privacy laws can leverage some of their existing vendor contract terms, website disclosures and data subject rights response processes to satisfy requirements under the Iowa Act. The Iowa Act becomes effective January 1, 2025 and does not include a look-back period for violations.

In line with the process intended to update Data Protection Law 25,326, the Agency for Access to Public Information announced on its official website the presentation of the Bill of Law on Personal Data Protection in the National Congress.

The South African Department of Finance has published Directive 8 on the compulsory screening of employees for competence and integrity. Failure to comply means that such businesses will risk sanction, including a fine of up to ZAR 50 million. Accountable institutions must record how the screening has been conducted and keep records of the outcome of such screening, which must be made available to the Financial Intelligence Centre upon request. It has been stipulated that screenings should begin as soon as possible.

On March 15, the Law Decree No. 24/2023 (so-called “Whistleblowing” decree) has been published in the Italian Official Gazette. The decree enhances the principles of transparency and accountability in reporting and applies to all private companies that (i) employ an average of more than 50 employees or (ii), regardless of the number of employees, are active in sectors deemed particularly “sensitive” or (iii) already have in place an Organizational Model for the prevention of crimes (so-called “231” model). The new decree introduces the obligation to set up adequate reporting channels and whistleblower protection systems.