Newsletter

Key global data privacy developments you might have missed (but Rulefinder Data Privacy hasn't) - January 2024

Author: aosphere

17 January 2024

|

Area: Data privacy

Key global data privacy developments you might have missed (but Rulefinder Data Privacy hasn't) - January 2024

Americas news

United States (Federal) - public consultation on changes to COPPA

The Federal Trade Commission has opened a public consultation on proposed amendments to the Children’s Online Privacy Protection Rule (COPPA). The amendments would further restrict the use and disclosure of children’s personal information, and the ability of companies to make access to services conditional upon monetising children’s data. 

Read the FTC’s press release
 
United States (California) - legislative proposal for internet browsers to offer opt-outs

The California Privacy Protection Agency Board has voted to advance a legislative proposal aimed at allowing individuals to submit opt-out requests via browsers (rather than websites) to better protect their personal information. California would be the first US state to require browser providers to enable such opt-out signals. 

Read the CPPA’s press release

Asia news

South Korea - PIPC publishes new guidance and case studies

The Personal Information Protection Commission (the PIPC) has published new guidance for controllers on the Personal Information Protection Act and its Enforcement Decree, as well as case studies showing how the new law is likely to be interpreted.

Read the new guidance (in Korean)
View the case studies (in Korean)
 

Thailand - new DPO assessment criteria

The Thai Personal Data Protection Committee (PDPC) has issued criteria, with a useful checklist, to help organisations assess whether they need to appoint data protection officers (DPOs). A DPO must be appointed where an organisation processes personal data as part of its core activities; conducts regular and systematic monitoring; or processes personal data on a large scale. There is also a new notification form.

Read the PDPC’s press release, assessment criteria and notification form (in Thai)

China - new implementation guidelines for the cross-border flow of personal information

The Cyberspace Administration of China and the Hong Kong Innovation, Technology and Industry Bureau have jointly formulated "Guidelines for the Implementation of Standard Contracts for the Cross-border Flow of Personal Information in the Guangdong-Hong Kong-Macao Greater Bay Area (Mainland and Hong Kong)"

Read the guidelines here (in Chinese) 

Europe news

France - regulator publishes draft TIA guidance and templates

On 8 January 2024, the French supervisory authority (the CNIL) published draft practical guidance on the completion of transfer impact assessments for transfers of personal data outside the European Economic Area. The draft, which includes helpful TIA templates and tables, will be open for public comment until 12 February 2024.

Read the draft guidance (in French) 

 
Austria - DSB issues updated cookies guidance

The Austrian Data Protection Authority ('Datenschutzbehörde') (the DSB) has updated its guidance on the use of cookies. The updated guidance covers topics such as the legal framework for use, complaint handling mechanisms, the meaning of 'technically necessary' and the considerations that arise when implementing cookie banners.

Read the guidance (in German)

 

Turkey - recommendations for privacy protection in mobile apps

In December 2023, the Turkish Personal Data Protection Authority issued its "Recommendations for the Protection of Privacy in Mobile Applications." The recommendations aim to address current and potential risks to the protection of privacy in mobile applications; and make general recommendations for data subjects and controllers regarding personal data processing activities conducted through smartphone and tablet apps.


Read the recommendations (in Turkish) 


 
UK - ICO guidance on US transfer risk assessments

The ICO has issued guidance on conducting Transfer Risk Assessments (TRAs) for transfers of personal data to the US. In the guidance, the ICO encourages UK data exporters to rely on analysis published by the Department for Science, Innovation and Technology (DSIT) on US laws to streamline TRAs.

Read the guidance 

 

Netherlands - AP publishes 2024 plan

In December 2023, the data protection supervisory authority for the Netherlands (the AP), published a summary of its plan for 2024. The plan makes clear the AP’s intention to remain focused on protecting the fundamental right of data protection, promoting privacy, and ensuring non-discrimination; and to lead on promoting the responsible use of algorithms and AI.

Read the 2024 plan here (in Dutch) 
 


UK - ICO consultation on employment guidance

The Information Commissioner’s Office (ICO) has published draft guidance for public consultation until 5 March 2024 on two key employment topics: (i) keeping employee records; and (ii) recruitment and selection. The new guidance is designed to be read alongside other detailed ICO guidance on employment and is broken down into mandatory, expected, and optional elements.

Read the guidance here 

Middle East news

Saudi Arabia - SDAIA publishes guide to generative AI

The Saudi Data and Artificial Intelligence Authority (SDAIA) has published a short guide to generative AI aiming to raise awareness of its importance and promote its responsible adoption. The guide covers use cases of the technology, development benefits and challenges, potential future developments in the field and a summary of the SDAIA's initiatives in the area.

View the guide (in Arabic) 


 
Israel - PPA publishes activity report

On 31 December 2023, the Israeli Privacy Protection Authority (PPA) published its activity report for 2022 covering areas including, administrative enforcement and support of special projects; criminal enforcement; legislative activity; and public enquiries.

View the report (in Hebrew)

Sanctions. We're keeping count.

903. That's the number of regulatory sanctions around the world that Rulefinder Data Privacy has already tracked in 2023. It amounts to over 2.4 billion US dollars in penalties and numerous other reprimands and corrective actions.

Want to find out more?

Rulefinder Data Privacy subscribers hear about these and other privacy law developments as soon as we cover them.

Request a free trial
Want to find out more?

Related know-how

Key global data privacy developments you might have missed (but Rulefinder Data Privacy hasn't) - December 2023

Newsletter

Key global data privacy developments - December 2024

Data retention – solving records retention challenges

article

Wanne Pemmelaar from filerskeepers explains why every organisation needs a data retention policy and highlights the challenges involved in implementing an effective data retention policy.