Americas news
United States (Federal) - public consultation on changes to COPPA
The Federal Trade Commission has opened a public consultation on proposed amendments to the Children’s Online Privacy Protection Rule (COPPA). The amendments would further restrict the use and disclosure of children’s personal information, and the ability of companies to make access to services conditional upon monetising children’s data.
Read the FTC’s press release
United States (California) - legislative proposal for internet browsers to offer opt-outs
The California Privacy Protection Agency Board has voted to advance a legislative proposal aimed at allowing individuals to submit opt-out requests via browsers (rather than websites) to better protect their personal information. California would be the first US state to require browser providers to enable such opt-out signals.
Asia news
South Korea - PIPC publishes new guidance and case studies
The Personal Information Protection Commission (the PIPC) has published new guidance for controllers on the Personal Information Protection Act and its Enforcement Decree, as well as case studies showing how the new law is likely to be interpreted.
Read the new guidance (in Korean)
View the case studies (in Korean)
Thailand - new DPO assessment criteria
The Thai Personal Data Protection Committee (PDPC) has issued criteria, with a useful checklist, to help organisations assess whether they need to appoint data protection officers (DPOs). A DPO must be appointed where an organisation processes personal data as part of its core activities; conducts regular and systematic monitoring; or processes personal data on a large scale. There is also a new notification form.
Read the PDPC’s press release, assessment criteria and notification form (in Thai)
China - new implementation guidelines for the cross-border flow of personal information
The Cyberspace Administration of China and the Hong Kong Innovation, Technology and Industry Bureau have jointly formulated "Guidelines for the Implementation of Standard Contracts for the Cross-border Flow of Personal Information in the Guangdong-Hong Kong-Macao Greater Bay Area (Mainland and Hong Kong)"
Europe news
France - regulator publishes draft TIA guidance and templates
On 8 January 2024, the French supervisory authority (the CNIL) published draft practical guidance on the completion of transfer impact assessments for transfers of personal data outside the European Economic Area. The draft, which includes helpful TIA templates and tables, will be open for public comment until 12 February 2024.
Read the draft guidance (in French)
Austria - DSB issues updated cookies guidance
The Austrian Data Protection Authority ('Datenschutzbehörde') (the DSB) has updated its guidance on the use of cookies. The updated guidance covers topics such as the legal framework for use, complaint handling mechanisms, the meaning of 'technically necessary' and the considerations that arise when implementing cookie banners.
Turkey - recommendations for privacy protection in mobile apps
In December 2023, the Turkish Personal Data Protection Authority issued its "Recommendations for the Protection of Privacy in Mobile Applications." The recommendations aim to address current and potential risks to the protection of privacy in mobile applications; and make general recommendations for data subjects and controllers regarding personal data processing activities conducted through smartphone and tablet apps.
Read the recommendations (in Turkish)
UK - ICO guidance on US transfer risk assessments
The ICO has issued guidance on conducting Transfer Risk Assessments (TRAs) for transfers of personal data to the US. In the guidance, the ICO encourages UK data exporters to rely on analysis published by the Department for Science, Innovation and Technology (DSIT) on US laws to streamline TRAs.
Netherlands - AP publishes 2024 plan
In December 2023, the data protection supervisory authority for the Netherlands (the AP), published a summary of its plan for 2024. The plan makes clear the AP’s intention to remain focused on protecting the fundamental right of data protection, promoting privacy, and ensuring non-discrimination; and to lead on promoting the responsible use of algorithms and AI.
Read the 2024 plan here (in Dutch)
UK - ICO consultation on employment guidance
The Information Commissioner’s Office (ICO) has published draft guidance for public consultation until 5 March 2024 on two key employment topics: (i) keeping employee records; and (ii) recruitment and selection. The new guidance is designed to be read alongside other detailed ICO guidance on employment and is broken down into mandatory, expected, and optional elements.
Middle East news
Saudi Arabia - SDAIA publishes guide to generative AI
The Saudi Data and Artificial Intelligence Authority (SDAIA) has published a short guide to generative AI aiming to raise awareness of its importance and promote its responsible adoption. The guide covers use cases of the technology, development benefits and challenges, potential future developments in the field and a summary of the SDAIA's initiatives in the area.
Israel - PPA publishes activity report
On 31 December 2023, the Israeli Privacy Protection Authority (PPA) published its activity report for 2022 covering areas including, administrative enforcement and support of special projects; criminal enforcement; legislative activity; and public enquiries.
Sanctions. We're keeping count.
903. That's the number of regulatory sanctions around the world that Rulefinder Data Privacy has already tracked in 2023. It amounts to over 2.4 billion US dollars in penalties and numerous other reprimands and corrective actions.
Want to find out more?
Rulefinder Data Privacy subscribers hear about these and other privacy law developments as soon as we cover them.