Free tools and resources for Data Protection Officers!

Category Archives for "Legislation"

President Trump Signs Executive Order on Artificial Intelligence

President Trump signed an Executive Order (“EO”), “Maintaining American Leadership in Artificial Intelligence,” that launches a coordinated federal government strategy for Artificial Intelligence (the “AI Initiative”).

Among other things, the AI Initiative aims to solidify American leadership in AI by empowering federal agencies to drive breakthroughs in AI research and development (“R&D”) (including by making data computing resources available to the AI research community), to establish technological standards to support reliable and trustworthy systems that use AI, to provide guidance with respect to regulatory approaches, and to address issues related to the AI workforce.

Source: President Trump Signs Executive Order on Artificial Intelligence

Data Protection Act vetoed by Bulgarian President

Bulgaria’s head of state has sent a provision of the Law on Amendments and Supplements to the Personal Data Protection Act back to parliament for renewed debate. The action has been taken by president Radev due to opposition to Article 26 of the Act, which relates to the processing of personal data for journalism, academia and literary expression.

Source: Data Protection Act vetoed by Bulgarian President

How should we regulate facial-recognition technology?

The privacy concerns with facial-recognition technology are obvious: Nothing is more “personal” than one’s face.

So how is the processing of facial data regulated, whether such data is collected by a government agency as in China, or by a private entity like Apple or Facebook? And as facial-recognition technology use becomes more pervasive (as widely predicted), what restrictions are appropriate in the future?

Full article: How should we regulate facial-recognition technology?

Polish Ministry of Digital Affairs issues GDPR guidelines for fintech

The Polish Ministry of Digital Affairs recently issued an EU General Data Protection Regulation guidebook addressed to financial technology companies.

This is the third brochure published by the MDA’s Personal Data Protection Working Group this year, following one pertaining specifically to the health care sector and another one aimed generally toward entrepreneurs.

Source: Polish Ministry of Digital Affairs issues GDPR guidelines for fintech

How to comply with both the GDPR and the Cloud Act

On March 23, 2018, U.S. Congress enacted the Clarifying Lawful Overseas Use of Data Act, which had the immediate effect of mooting the ongoing U.S. v. Microsoft litigation.

A central issue of the case was whether a web based or cloud based telecommunications or data service provider, subject to U.S. jurisdiction, could avoid being required to provide stored electronic communications for which a search and seizure warrant had been served, when such stored electronic communications were stored on servers outside of the U.S.

The U.S. CLOUD Act amended the Stored Communications Act (SCA) of 1986, which was enacted to create Fourth Amendment-like privacy protection for email and other digital communication stored or held by internet service providers.

Full article: How to comply with both the GDPR and the Cloud Act

Despite media impact worries Bulgaria begins to implement GDPR amendments

The EU’s General Data Protection Regulation took another step towards being integrated into Bulgarian law last week, when MPs in Sofia gave the green light to the second and final reading of changes to the nation’s data protection legislation.

Full article: Despite media impact worries Bulgaria begins to implement GDPR amendments

Does anonymization or de-identification require consent under the GDPR?

Data de-identification has many benefits in the context of the EU General Data Protection Regulation . One of the recurring questions is whether consent is required to anonymize or de-identify data. In this article, we make the case that no consent is required for anonymization or other forms of de-identification.

Full article: Does anonymization or de-identification require consent under the GDPR?

“No Deal” Brexit May Bring Practical Problems for Privacy and Data Protection

With a “No Deal” Brexit seeming more likely than ever after the UK Parliament voted down a proposed deal in January 2019, concerns are rapidly multiplying about the effects of such a withdrawal from the EU for organizations doing business in the UK, and how those organizations will address numerous practical issues, privacy and data protection among them.

Full article: “No Deal” Brexit May Bring Practical Problems for Privacy and Data Protection

>