Cybersecurity

In a Nutshell

On 17 April 2024, the Cybersecurity Agency of Singapore (Agency) issued a response to public feedback received on a draft amendment to its cybersecurity law.

This draft amendment of the Cybersecurity Bill (Bill) was published as part of a public consultation exercise from 15 December 2023 to 15 January 2024.

Our earlier post about this consultation can be accessed here.Continue Reading Singapore Progresses Towards Amended Cybersecurity Law

1. Introduction

The Framework Convention on Artificial Intelligence, Human Rights, Democracy and the Rule of Law has been concluded by the Council of Europe (CoE) Committee on Artificial Intelligence on March 24, 2024, finally landing a decisive blow with a provisional agreement on the text of a treaty on artificial intelligence and human rights (Treaty).

This Treaty is the first of its kind and aims to establish basic rules to govern AI that safeguard human rights, democratic values and the rule of law among nations. As a CoE treaty, it is open for ratification by countries worldwide. It is worth noting that in this epic battlefield, apart from the CoE members in one corner of the global arena, on the opposite corner, representing various nations like the US, the UK, Canada and Japan, we have the observers, eyeing the proceedings, ready to pounce with their influence. Although lacking voting rights, their mere presence sends shockwaves through the negotiating ring, influencing the very essence of the Treaty.Continue Reading Heavyweight Fight, Did the US or EU KO the AI Treaty?

This week, House Committee on Energy and Commerce Chair Cathy McMorris Rodgers (R-WA) and Senate Committee on Commerce, Science and Transportation Chair Maria Cantwell (D-WA) unveiled their bipartisan, bicameral discussion draft of the American Privacy Rights Act (APRA draft).[1] Chair Rodgers’ and Chair Cantwell’s announcement of the APRA draft surprised many congressional observers after comprehensive privacy legislation stalled in 2022.Continue Reading April’s APRA: Could Draft Privacy Legislation Blossom into Law in 2024?

On 2 April 2024, the Italian Data Protection Authority (Garante) announced that on 21 March 2024, it issued a warning to Worldcoin Foundation regarding its intention to collect biometric data (via iris scanning) for digital identification, claiming that such data processing would violate the Regulation (EU) 2016/679 (GDPR).

Worldcoin Foundation supports the Worldcoin project, launched in 2019 by Sam Altman, the CEO of OpenAI LLC (OpenAI). The project is based on iris scanning to verify the identity of users and on linking such processing to the “financial instrument” market, specifically the cryptocurrency called WLD. The iris is scanned by a biometric device named Orb, which scans the face and iris of users to create a unique identification code (the so-called “World ID”) worldwide for each user. The Orb is not yet available in many countries (and is not offered in the EU).Continue Reading The Italian DPA Has Its Eyes on Biometric IDs – Another Fight on Tech or a Win for Privacy?

Nearly six months after the Cyberspace Administration of China (CAC) was first introduced for public consultation, with its draft regulations proposing to ease outbound data transfers from China (Draft Regulations) (see our article at China Releases Draft Regulation to Significantly Ease Cross-border Data Transfers | Privacy World), the much-awaited final rules on Regulating and Facilitating Cross-border Data Flows were published and came into effect on March 22, 2024 (New Regulations). The New Regulations largely repeat the Draft Regulations, but now have further relaxed personal data exports from China.

Meanwhile, on the same day, the CAC also released the Guide to the Application for Security Assessment of Data Exports (Second Edition) and the Guide to the Filing of the Standard Contract for Personal Data Exports (Second Edition) (collectively, the Second Edition Guides) which make corresponding adjustments pursuant to the New Regulations.Continue Reading China Finalizes New Regulations to Relax Personal Data Exports from China

On January 15, 2024, the American Arbitration Association (“AAA”) introduced updates to its Mass Arbitration Supplementary Rules and its fee schedules, including for consumer mass arbitrations (collectively referred to as the “Updates”). The Updates consist of a flat initiation fee to lower the cost of initiating arbitrations, the new requirement of counsel to affirm that

On March 1, 2024, Singapore’s Ministry of Communications and Information announced[1] that a study would be launched to introduce a new piece of legislation, the Digital Infrastructure Act (DIA), to boost the resilience and security of key digital infrastructure and services in Singapore.Continue Reading Singapore to Pass New Law to Boost Digital Resilience

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

In Narrow Vote California Moves Next Generation Privacy Regs Forward | Privacy World

EDPB Versus Ireland? Does the Opinion on

On February 21, the Administration announced an Executive Order (“EO”) aimed at strengthening cybersecurity at U.S. Ports. While not directly applicable to critical infrastructure entities in other sectors, the EO highlights the Administrator’s focus on critical infrastructure more broadly and sets forth steps that can be taken by all critical infrastructure operators to harden their cybersecurity posture.Continue Reading Executive Order on Maritime Cybersecurity Illuminates Path Forward for All Critical Infrastructure Operators

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.Continue Reading Privacy World Week in Review