General

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Never Beyond the Law – the Spanish AEPD’s Position on the Processing of Whistleblower Data | Privacy World

Singapore to

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Biden Budget Proposal Advances AI Priorities | Privacy World

US Regulators Lift the Curtain on Data Practices With Assessment, Reporting

Originally posted on Squire Patton Boggs’ Capital Thinking blog by David StewartLudmilla Kasulke and Dominic Braithwaite.


On March 11, 2024, US President Joe Biden released his Fiscal Year (FY) 2025 budget request, which included proposals on U.S. Artificial Intelligence (AI) development and efforts to implement the Biden Administration’s Executive Order (EO) on AI. The budget identifies the National Science Foundation (NSF) as central to U.S. leadership in AI, requesting $10.2 billion in funding for the agency. $2 billion of that total would be dedicated to research and development (R&D) in accordance with CHIPS Act priorities, including AI, and $30 million would support the National AI Research Resource pilot program. The budget also requests $65 million for the Commerce Department “to safeguard, regulate, and promote AI, including protecting the American public against its societal risks.” This funding would include directing the National Institute of Standards and Technology (NIST) to establish the U.S. AI Safety Institute. The institute would be responsible for operationalizing “NIST’s AI Risk Management Framework by creating guidelines, tools, benchmarks, and best practices for evaluating and mitigating dangerous capabilities and conducting evaluations including red-teaming to identify and mitigate AI risk.” Further, the Department of Energy (DOE) Office of Science, which is responsible for implementing aspects of both the CHIPS Act and the AI EO, would receive $8.6 billion under the President’s proposed budget.Continue Reading Biden Budget Proposal Advances AI Priorities

Following the lead of Europe, four US states currently require businesses to conduct and document assessments to evaluate and mitigate risks in connection with new and ongoing personal data processing activities, and at least eight additional states will do so between now and the end of 2025. California, which applies its requirements beyond traditional consumers to human resources and business-to-business contexts, requires regulatory filings of assessments (which may end up being in abridged form). On March 8, draft California assessment regulations were moved forward toward preparation for public comment, as detailed here. All of the states give regulators the ability to inspect assessments, which must be retained for that purpose. These new obligations will raise the curtain on companies’ info governance practices for regulators, and thereby necessitate robust data protection programs that are more than “window dressing.” Regulators have been clear about their plans to move to more aggressive enforcement of new state privacy laws, as discussed here and here, and assessments will give them a roadmap to do so.Continue Reading US Regulators Lift the Curtain on Data Practices With Assessment, Reporting and Audit Requirements

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

In Narrow Vote California Moves Next Generation Privacy Regs Forward | Privacy World

EDPB Versus Ireland? Does the Opinion on

The staff and board of the California Privacy Protection Agency (“CPPA”) have been working for nearly two years on a new set of proposed rulemaking under the California Consumer Privacy Act, as amended by the California Privacy Rights Act  (“CCPA”).  A year ago the current CCPA regulations were finalized, but several complex issues where reserved for further consideration and some proposals were pulled back to ease initial implementation.  Their enforcement was initially enjoined and delayed by a trial court, but a California appeals court reversed that order, including any delay on the effectiveness of future regulations.  New draft regulations were proposed by the CPPA staff and considered but not approved by the CPPA board in Q4 of 2023.  In February 2024 further revised draft regulations were released and considered on March 8 by the CCPA board, which voted 5 to 0 to move forward amendments to the existing regulations and, after a spirited debate, 3 (Urban, Le and Worthe for) to 2 (de la Torre and Mactaggert against) to also move forward with new draft regulations on data risk assessments and data driven technologies, with a direction to staff to add to the requirements for filing abridged assessments with the CPPA a discussion on what safeguards were employed to mitigate risks (with an exception for when disclosure would be a security risk).  In each case the staff was authorized to prepare the materials necessary under administrative procedures laws and regulations to publish a notice of prepared rulemaking, the publication which will be subject to a further Board vote after reviewing the rule making package.  The staff was also authorized to make further edits to the draft regulations to clarify text or conform with law.  Although the motions did not set a firm date for staff to complete that work, the discussions contemplate that it would be done by the July 2024 Board meeting at the latest.  That could result in effective regulations in Q3, though given the complexity and lack of Board consensus year-end is optimistic.Continue Reading In Narrow Vote California Moves Next Generation Privacy Regs Forward

Scott Warren, a Partner in our Japan and China offices, will chair and speak at the Thailand & SE Asia 5th International Arbitration & Corporate Crime Summit on March 14, 2024 at the Rembrandt Hotel & Suites in Bangkok. 

Scott’s presentation is entitled Everything, Everywhere, All the Time: How Digital Data Regulations Affect

On February 28, 2024, President Biden issued a groundbreaking executive order (EO) establishing the framework for new restrictions on transactions involving US persons’ sensitive personal data and “countries of concern,” including China, or related parties.  Our Data and Public Policy teams break down what this will mean for companies here.  We will continue to

Protection for minors online continues to top the list of U.S. regulatory and legislative priorities in 2024. So far in 2024, legislators in California introduced several bills focused on minors; Congress held hearings and advanced federal legislation protecting minors online; and constitutional challenges to 2023 state laws focused on minors’ social networking accounts advanced in the Courts. Congress and the Federal Trade Commission (FTC) are looking to update the Children’s Online Privacy Protection Act and corresponding Rule, as detailed in another post. However, the proposals explained in this post extend far beyond online privacy concerns, and we believe more focus on minors’ online safety is on the way.Continue Reading Protecting Kids Online: Changes in California, Connecticut and Congress – Part I

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information.

Deep Fake of CFO on Videocall Used to Defraud Company of US$25M | Privacy World

Address Cyber-risks From Quantum Computing