We don't just document #privacy articles on #PrivacyWiki. We also document #privacylaws. Learn more about #aggregation and #insecurity in Alabama's Policy 621: Data Breach Notification, which defines the requirements and responsibilities for providing notifications when a breach of personal information has occurred. https://privacy.wiki/Alabama_Data_Breach_Notification_Act_of_(2018)

#privacybydesign #dataprivacylaw #dataprivacy #datasecurity #PII #databreach

December has flown by with lots of fun festive extra activities on the mind, presents to buy and events to go to. 🎄
 
This means it's been easy to lose track of important developments in data protection - an area of law which continues to be busy all year round! 🧐
 
So whilst lots of us are winding down for a nice long holiday weekend, here are five significant events in December from a GDPR and UK GDPR perspective in case you missed them:
 
1️⃣ The EU Commission has proposed a draft EU - US Data Privacy Framework (the new 'privacy shield' ). However, whilst the draft is significant, the decision has not been finalized. The process which expected to take another 6 months.

2️⃣ The UK Information Commissioner published various important pieces including its Direct Marketing Guidance which has long been anticipated by the industry. The ICO also released a forward thinking piece called 'Tech Horizons' which examines the implications of some of the most significant technological developments for privacy in the next two to five years.

3️⃣ The EU has signed a declaration on EU digital rights and principles that highlights "the EU's commitment to a secure, safe and sustainable digital transformation." The declaration is wider than just protecting personal data including #ESG themes around sustainability and digital inclusion.

4️⃣ Microsoft plans to roll out a 'data boundary' for its EU customers from 1 January to help their customers comply with their commitments under the GDPR.

5️⃣ New draft texts has been released for significant EU legislation in the data space, including the upcoming #AI Act, and the EU Data Act.
 
And of course, there were many more developments. Would anything else make your top 5?

#dataprotectionlaw #dataprivacylaw #dataprotection #GDPR #UKGDPR #data #Privacyshield #internationalbusiness

Meanwhile, on the #GDPR front ...

After the invalidation of the second US-EU framework, known as #PrivacyShield was invalidated by the European court in the #SchremsII decision, the US and EU eventually signed an agreement in principle, and a good while later, the US President issued an Executive Order framing a new #DataPrivacyFramework this fall.

This week, the EU issued a draft #adequacy decision -- essentially, a recommendation that the new Framework be recognized as providing adequate protections for personal information of EU citizens if transmitted cross-border to the US. Many commentators have observed shortcomings of the Framework, and many businesses appear loath to plan for reliance on it. (Side note -- other jurisdictions around the world have data localization requirements without even the option to explore "adequacy" determinations. All in all, this approach leads to atomization of data; the pendulum has swung very far in one direction at the moment and I expect that over time things may settle down a bit.)

At every step along the way, Mr. Schrems has indicated his skepticism and his organization (#NOYB - "None of Your Business") is reviewing the draft and is likely to challenge any final adequacy finding in court. (The final adequacy decision is expected next Spring.)

An interesting development to close out this week is the announcement of a new #OECD agreement on safeguarding #privacy in #lawenforcement and #nationalsecurity data access. If this agreement comes close to the headline -- and means what it says, and says what it means, and member states (including the US) go home and fiddle with legislation (rather than Executive Orders -- some of which are not particularly long-lived), then maybe we have a fighting chance of working towards true "adequacy."

Links to all four of these gems below.

What do you think?

#data #business #dataprivacy #dataprivacylaw #digitalhealth #hcldr #HITsm #HarlowOnHC

Data Privacy Framework:
https://www.whitehouse.gov/briefing-room/statements-releases/2022/10/07/fact-sheet-president-biden-signs-executive-order-to-implement-the-european-union-u-s-data-privacy-framework/

Draft Adequacy Decision: https://ec.europa.eu/commission/presscorner/detail/en/ip_22_7631

NOYB statement on draft decision:
https://noyb.eu/en/statement-eu-comission-adequacy-decision-us

Statement on OECD agreement:
https://www.oecd.org/newsroom/landmark-agreement-adopted-on-safeguarding-privacy-in-law-enforcement-and-national-security-data-access.htm