Privacy Law Update: February 27, 2023
The European Parliament Committee on Civil Liberties, Justice and Home Affairs announced a March 1 debate on a motion to finalize its nonbinding opinion on the proposed EU-U.S. Data Privacy Framework and the subsequent U.S. adequacy decision. European Data Protection Board Chair Andrea Jelinek is slated to present EU data protection authorities’ opinion on the matter for parallel discussion among members of the European Parliament. Editor’s note: The IAPP’s Joe Duball reported on the LIBE committee’s draft DPF opinion.
Gov. Gavin Newsom, D-Calif., issued a statement supporting the California Age-Appropriate Design Code Act. The statement came in response to the technology trade association NetChoice filing a lawsuit against the state in an attempt to block the online safety law. Newsom said he will “vigorously defend” the law, touting how it and California lawmakers are “shielding (children) from harmful data mining, violent content, and automatic GPS tracking that allows adults to track down kids.” Editor’s note: The IAPP’s Joe Duball reported on the passage of the California Age-Appropriate Design Code Act.
The rollercoaster ride of U.S. state privacy law is in full motion on its annual ascent to what can only be described as an unknown destination. Forty-seven U.S. state legislatures have commenced 2023 legislative sessions and 16 introduced or reintroduced comprehensive privacy legislation. IAPP Westin Fellow Anokhy Desai, CIPP/US, CIPT, tracks the progress of those bills — along with the core provisions they share — on a weekly basis.
The Australian Attorney-General’s Department released its highly anticipated review of the Privacy Act 1988 Thursday, a significant step in the reform of the nation’s privacy law. The Privacy Act Review Report includes 116 recommendations based on 30 “key themes and proposals” from stakeholders during the course of the last two years.
SEC proposes replacing existing regulations mandated by US Privacy Act, The U.S. Securities and Exchange Commission proposed a rule altering the commission’s regulations under the U.S. Privacy Act, which governs “the handling of personal information in the federal government.” The existing regulations would be replaced “in their entirety” and “would codify current practices for processing requests made by the public under the Privacy Act.” The goal would be to offer individuals more “clarity” on the commission’s processes for allowing them access to information about themselves.
NIST’s Reva Schwartz discusses the AI Risk Management Framework: The U.S. National Institute of Standards and Technology recently released the Artificial Intelligence Risk Management Framework 1.0, a voluntary resource for organizations designing, developing, deploying or using AI systems to help manage risk and promote the responsible development of AI systems. To learn more about the newly released framework and how organizations should approach it, IAPP Editorial Director Jedidiah Bracy, CIPP, caught up with NIST Research Scientist and Principal Investigator for AI Bias Reva Schwartz.