The Court of Justice of the European Union (CJEU) ruled that the mere infringement of the provisions of GDPR is insufficient to give rise to compensation unless the data subject can prove that they suffered damage (monetary or non-monetary loss), even if minimally, because of the infringement.
The judgment was delivered on a lawsuit filed by an Austrian citizen against ...
The European Commission has adopted the first designation decisions under the Digital Services Act (DSA), which aims to enhance consumer rights and protections in the digital world and increase legal certainty, fairness, and harmonization of the rules that apply to digital service providers. The EU Commission designated 17 Very Large Online Platforms (VLOPs), including YouTube, Amazon store, Alibaba/AliExpress, Google Play, ...
The Israeli government formally published the new privacy regulations that apply primarily, but not exclusively, to personal data that originates from the European Economic Area (EEA). The new regulations were adopted to support the efforts of the EU Commission to renew its recognition of Israel as an adequate country whose level of protection of personal data is equivalent to that ...
The U.S. Department of Health and Human Services is proposing amendments to the Privacy Rule of the Health Insurance Portability and Accountability Act (HIPAA), to limit healthcare providers from disclosing medical information related to abortion and pregnancy at the request or demand of law enforcement agencies. The proposed amendments would prohibit the use or disclosure of medical information by healthcare ...
China’s Cyber Administration published for public comments a draft of administrative measures for artificial intelligence (AI) services. This is a plan aimed at regulating AI services provided to the public in China, across a wide range of areas such as privacy protection, prevention of discrimination, bias control, content management, security, algorithmic transparency, etc. It applies to all research, development, and ...
The New York City Department of Consumer and Worker Protection has adopted rules to implement the New York City law from 2021 regarding automated employment decision tools (“AEDT”). This first-of-its-kind municipal law prohibits private and public-sector employers and employment agencies in New York City from using an automated employment decision tool unless the tool has been subject to a bias ...
Following a rulemaking process that began in mid-2022, the California Office of Administrative Law has formally approved the California Privacy Protection Agency’s regulations implementing portions of the California Privacy Rights Act of 2020 (CPRA). The new rules are effective immediately, but enforcement of various elements of the new rules will not begin until July 1, 2023.
The new regulations include ...
The European Data Protection Board (EDPB) has announced the establishment of a dedicated task force for ChatGPT. Some see this as the EU’s first step towards creating a comprehensive privacy policy on artificial intelligence. The purpose of the task force is to promote cooperation and information sharing regarding enforcement action by data protection authorities of the member states of the ...
New user? Click here to register