Search results

[…] not on legislative remedies but on practical operational matters, e.g. how to effectively build substantive data minimization requirements into compliance strategies and the internal messaging privacy teams use to seek buy-in and resources from key organizational stakeholders. Substantive data minimization rules differ from the traditional procedural approach that is baked into most of the […]

[…] to implement age assurance measures, debates continue over privacy risks, effectiveness, and regulatory challenges. Beyond legal mandates, there may be policy questions or other business pressures to use some form of age assurance. This session will bring leaders from across sectors to share insights on current approaches and best practices, such as when to […]

[…] it made any statements on whether it will deploy Section 5 sanctions against data brokers? 4. How does the PADFAA definition of “sensitive data” compare to the use of the term in EO 14117? Other U.S. law such as the CCPA? 5. Are there significant distinctions between the PADFAA definition of “data broker” and […]

[…] also started conducting Human Rights Impact Assessments (HRIA)? 6. What have been the most significant enforcement actions by Data Protection Authorities (DPAs) in the EU regarding the use of AI and automated decision-making, and what lessons can organizations learn from these cases? 7. What changes could be made to the GDPR to promote the […]

[…] narrowed scope and obligations, as well as broadened transparency requirements. 2. Trends Regarding High-Risk AI / ADMT: Taking a broader look at how developments in states like Virginia, California, and Texas have shaped the landscape for high-risk AI and automated decision-making technologies (ADMTs), including a comparison of legislative approaches and how state strategies have […]

[…] protections for consumer health data. New Y ork passed, but has not yet enacted, a broad bill similar to Washington State’ s My Health My Data Act. Virginia updated its Consumer Protection Act to prohibit obtaining, disclosing, selling, or disseminating any personally identifiable reproductive or sexual health information without a consumer’ s consent. How […]

[…] development and innovation.  The study recognizes that advances in machine learning enable generative AI systems beneficial to key fields, including healthcare, banking, and commerce and highlights three use cases likely to produce valuable benefits for Brazilian society. For instance, the Federal Court of Accounts is implementing “ChatTCU”, a generative model to assist the Court’s […]

[…] nt, diff ere nce s in th e so cia l, polit ic a l, a n d eco no m ic co nte xts have been use d to exp la in th e va rie d ap pro ach e s to cro ss-b ord er data flo w s p ro […]

[…] personal data to other African countries To operationalize inter-African cross-border data flows, legal frameworks on the continent increasingly reference data transfer tools. The Issue Brief explores the use and implementation of mechanisms such as adequacy decisions, certification mechanisms, standard contractual clauses (SCCs), and binding corporate rules (BCRs) and derogations, currently in use across Kenya, […]

[…] testimony notes that the CFPB is authorized to issue rules under Section 1033 of the Dodd-Frank Act that require covered entities to make information about consumers who use their financial products available to them upon request. The CFPB undertook a lengthy and extended process to issue these rules, and engaged with numerous stakeholders and […]