EU & UK
- Dutch intelligence services AIVD and MIVD reportedly continue to share sensitive datasets with their U.S. counterparts, including data on Dutch citizens.
- The EC Expert Group released a report detailing model contractual terms (MCTs) and standard contractual clauses (SCCs) for B2B data sharing and cloud computing contracts.
- Manx Care has been ordered to carry out a review of how it deals with personal data requests after “systemic failures” were found in its handling processes.
- The UK ICO released comprehensive new guidance on anonymization, pseudonymization, and privacy-enhancing technologies under the UK GDPR.
- The French data protection authority CNIL issued recommendations on multi-factor authentication MFA to ensure GDPR-compliant security of information systems.
AMERICAS
- Consumer Reports and Wesleyan University researchers published a joint study examining online retailers’ compliance with state privacy opt-out requests.
- The U.S. NIST released a draft paper covering recommendations for incident response in line with Cybersecurity Framework 2.0 principles.
- California legislators published an open letter to the California Privacy Protection Agency challenging the independence of CPPA rulemaking authority.
- The court declared the Arkansas age verification law unconstitutional and permanently halted it to protect Arkansans’ online rights and privacy.
- OPM nominee pledged to do a full review of OPM practices on data privacy and data protection.
ASIA PACIFIC
Republic of Korea’s President signed the Personal Information Protection Act (No. 2208859), establishing a representative system for overseas businesses.
