Issue 209

EU & UK

  • UK’s Information Commissioner’s Office (ICO) imposed a fine of EUR 150,000 against Poxell Ltd for violation of the Privacy and Electronic Communications Regulations 2003.
  • European Commission issued a press release to mark the entry into force of the EU Data Act after its publication in the Official Journal of the European Union.
  •  ICO launched a consultation series on generative artificial intelligence, examining how aspects of data protection law should apply to the development and use of the technology. 
  • Danish data protection authority published a guidance on managing data breaches primarily aimed at employees responsible for an organization’s policies, procedures, training, and IT setups to safeguard against breaches of personal data security.

AMERICAS

  • Senate Bill 332 was signed by the Governor of New Jersey, following its passage by the General Assembly and the State Senate.
  • New York Office of Information Technology Services published its artificial intelligence policy named ‘Acceptable Use of Artificial Intelligence Technologies’.
  • New York State Department of Financial Services (NYDFS) imposed a penalty of USD 8 million on Genesis Global Trading, Inc. for violations of the NYDFS’s virtual currency and cybersecurity regulations, as well as the Financial Services Law.
  • Information and Privacy Commissioner of Ontario announced its additional enforcement powers following the entry into force of the amendments to the Personal Health Information Protection Act and the accompanying Regulation.
  • National Institute of Standards and Technology announced its initiative to conduct research exploring cybersecurity and privacy challenges posed by emerging immersive technologies such as virtual reality, augmented reality, and mixed reality.

ASIA PACIFIC

  • Infocomm Media Development Authority of Singapore and AI Verify Foundation requested public comments on a draft Model Governance Framework for Generative AI.
  • Gazette of the Democratic Socialist Republic of Sri Lanka released an Order by the President and the Minister of Technology, Ranil Wickremesinghe, appointing  July 17, 2023, as the effective date for the establishing the Data Protection Authority of Sri Lanka.
  • South Korea’s Personal Information Protection Commission announced that Meta Platforms Inc. had completed corrective measures to prevent collection of behavioral information.
  • Thailand’s Royal Decree outlining exceptions to data controller obligations under the Personal Data Protection Act came into force.