Privacy and data security in the U.S

  • CLARIFICATIONS FROM COLORADO ATTORNEY GENERAL WOULD EASE INSIGHTS INDUSTRY COMPLIANCE WITH COLORADO PRIVACY ACT
  • PRIVACY FOR AMERICA RESPONDS TO PROPOSED FINANCIAL PRIVACY RULES FROM CFPB
  • AREAS FOR IMPROVEMENT IN DRAFT HOUSE FINANCIAL PRIVACY LEGISLATION
  • LAWSUIT AGAINST NEW MINORS PRIVACY LAW IN CALIFORNIA
  • NEW JERSEY A. 4919 – CHILDREN’S DATA PROTECTION COMMISSION

CNIL publishes guidance on health authorisation requests

The French data protection authority (‘CNIL’) announced, on 6 February 2023, that it had published two sets of guidelines on health authorisation requests. In particular, CNIL explained that the guidance aims to aid data controllers in submitting their requests for authorisation of processing in the field of healthcare for research and non-research purposes.

Spain: AEPD publishes blog post on reviewing and updating data protection security measures

The Spanish data protection authority (‘AEPD’) published, on 8 February 2023, a blog post on when data controllers should review and update data protection security measures. In particular, the AEPD recalled that, according to Article 24 of the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’) and Organic Law 7/2021, of May 26, on the protection of personal data treated for the purposes of prevention, detection, investigation and prosecution of criminal offences and execution of criminal sanctions, transposing the Data Protection Directive with Respect to Law Enforcement (Directive (EU) 2016/680) (‘Law Enforcement Directive’), data controllers are required to review and update the implemented technical and organisational measures so to ensure that the data processing in question complies with data protection regulations.