Podcast: International Finance Corporation (IFC) Impact Investing Standards
Le 4 décembre 2024, l’Assemblée législative de l’Alberta a adopté deux projets de loi qui abrogeront et remplaceront la loi provinciale actuelle intitulée Freedom of Information and Protection of Privacy Act (la « Loi FOIP...more
Recently, the European Data Protection Board (EDPB) adopted an opinion addressing key data protection concerns arising from the use of Artificial Intelligence (AI) models. The opinion specifically focuses on how GDPR...more
AI Act Compact Book Tour - Join us as we tour major European cities, discussing AI regulation and fostering community connections. In each city, we are offering an intensive, full-day (six hours, plus drinks, lunch,...more
On December 4, 2024, the Legislative Assembly of Alberta passed two bills that will repeal and replace the province’s Freedom of Information and Protection of Privacy Act (FOIP Act). The new legislation separates the...more
Keypoint: The appellate court ruled that the California Age-Appropriate Design Code Act’s impact assessment provision is unconstitutional and remanded the case back to the trial court to consider the constitutionality of the...more
Rhode Island is the latest state to enact consumer privacy legislation. The Rhode Island Transparency and Privacy Protection Act (the "Act"), which passed into law on June 28, 2024, establishes a framework for controlling and...more
Even though it may not seem like it, the purpose of laws like the EU GDPR (General Data Protection Regulation) isn’t just for the EU to gain additional revenue through fines and penalties. They exist to protect individuals’...more
The new AI Act establishes an obligation for the deployers of certain high-risk AI systems to conduct a “fundamental rights impact assessment” (“FRIA”). This will have a high impact on insurance companies that use AI systems...more
One of data privacy’s greatest challenges is that it can all feel just so abstract. What does it really mean for an individual’s data to be at “risk”? What activities are riskier than others?...more
With so much of our society’s data flowing through digital platforms, keeping it safe is increasingly crucial. If your business has access to any personal information (PI)—a person's full name, phone number, email address,...more
Learning Objectives - Data privacy compliance requires the use of privacy impact assessments and data transfer assessments - What about the value of other assessments like privacy by design, online safety, AI risk,...more
Privacy impact assessments (PIAs) and/or data protection impact assessments (DPIAs) have formed the practical basis for evaluating initiatives involving personal data in order to comply with various legal requirements for...more
With the passage of numerous comprehensive state laws, many U.S. companies are now subject to a formal requirement to complete a Privacy Impact Assessment (“PIA”). While the various state and international PIA requirements...more
Data protection assessments are required for high-risk processing activities in a rapidly growing set of federal, state, and international comprehensive privacy laws. These assessments are triggered by processing activities,...more
In September 2022, California Governor Gavin Newsom signed into law the California Age Appropriate Design Code Act (CAADCA). Beginning July 1, 2024, the act will require businesses that provide online services or features...more
Under the emerging regime of privacy laws in the U.S., businesses must prepare to assess the protection of certain information in view of proposed data processing activities, beginning with the new laws to be effective in...more
Learning Objectives: - What is a PIA and a DPIA? - Who should instigate assessments? - How and when to use assessments? - The relationship between assessments and privacy by design, and legal grounds for processing...more
The dust has settled on the new EU standard contractual clauses for cross-border data transfers (“New SCCs”), but confusion still reins on how the New SCCs cover data transfers and what companies need to do to take advantage...more
Garante, the Italian data protection authority, has issued FAQ's on CCTV surveillance and data protection. Highlighting the European Data Protection Board's (EDPB) guidelines on the topic, here are some takeaways: Area of...more
The California Attorney General attached a Standardized Regulatory Impact Assessment (SRIA) of the economic impact of the draft California Consumer Privacy Act (CCPA) Regulations to the draft regulations. Some key takeaways: ...more
Colleges and universities, like many other organizations, have incorporated automated data collection and predictive analytics into their business models and decision-making processes....more
Do the draft CCPA Regulations make a big difference in compliance costs where it comes to privacy notices? Standardized Regulatory Impact Assessment (SRIA) of the economic impact of the draft CCPA Regulations says – maybe...more
Why does this topic matter to organisations? A significant aspect of complying with EU data protection law is demonstrating compliance—making it evident to DPAs that an organisation is meeting its obligations. Three of the...more
The new GDPR is much more detailed than the 1995 Directive. The GDPR has 99 articles, versus 34 in the Directive. And a few new key concepts clearly require new guidance....more
The steady trickle of GDPR guidance from the Article 29 Working Party continues. Fresh from finalising its guidance on data portability, lead supervisory authorities and data protection officers, the Working Party has...more