Data Privacy Archives

In Data Privacy

India: Preparing for India’s First Comprehensive Data Privacy Law – The Digital Personal Data Protection Act

December 3, 2024 by Rachel Ehlers and Mercedes Subhani 7 Mins Read

In brief Companies operating in India should note that India’s Digital Personal Data Protection Act (“DPDPA”) is expected to come into effect by the end of 2024. India enacted the DPDPA, its first comprehensive data privacy law on August 11, 2023. The DPDPA largely aligns with the European Union’s General Data Protection Regulation (“GDPR”) and the California’s Consumer Privacy Act (“CCPA”) but includes unique, consumer-friendly features, such as expanded consumer rights and newly established requirement…

In Data Privacy

Chile: Reform of the Data Protection Act

November 15, 2024 by Diego Ferrada and Consuelo Andueza 4 Mins Read

After seven years of discussion, on 26 August 2024, the Chilean congress finally approved the reform of the Chilean Data Protection Act (“Reform” and “Act”, respectively). The Act is heavily influenced by the General Data Protection Regulation. The key changes introduced are as follows: Deep dive on the Reform The Reform is expected to be published within the next few weeks. Once published, the implementation will take 24 months, providing time for (i) companies to…

In Workplace Privacy

EMEA HR Privacy developments

November 15, 2024 by Julia Wilson and Christian Koops 1 Min Read

Welcome to the next edition of our quarterly HR Privacy newsletter, designed to keep you updated with key cases, enforcement action, legal developments, trends and news relating to employment/HR data privacy matters, which is brought to you by the Baker McKenzie EMEA Employment and Compensation practice group. This edition explores high-profile case-law decisions and enforcement action, new consultations, regulations, guidance and relevant news in the EU, UK, Austria, Germany, Italy, South Africa and Spain markets.…

In Data Privacy

A glimpse into the future of cross-border data regulation

November 8, 2024 by Brian Hengesbaugh and Elizabeth Denham CBE 7 Mins Read

This article was originally published by IAPP linked here. Recent global developments offer a glimpse into the future of cross-border data regulation. Historically, such regulations have focused on restrictions of cross-border transfers of personal data to achieve public policy goals on individual privacy rights. Today, cross-border data regulations are starting to cover a broader array of data, such as personal data, nonpersonal data and other company information, for a diversified range of public policy purposes…

In Cybersecurity

Latin America tech regulatory developments: what has changed in the region in 2023 and 2024?

November 5, 2024 by Carlos Arboleda, Flavia Amaral*, Catalina Benatena, Guillermo Cervio, Diego Ferrada, Agustin Gastaldi, Manuel Moreno, Carolina Pardo, Martin Roth, Maria Eugenia Salazar-Furiati, Teresa Tovar, Carlos Vela-Trevino, Marcela Trigo* and Daniel Villanueva-Plasencia 1 Min Read

Latin America is experiencing a dynamic shift in its regulatory environment, particularly in the technology sector. Countries across the region are actively updating and introducing new laws to address the rapid advancements in technology and the growing importance of data protection, cybersecurity, and digital finance. These developments are crucial for fostering innovation, ensuring consumer protection, and maintaining competitive markets in the region. Our regional round-up outlines the key legislative and regulatory changes shaping the tech…

In Artificial Intelligence

Minding Your Data: New Law Expands CCPA’s Sensitive Personal Information to Include Neural Data

October 1, 2024 by Adam Aft, Cynthia Cole, Brian Hengesbaugh, Cristina Messerschmidt, Ella Noll, Justine Phillips, Garrett Stallins and Avi Toltzis 3 Mins Read

“Neural data” is the newest addition to the ever expanding California Consumer Privacy Act (CCPA). Signed into law on September 28, 2024, SB 1223 amends the CCPA to add “personal information that reveals neural data” to the categories of personal information that constitute sensitive personal information. It further amends the CCPA to define “neural data” as “information that is generated by measuring the activity of a consumer’s central or peripheral nervous system, and that is…

In California Privacy Law

Dark Pattern Prohibitions the Subject of New Enforcement Advisory in California

September 10, 2024 by Helena Engfeldt and Michelle Shin 2 Mins Read

The California Privacy Protection Agency has issued an Enforcement Advisory on the topic of dark patterns. The California Consumer Privacy Act uses the term “dark patterns” to refer generally to user interfaces that subvert or impair consumers’ autonomy, decisionmaking, or choice when asserting their privacy rights or consenting to personal information processing activities. For example, when businesses provide choices to consumers, such as via cookie banners or in privacy preference centers, choices must be clear…

In Data Privacy

U.S. Lawmakers Push for Child Safety Online Amid Constitutional Battles

September 9, 2024 by Jonathan Tam 8 Mins Read

In recent years, both U.S. state and federal legislatures have intensified efforts to enact laws aimed at safeguarding minors in the digital world. However, several court rulings have found that these legislative actions overstepped constitutional limits. This article highlights key legislative initiatives at the U.S. federal level and in California and Texas to protect children and teenagers online, and lawsuits challenging the legality of the California and Texas measures, as of early September 2024. Federal…

In Cybersecurity

Malaysia: Public consultations on data breach notification, data protection officer and data portability

August 27, 2024 by Kherk Ying Chew, Serene Kan and Chun Hau Ng 5 Mins Read

Following the passing of the Personal Data Protection (Amendment) Bill 2024 (“Bill”) by the Malaysian Parliament in July 2024, three public consultation papers have been issued in relation to the implementation of the following impending new legal obligations: The deadline to provide feedback is 6 September 2024 (Friday). Contents: In more detail We have earlier highlighted in our client alert some of the key changes brought by the Bill to the Personal Data Protection Act 2010 (PDPA) and that certain…

In Data Privacy

American Privacy Rights Act: A first glance at the US Congress’s newest comprehensive privacy bill

August 26, 2024 by Lothar Determann, Brian Hengesbaugh and Avi Toltzis 1 Min Read

Abstract The recently introduced American Privacy Rights Act (APRA) represents the latest attempt to pass a comprehensive federal privacy law in the US that would govern privacy generally across the country. The draft bill proposes novel compromises on controversial topics such as federal preemption and rights of private action, which need refinement and will likely be changed in the legislative process. The attempt to cover not-for-profit entities without accounting for their different purposes seems ill…