Data privacy has seen a boom in the past year. With countries coming up with new legislations, enforcement being stricter, and technology companies bringing in new technologies which gave rise to new data protection-related concerns. This round-up will deal with these issues.

India

Three months after abruptly withdrawing a previous proposal due to scrutiny and concerns from privacy advocates and tech giants, India has proposed a new comprehensive data privacy law that will mandate how companies handle the data of their citizens, including permitting cross-border transfer of information with certain nations. This comes after India abruptly retracted a previous proposal because of the scrutiny and concerns raised by privacy advocates and tech giants. The nation’s Ministry of Information Technology disseminated a proposed regulatory document that is dubbed the Digital Personal Data Protection Bill 2022.

Because it makes it possible to conduct data transactions across international borders with selected nations, the proposal is being hailed as a victory by the information technology (IT) industry.

USA

On the other hand, the United States of America is making efforts to develop individual privacy legislation for each of its fifty states. In May 2022, members of Congress representing all political parties introduced a federal measure, despite the fact that its chances of becoming law are slim. In the meanwhile, the following pieces of law will become active in 2023:

● The California Privacy Rights Act will become operational on January 1, 2023, in the state of California.

● The Commonwealth of Virginia will have a statute in effect to safeguard the personal information of its customers beginning on January 1, 2023.

● The state of Colorado will implement a whole new privacy legislation on July 1, 2023.

● The Privacy of Personal Information Act of Connecticut, which goes into effect on July 1, 2023

● Residents of Utah will have their personal information protected under the Utah Consumer Privacy Act beginning on the 31st of December, 2023.

South-East Asia

In South-East Asia, the evolution of data privacy and cyber security policies will reach a critical juncture in the year 2022. The following is a rundown of the primary changes:

● On October 17, 2022, Indonesia passed new legislation that was designed to improve the level of protection afforded to the personal information of persons.

● The Personal Data Protection Act of Thailand became active on June 1, 2021, and various data protection guidelines were drafted in preparation for the law’s implementation.

● When the draught Personal Data Protection Decree was still undergoing promulgation in Vietnam, the government issued Decree 53, which sets instructions on the Cybersecurity Law.

Middle-East

The United Arab Emirates (UAE) passed its first data protection law on January 2, 2022. This law, known as the Federal Decree-Law No. 45 of 2021 respecting the Protection of Personal Data, was modeled after the General Data Protection Regulation. It is an encouraging step toward greater data protection harmonization with international standards, which is essential in today’s interconnected era, which is characterized by cross-border data flows. The law is consistent with the General Data Protection Regulation and other important international data protection principles.

On November 29, 2022, the Israeli Ministry of Justice made the Draft Privacy Protection Regulations (Provisions Regarding Information Transferred to Israel from the European Economic Area), 5782 – 2022.

The Saudi Data and AI Authority (SDAIA) submitted an updated version of the Personal Data Protection Law (PDPL) of the Kingdom of Saudi Arabia (KSA or the Kingdom) for consultation on November 20, 2022. (The Amended Draft). Significant, primarily business-friendly amendments are included in the Amended Draft, such as a relaxation of stringent data localization requirements and the addition of a specific type of legitimate interests as a foundation for processing.

Top GDPR Fines

This year, GDPR has seen strict enforcement of fines. The Data Protection Authorities of various EU nations levied heavy fines for non-compliance. The top 5 fines are here as follows-

● Instagram Meta Platforms Inc. – Ireland | €405,000,000

The sanction was imposed following a two-year investigation by the Irish DPC, which found that Instagram had allowed users between the ages of 13 and 17 to operate business accounts on the platform that displayed users’ phone numbers and email addresses. This led the authority to conclude that Meta had been processing the personal data of children and adolescents illegally without a legal basis under the GDPR.

● Clearview Al Inc. – Italy | €20,000,000

The inquiries and assessment by the Italian SA found several infringements by Clearview AI Inc. The personal data held by the company, including biometric and geolocation information, were processed unlawfully without an appropriate legal basis – since the legitimate interest of the US-based company does not qualify as such.

● Clearview Al Inc. – Greece | €20,000,000

The Greek Authority found that the company, which markets facial recognition services, violated the principles of lawfulness and transparency

● Clearview Al Inc. – France | €20, 000, 000

On October 17, 2022, the French Data Protection Authority (the “CNIL”) imposed a €20 million fine on Clearview AI for unlawful use of facial recognition technology. The fine was imposed after the CNIL’s prior formal notice remained unaddressed by Clearview AI.

● Meta Platforms Ireland Limited – Ireland | €17,000,000

Meta was fined 17 million Euros by the Irish authority for its handling of a dozen data breach notifications.

Emerging Technologies

The year 2022 has seen the three interrelated factors of accelerated digital transformation, particularly in relation to the widespread adoption of cloud, social media, IoT, and mobility, as well as ongoing difficulties in maintaining customer, supply chain, and employee experiences as well as maintaining cost competitiveness, value engineering, and responsiveness.

Even automotive companies have huge potential for additional revenues as well as savings from AI and big data in their IoT-connected cars ecosystem. However, as user data is collected and processed, it brings in a plethora of concerns.

The data sources in healthcare: patients, healthcare companies, research companies, payers, and other stakeholders have been churning data astronomically right from electronic health records (EHRs), imaging, genomic sequencing, smart sensors, mobiles, and wearables, medical research, payer and patient information and portals, government records and many more. this gives rise to many concerns.

Conclusion

It’s been another busy year in data privacy. A boom will even be seen in the year 2023, with continually changing technologies developing, giving rise to a fresh set of data protection concerns.

If you’re a company processing data, check out our services at https://tsaaro.com/data-protection-view-all/

If you want to know more, reach out to us at info@tsaaro.com