What to expect under the IAF's new leadership
The Information Accountability Foundation announced the appointment of Fred Cate as its new executive director and Stanley Crosley, CIPP/US, CIPM, as chief policy strategist.
Discover the latest industry insights and developments with our News from Around the Web page. We curate feeds from a variety of reputable organizations, bringing you a comprehensive overview of relevant news and trends. Stay informed and connected with the most current updates from across the web.
EU general-purpose AI Code of Practice timeline takes shape
Euractiv reports a first draft of the EU Code of Practice for general-purpose AI could be ready 3 Nov., while a European Commission spokesperson indicated a final draft is expected April 2025. The timeline comes after the Commission's consultation on the code received approximately 430 stakeholder comments. The Commission also disclosed disagreements that surfaced between general-purpose AI model developers and various stakeholders during first plenary session for code drafting.
Montana Consumer Data Privacy Act takes effect
Montana's comprehensive privacy law took force 1 Oct., The Bozeman Daily Chronicle reports. Data subject access rights, required risk assessments, purpose and processing limitations, and a 60-day cure period are among the provisions now effective while required recognition of universal opt-out signals takes effect 1 Jan. 2025. Editor's note: Explore this IAPP tracker on key dates for U.S.
European Commission publishes guidance on DGA compliance
The European Commission released nonbinding guidelines to help industry and member states "understand the provisions and reap the benefits" of the Data Governance Act. The guide is available in 24 different languages and will be updated periodically as the European Data Innovation Board gains experience implementing and enforcing the law.Full story
Estonia's DPA issues recommendations for parents, children about sharing photos online
Estonia's Data Protection Inspectorate encouraged parents and children to have a dialogue about instances when it is acceptable for parents to post photos of their children on social media. The DPI recommended parents educate their children to seek consent when they would like to take a photo of someone with a smart device and what is reasonable to share on the internet.Full story
AEPD releases children's online safety analysis
Spain's data protection authority, the Agencia Española de Protección de Datos, published an analysis of the protective measures around minors' privacy and safety online. The analysis explores strategies for a range of children's online safety scenarios, including safeguards against inappropriate content, child-safe website designs and consensual data processing.Full story
AI assistant's impact on workplace privacy
The use of AI assistants to track and transcribe meetings could have implications for employees' privacy, The Washington Post reports. With the potential of collecting employees' sensitive personal data or communications, privacy researcher Naomi Brockwell said "people haven't really internalized how invasive" AI assistants can be while the technology is "proliferating so fast."Full story
2024 in US state privacy law: A retrospective with Keir Lamont and David Stauss
The year 2024 proved to be another robust one for emerging U.S. state privacy law. Unlike previous years, however, 2024 underwent a paradigm shift away from the standard framework influenced by the draft Washington State Privacy Act. For the Future of Privacy Forum's Keir Lamont, CIPP/US, and Husch Blackwell's David Stauss, CIPP/E, CIPP/US, CIPT, FIP, PLS, 2024 marked the end of what Lamont calls the "Pax Washingtonia" era for state privacy law. IAPP Editorial Director Jedidiah Bracy caught up with Lamont and Stauss to discuss this busy year in state privacy law at IAPP Privacy. Security.
FCC enters settlement with T-Mobile following 'significant data breaches'
The U.S. Federal Communications Commission entered a settlement with T-Mobile following "significant data breaches" that affected millions of customers. Per the settlement, the mobile carrier will invest USD15.75 million in cybersecurity upgrades and pay a USD15.75 million fine to the FCC.
Sri Lanka seeks draft DPIA regulation feedback
The Data Protection Authority of Sri Lanka posted draft regulations on personal data protection impact assessments for public consultation. Stakeholders, the public and organizations have until 31 Oct. to respond, after which controllers face a March 2025 deadline to comply with the rules.Full story