Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union (“NIS2 Directive”) entered into force on 16 January 2023. It had to be transposed into national law by 17 October 2024. Only a small number of member states (among them Hungary, Belgium and Croatia) have transposed the provisions of the NIS2 Directive into national law so far, and it is likely that a significant number of member states will need some time.
In December 2024, privacy concerns were raised after the new Bizfile portal of the Accounting, Corporate and Regulatory Authority of Singapore displayed names and full National Registration Identity Card numbers for free in its search results.
The Personal Data Protection Commission has since clarified the appropriate use and misuse of NRIC numbers.
On 17 December 2024, the Bipartisan House Task Force on Artificial Intelligence released a report on “guiding principles, forward-looking recommendations, and policy proposals to ensure America continues to lead the world in responsible AI innovation.” The report focuses on 15 key areas, including intellectual property, data privacy, healthcare and federal preemption of state law. These principles, recommendations and policy proposals are meant to be a tool rather than the final word on AI. As such, it is anticipated that future AI legislators will use the report to craft AI policy.
Various agencies led by the Department of Trade and Industry (DTI) have signed Joint Administrative Order No. 24-03, Series of 2024 containing the Implementing Rules and Regulations (IRR) of Republic Act No. 11967, or The Internet Transactions Act of 2023 (ITA).
The ITA is intended to regulate e-commerce, protect consumer rights and data privacy, and uphold intellectual property rights.
The IRR clarifies the scope and coverage of the ITA, the enforcement powers of the DTI vis-à-vis other agencies, and the applicable procedure for imposition of fines.
On 27 June 2024, the Personal Information Protection Commission (PPC), Japan’s data protection authority, released the “Interim Report on Considerations for the Triennial Review of the Act on Protection of Personal Information” (“Interim Report”). The Interim Report summarizes discussions within the PPC on issues surrounding the Act on Protection of Personal Information (APPI) from November 2023 to June 2024. The Interim Report is in accordance with amendments made to the APPI in 2020 requiring the PPC to review the provisions of the APPI every three years.
On October 23, 2015, the Portuguese Data Protection Authority issued a statement on transfers of personal data to the US which invalidated the European Commission decision 2000/520 / EC (Safe Harbor Decision),
The Court of Justice of the European Union, following the opinion of the Advocate General, invalidated European Commission Decision 2000/520 dated July 27, 2000, which allowed transfers of personal data to US companies that self-certified under the US/EU Safe Harbor Program.
The Bavarian Data Protection Authority (DPA) in Germany has fined two implicated companies – both seller and purchaser – for unlawfully transferring customer data as part of an asset deal.
On 3 September 2015, extensive amendments were introduced to the law in Japan which deals with the protection of personal information, “The Act on the Protection of Personal Information”.
The Hungarian Parliament has recently adopted an amendment (Act No CXXIX of 2015) to the Information Act that will provide regulation regarding how data controllers must treat data breach incidents. Under the amendment, a data breach incident is any unauthorized processing of data, including the unauthorized access, alteration, unauthorized transfer,…