On 31 May 2023, the Monetary Authority of Singapore (MAS) and Google Cloud signed a memorandum of understanding[1] to collaborate on generative artificial intelligence (AI) solutions that are rooted in responsible AI practices. The goal of this tie-up is to promote the use of responsible generative AI applications within MAS, which is Singapore’s central bank, by: Identifying potential use cases, conducting technical pilots and creating responsible generative AI solutions for MAS’ internal and industry-facing digital services Developing responsible AI applications, by test-bedding these for ..read more

Squire Patton Boggs’ Kyle R. Dull and Julia B. Jacobson recently authored an article published by Competition Policy International in the CPI TechREG Chronical, that details “dark patterns,” which are misleading or otherwise manipulative user experiences intended to influence a consumer’s behavior and prevent them from making fully informed choices. Dark patterns are not merely clever marketing gimmicks; rather, they are designed to cause users to unwittingly act against their personal preferences, such as signing up for services they do not want, purchasing products they do not intend to purc ..read more

On 31 May 2023, South Korea’s Personal Information Protection Commission announced[1] that a research group comprising experts from academia, industry and law would be set up, with the aim of reviewing the nation’s laws to enhance the protection of data subjects’ biometric information when this data is processed, particularly in light of recent generative artificial intelligence (AI) developments. Noting that biometric information by its nature is both unique to an individual and immutable, the impact from its misuse or leakage was recognised to be greater. It was also acknowledged that there ..read more

On May 18, 2023, the Federal Trade Commission (“FTC”) unanimously adopted its Policy Statement on Biometric Information and Section 5 of the Federal Trade Commission Act (“Policy Statement”), addressing the increasing use of consumers’ biometric information and the marketing of technologies that use or claim to use it—regarding which the FTC raises significant concerns. In the areas of privacy, data security, and the potential for bias and discrimination. In addition, the Policy Statement also provides a detailed discussion of the established legal requirements applicable to the use of biometr ..read more

In case you missed it, below are recent posts from Privacy World covering the latest developments on data privacy, security and innovation. Please reach out to the authors if you are interested in additional information. The Philippines Consults on Draft Consent and Private Identification Cards Guidelines | Privacy World Southeast Asia and the EU Publish a First-of-its-Kind Interoperability Guide for Data Transfers | Privacy World Changes to Spanish Data Protection Laws | Privacy World Navigating Data Privacy Assessments Amid New State Laws | Privacy World The Philippines and Hong Kong Sign Da ..read more

The Philippines’ National Privacy Commission (NPC) has released for public comment two sets of draft guidelines on: Consent as a basis for processing personal data (Consent Guidelines)[1] The issuance and use of identification cards by private organizations (ID Cards Guidelines)[2] Consent Guidelines Consent is acknowledged as the most common criterion for processing personal data. Hence, the NPC has determined the need to provide further guidance to the industry on the concept and usage of consent as a lawful basis for processing personal data. Data Privacy Principles  The Consent Guid ..read more

The European Commission and the Association of Southeast Asian Nations (ASEAN) have published a first-of-its-kind guide[1] that identifies the similarities and differences between the ASEAN model contractual clauses (ASEAN MCCs) and the EU standard contractual clauses (EU SCCs). A second guide will be issued in due course, which will provide best practices for meeting both sets of contractual clauses. The objective of these guides is to: Help companies that export or import data across the ASEAN and EU regions understand the similarities and differences between the respective contractual clau ..read more

The Spanish data protection and e-commerce legislation has been recently amended in order to, on the one hand, redefine the nature of the process to issue reprimands to data controllers and processors (so that reprimands are removed from the list of sanctions resulting from infringement of the regulations) and, on the other hand, relax the rules governing the Spanish authority’s investigation procedure, enlarging the term for conducting investigation activities and allowing for the authority to operate remotely, among other updates. We summarize the impact of these modifications and how they m ..read more

With several consumer privacy laws and regulations going into effect this year, businesses need to be conducting and documenting formal assessments of their data practices, known as “Data Protection Impact Assessments” or “DPIAs.” We previously discussed DPIA requirements under the Virginia Consumer Data Protection Act (“VCDPA”), Connecticut’s Public Act No. 22-15 (“CTPA”), California Privacy Rights Act (“CPRA”), and Colorado Privacy Rights Act (“CPA”) here, and DPIA requirements under the California Age-Appropriate Design Code Act (“CAADCA”) and New York City’s Local Law 144 (“Local Law 144 ..read more

On 22 May 2023, the Philippines’ National Privacy Commission (NPC) and the Hong Kong Office of the Privacy Commissioner for Personal Data (PCPD) signed a Memorandum of Understanding (MOU)[1] to cooperate on data protection matters. Under the MOU, the authorities will provide mutual assistance in investigations pertaining to cross-border data incidents and breaches, and facilitate information sharing with one another. The authorities will also collaborate on training and education on current and emerging data protection issues, with a view to fostering a more secure, inclusive and data-driven d ..read more