August 2024 Global Compliance, Ai, and privacy laws update

August 2024 Global Compliance, Ai, and privacy laws update

In August 2024, the global landscape for privacy and cybersecurity regulations saw significant developments, reflecting the ongoing efforts of governments and regulatory bodies to address emerging cyber threats and data protection challenges. Here is an overview of the key updates and trends in privacy and cybersecurity compliance during this period:

Global Regulatory Developments

European Union

  • EU-U.S. Data Privacy Framework: The EU continued to enforce the General Data Protection Regulation (GDPR) vigorously, with the European Data Protection Board (EDPB) providing updated guidelines. The EU-U.S. Data Privacy Framework replaced the invalidated Privacy Shield, requiring U.S. companies to adhere to strict privacy obligations to facilitate data transfers between the EU and the U.S.[1].
  • NIS 2 Directive: The Network and Information Security (NIS 2) Directive, effective since January 2023, aims to enhance cybersecurity across the EU. It imposes stricter requirements on critical infrastructure sectors to ensure a high level of security for network and information systems[1].
Privacy Shield and Its Successors
Overview The EU-U.S. Privacy Shield framework was a legal mechanism designed to facilitate the transfer of personal data between the European Union (EU) and the United States (U.S.) while ensuring adequate protection under EU data protection laws. However, this framework was invalidated by the Court of Justice of

United States

  • Software Security Regulations: The U.S. has prioritized software security, particularly for companies selling to the federal government or providing critical infrastructure services. The Cybersecurity and Infrastructure Security Agency (CISA) has required secure software development attestations since June 2024, with further requirements expected by September[2].
  • State Privacy Laws: In the absence of a comprehensive federal privacy law, several U.S. states have enacted their own data privacy regulations. Businesses must navigate these varying state laws, which often have unique compliance obligations and consumer rights[3].
    • Texas Data Privacy and Security Act (TDPSA): Effective July 1, 2024, this law applies broadly to businesses without a revenue threshold. It mandates consumer consent for selling sensitive data and is enforced by the Texas Attorney General, who is expanding the enforcement team to focus on privacy laws.
    • Florida Digital Bill of Rights (FDBOR): Also effective July 1, 2024, this law primarily targets large tech firms with over $1 billion in revenue. It includes rights for consumers to opt out of data collection and processing, particularly for sensitive data, and imposes unique requirements for children's privacy.
    • Oregon Consumer Privacy Act (OCPA): Effective July 1, 2024, this law applies to businesses processing the personal data of at least 100,000 Oregon residents or those deriving significant revenue from selling personal data. It emphasizes data minimization and requires data protection assessments for high-risk processing activities.
    • Montana Consumer Data Privacy Act (MCDPA): Set to take effect on October 1, 2024, this law is similar to Oregon's, applying to businesses processing personal data of at least 5,000 state residents or those with significant revenue from data sales.
  • Proliferation of State Laws: With over 20 states having enacted comprehensive privacy laws, businesses must navigate a complex regulatory environment. Each state law has unique provisions and compliance obligations, which can be challenging for companies operating across multiple jurisdictions.
  • Focus on Sensitive Data: Many of the new state laws emphasize the protection of sensitive data, requiring explicit consumer consent for its processing and sale. This trend reflects growing concerns about the misuse of personal information, particularly in sectors like healthcare and technology.
  • Children's Privacy: Several states, including Florida, have introduced stringent regulations to protect children's privacy, limiting data collection and profiling by online platforms.
  • Lack of Federal Legislation: Despite the growing patchwork of state laws, there has been little progress on a comprehensive federal privacy law. This has led to calls for federal action to create a unified framework that would simplify compliance for businesses and enhance consumer protection.

The regulatory landscape for privacy and cybersecurity in the U.S. is increasingly being shaped by state-level initiatives. As more states enact comprehensive privacy laws, businesses must stay informed and adapt their compliance strategies to meet diverse legal requirements. The emphasis on sensitive data protection and children's privacy highlights the evolving priorities in data governance. In the absence of federal legislation, state laws will continue to play a critical role in shaping privacy standards and enforcement in the United States.

Asia-Pacific

  • Singapore: Amendments to Singapore's Cybersecurity Act expanded the oversight of the Commissioner of Cybersecurity to include foundational digital infrastructure. The amendments also broadened the scope of reportable incidents[1].
  • South Korea: Amendments to the Personal Information Protection Act (PIPA) in South Korea streamlined data processing standards across online and offline businesses, preparing the industry for digital transformation[1].
Navigating Global Data Privacy Laws: A Closer Look at GDPR, PIPEDA, POPIA, APPI, PDPB, PDPA, APPs, Swiss-US Privacy Shield, and LGPD
In the digital age, data privacy has emerged as a critical issue. As a result, countries around the world have enacted their own data privacy laws to safeguard their citizens’ personal information. This article delves deeper into the similarities and differences between nine major data privacy laws worldwide: GDPR (EU)

Other Regions

  • Sri Lanka: The Sri Lankan government continued to implement the Personal Data Protection Act, planning to establish a Data Protection Authority and finalize additional cybersecurity legislation[1].
  • Increased Regulatory Scrutiny: Globally, there is a heightened focus on data privacy and transparency, driven by consumer awareness and regulatory scrutiny. Legislators are expanding the scope of data protection laws and enhancing enforcement mechanisms[6].
  • Cybersecurity in Remote Work: The continued prevalence of remote work has reshaped the cybersecurity landscape, emphasizing the need for robust endpoint security and access control measures to protect sensitive data[6].
  • Integration of Emerging Technologies: The rise of artificial intelligence, quantum computing, and the Internet of Things presents new regulatory challenges. Existing laws may need updates to address these evolving threats[6].
Additional Ethical AI Initiatives in 2024
Introduction As artificial intelligence (AI) continues to evolve, ethical considerations have become increasingly critical. Beyond the OECD AI Principles and UNESCO’s Recommendation on AI Ethics, several other global and regional initiatives are shaping the ethical landscape of AI development and deployment. This section explores additional initiatives that have emerged or

Global regulatory landscape for artificial intelligence (AI)

AI governance laws, frameworks, and technical standards from around the world
Navigating the Complex Landscape of AI Governance: A Global Overview As artificial intelligence (AI) continues to transform industries and societies, the need for robust governance frameworks has never been more critical. Across the globe, governments, international organizations, and standards bodies are introducing laws, frameworks, and technical standards to ensure AI

European Union

EU AI Act

  • The European Union has taken a pioneering step with the EU AI Act, which came into force on August 1, 2024. This comprehensive legislation establishes a framework for regulating AI systems based on their risk levels. It includes strict safety and transparency standards for high-risk applications, such as those used in credit assessment and biometric systems.
  • The Act's provisions will be phased in over time, with some obligations, such as the ban on certain high-risk AI systems, taking effect as early as February 2025. The EU AI Act is expected to set a global benchmark for AI regulation due to its broad extraterritorial reach.
Canada AI Law & Policy: A Comprehensive Guide
Introduction Canada has emerged as a global leader in AI governance, setting precedents with its national strategy and comprehensive regulatory approach. This guide offers an in-depth look at Canada’s AI policies, laws, and future directions. 1. Canada’s AI Leadership National AI Strategy * First in the World: Canada proudly claims the

United States

State-Level Initiatives

  • The U.S. has not yet enacted a comprehensive federal AI regulation, but states like Colorado have begun to implement their own frameworks. Colorado's new AI law, effective in 2026, aims to prevent consumer harm and discrimination by imposing requirements on high-risk AI systems.
  • The federal approach remains fragmented, with ongoing discussions about how agencies like the FTC might regulate AI, particularly concerning consumer rights and privacy.

Asia-Pacific

Regional Developments

  • The Asia-Pacific region is rapidly developing AI regulations, with at least 16 jurisdictions having some form of guidance or regulation. Countries like Japan, South Korea, and Indonesia are crafting regulations that balance innovation with citizen protection.
  • Japan is preparing the Basic Law for the Promotion of Responsible AI, focusing on accuracy, reliability, and cybersecurity of AI systems. South Korea is also developing a regulatory framework that emphasizes fundamental rights protection.
Guide to Cybersecurity Initiatives in Africa
Introduction Africa is experiencing rapid digital transformation, which brings both opportunities and challenges. As digital adoption increases, so does the risk of cyber threats. To address these challenges, various cybersecurity initiatives have been undertaken across the continent. This guide provides an overview of key cybersecurity initiatives, policies, and frameworks within

Other Regions

China

  • China continues to enforce strict AI regulations with an emphasis on social stability and national security. The Personal Information Protection Law (PIPL) sets stringent rules for personal data collection and use in AI applications.
Navigating the EU AI Act: A Comprehensive Guide for Deployers of High-Risk AI Systems
The European Union’s Artificial Intelligence Act (EU AI Act) marks a significant milestone in the regulation of AI technologies. While much attention has been focused on AI providers, deployers of high-risk AI systems face equally important responsibilities. This guide breaks down the key requirements and considerations for deployers under the

Mexico

  • Mexico is in the early stages of developing a comprehensive AI regulatory framework. The National AI Alliance, established in 2023, aims to strengthen the country's AI ecosystem and lay the groundwork for future legislation.

International Efforts

  • Global organizations like the United Nations and UNESCO are working towards multilateral AI governance frameworks. The UN's Resolution A/78/L.49 emphasizes ethical AI principles and adherence to international human rights law.

The regulatory landscape for AI is evolving rapidly, with significant differences in approach across regions. The EU's comprehensive AI Act is likely to influence global standards, while the U.S. and Asia-Pacific countries continue to develop their own regulatory frameworks. As AI technologies advance, the need for robust governance and compliance mechanisms becomes increasingly critical to ensure responsible and ethical AI deployment worldwide.ShareRewrite

Additional Comprehensive AI Regulatory Frameworks in 2024
Introduction Beyond the EU AI Act and the US AI Bill of Rights, several other comprehensive regulatory frameworks have been developed worldwide to govern the ethical and responsible use of AI. These initiatives aim to address the diverse challenges posed by AI technologies, ensuring that they are deployed in ways

Conclusion

The regulatory landscape for cybersecurity and privacy continues to evolve rapidly, with significant developments across various regions. Organizations must stay informed about these changes and adapt their compliance strategies accordingly. This involves conducting regular audits, implementing robust cybersecurity measures, and fostering a culture of compliance and accountability. As cyber threats grow more sophisticated, proactive risk management and adherence to regulatory requirements are crucial for safeguarding data and maintaining consumer trust.

Citations:
[1] https://www.gibsondunn.com/international-cybersecurity-and-data-privacy-review-and-outlook-2024/
[2] https://www.wileyconnect.com/policy-patches-an-update-on-software-security-regulation
[3] https://www.whitecase.com/insight-alert/what-expect-us-privacy-2024
[4] https://www.cov.com/en/news-and-insights/insights/2024/01/data-privacy-day-2024-key-global-developments-in-data-privacy-and-cybersecurity-in-2023-and-what-to-expect-in-2024
[5] https://www.cybersecuritydive.com/news/cyber-enforcement-regulation/706141/
[6] https://www.acronis.com/en-us/blog/posts/cyber-security-trends/
[7] https://corpgov.law.harvard.edu/2024/07/02/sec-remains-focused-on-disclosure-of-cybersecurity-incidents/

Read more