Norway's data protection authority, Datatilsynet, published an FAQ regarding the state of lawful EU-US data transfers following several U.S. developments under the Trump administration. Datatilsynet covered specifics around the adequacy determination under the EU-U.S. Data Privacy Framework and how adequacy could be impacted by the removal of U.S. Privacy and Civil Liberties Oversight Board members.
Full story
Author: IAPP IAPP News
The Office of the Australian Information Commissioner laid out its strategy for encouraging and regulating the wider adoption of more secure digital identification verification systems. The agency said it will examine unsafe practices outside the country's ID system and create privacy guidelines to help groups comply with legal requirements.
Full story
The Washington Post reports on U.S. government employees' concerns about how the Department of Government Efficiency's efforts to reduce fraud and waste is potentially putting sensitive data at risk. Nearly two-dozen staffers at DOGE, formerly the U.S. Digital Service, recently resigned after allegedly being subject to an interview process they claimed introduced "significant security risks." Editor's note: IAPP Editorial Director Jedidiah Bracy and Staff Writer Caitlin Andrews wrote about the concerns DOGE's actions have raised around personal data.
Full story
The California Privacy Protection Agency released a report detailing its work in 2024. Meanwhile, the agency's data broker registry is live following the required broker registration deadline 31 Jan.
Full story
Turkey's data protection authority, KiÅŸisel Verileri Koruma Kurumu, issued guidance on improved protections for processing special categories of personal data under an amendment added to the Protection of Personal Data Law. The KVKK said the guidance helps data controllers address increased protections "based on correct legal reasons and to fulfill their obligations in accordance" with the PDPL.
Full story
The Saudi Authority for Data and Artificial Intelligence released guidance for organizations on risk assessments for international data transfers to ensure personal data is considered safe during processing. Organizations are obligated to conduct risk assessments when transferring personal data internationally, and must meet procedural requirements to comply with the Personal Data Protection Law.
Full story
Israel's Privacy Protection Authority published a draft statement highlighting organizational compliance with the Privacy Protection Law's consent obligations. The statement said organizations requesting consent to collect consumer data must ensure "the data subject is aware of the content of the request, its purposes, and the implications of his consent or refusal to accept the request."
Full story
While Elon Musk's request that federal employees submit information highlighting their productivity to the U.S. Department of Government Efficiency raises concerns, companies are already using technology to track employees' work, The Wall Street Journal reports. Meanwhile, Wired reports on the specific workplace monitoring tools that are becoming more prevalent as companies begin to rollout return-to-office plans.
Full story
The FBI allegedly used protected biometric consumer information from genetic testing companies to identify a murder suspect, The New York Times reports. Former FBI lawyer Steve Kramer said the agency's rules protecting biometric data during investigations serve a framework to safeguard citizens' information. However, in serious cases, the agency could decide to bypass the guidance to identify potentially dangerous individuals.
Full story
The Virginia Legislature adopted a bill putting requirements on AI developers to prevent discrimination and defining what counts as "high-risk" applications of the technology. But its future is unclear, with technology and civil interest groups both raising concerns and Gov. Glenn Youngkin, R-Va., quiet on his position. IAPP Staff Writer Caitlin Andrews has the details.
Full story