Data Protection Leader is the bi-monthly magazine from OneTrust DataGuidance featuring interviews with some of privacy's top voices as well as expert insight and analysis on trending topics in data protection, cybersecurity, and beyond.
This edition of the Data Protection Leader Magazine contains articles looking at emerging artificial intelligence (AI) policies across Africa, the Montana Consumer Data Privacy Act (MTCDPA), the current US privacy landscape, and AI and data protection recommendations from German DPAs. This issue also contains interviews with top privacy professionals as well as a closer look at the regulatory landscape in Canada.
The Enforcement Tsunami
In his regular editorial, Eduardo Ustaran unpacks the surge in regulatory enforcement worldwide, highlighting how regulators are increasingly turning to data processing suspensions as a tool of choice over hefty fines.
“As the race to develop and deploy awe-inspiring AI heats up, even a temporary suspension of such a time-critical activity can have devastating consequences. So requiring to pause data processing activities until essential requirements are met gives regulators the upper hand in ensuring that appropriate accountability and transparency measures - such as doing a Data Protection Impact Assessment and providing notice and choice - are undertaken as a matter of priority.”
Country Profile: Canada
Dustin Moores, Counsel at nNovation LLP, gives a detailed look at how recent legislative changes are reshaping Canada's privacy landscape, including Quebec's Law 25 and the federal Bill C-27. He also gives his analysis on the potential penalties and new consent requirements under these frameworks.
“Anyone familiar with Canada's privacy legislation is likely aware that modernization is long overdue. In this regard, the province of Quebec passed substantial amendments to its public and private sector privacy legislation in 2021. At the federal level, change has come at a much slower pace, and whether proposed changes actually become law is far from certain.”
Key developments and emerging policies in Tanzania, Rwanda, and Ghana
Rachel Magege, Data Governance Specialist at Pollicy, takes us through advancements related to AI policy in Tanzania, Rwanda, and Ghana. These nations are embracing AI to drive agricultural innovation, improve healthcare, and modernize education, while also grappling with data governance challenges.
“Tanzania, Rwanda, and Ghana are to be commended for their contribution to AI development in East and West Africa. Their unique approaches, policies, and initiatives demonstrate their commitment to harnessing the transformative potential of AI while addressing its challenges. As these countries continue to invest in AI, they have the opportunity to become regional leaders in technology and innovation, shaping the future of the continent.”
Montana's New Data Privacy Law
Jordan Fischer, Founding Partner at Fischer Law LLC, breaks down the MTCDPA's requirements, from data protection assessments to opt-out rights, helping businesses understand how to navigate this new law.
“When businesses are assessing the impact of the MTCDPA on their operations, it is important to first assess whether the business is actually required to comply with the law and then assess how this law may differ from other state privacy laws in a way that is meaningful to the businesses. With all of these new privacy laws, it is also key to understand that the law can impact each business in a unique way.”
Germany: AI and Data Protection
As AI continues to transform industries, German regulators are focusing on how AI systems intersect with GDPR compliance. In this article, Dr. Carlo Piltz and Alexander Weiss discuss the role of supervisory authorities, data protection assessments, and Privacy by Design principles in ensuring AI systems align with data protection laws.
“The documents from the German DPAs not only provide a good introduction to the interplay between AI and data protection, but also contain many specific recommendations for companies that are planning to use AI or are already using such systems. For this reason, companies based in Germany, as well as those offering AI products there, should familiarize themselves with the relevant documents and follow the provided guidelines.”
US Privacy Law
Kevin Angle, Allan Holder, Bart W. Huffman, and Rachel Marmor from Holland & Knight LLP provide a comprehensive overview of the evolving US privacy landscape. From state-level developments to the complexities of children's privacy regulations, this update covers the latest enforcement actions and what they mean for your organization.
“Most state legislatures have completed their sessions, but with regulatory enforcement in full swing and Congress still in session, privacy does not seem like it will fade from the headlines anytime soon. While states seem to have settled on a model for regulating consumer privacy generally, it is likely that we will see further attempts to address specific risks through data-centric legislation and enforcement in the coming months.”