We published this week a summary and analysis of the African Union’s Data Policy Framework.
* Contextualizing it within the larger process of creating a digital single market to assert Africa’s voice in ongoing global policy conversations and indicate that Member States will no longer be “standard takers” of data protection policy but rather “standard makers”
https://fpf.org/blog/the-african-unions-data-policy-framework-context-key-takeaways-and-implications-for-data-protection-on-the-continent/

@LornaWoods Thanks so much, Lorna!

🔎 5) Privacy Regulatory Movements to Follow: India, Argentina, Australia, Canada, South Korea

Big regulatory movements in privacy and data protection will continue in 2023, and the jurisdictions to follow are India (again!), Australia, Argentina, Canada, and South Korea. If you're interested why, ask me for details.

For pointers on what to be looking for in US lawmaking, see my colleague Keir Lamont’s analysis in https://fpf.org/blog/five-big-questions-and-zero-predictions-for-the-u-s-state-privacy-landscape-in-2023/

This wraps up my first Masto thread.🤓

END

Second, #India will hold the Presidency of the #G20 and very recently the country marked a shift away from data localization with the withdrawal of the 2019 Personal Data Protection Bill and the introduction of the Digital Personal Data Protection bill last fall. 🇮🇳

This recent piece published by the Atlantic Council explains how “India’s #datalocalization pivot can revamp global digital diplomacy”: https://www.atlanticcouncil.org/blogs/southasiasource/indias-data-localization-pivot/

12/

🌏 This year will be crucial for moving the conversation forward on how to enable cross-border data flows at intergovernmental level, for several reasons.

First of all, Japan is back in a leadership position, this time holding the Presidency of the G7 and it has made its intentions very clear to continue pushing for DFFT by promoting regulatory cooperation.

In this respect, the DPAs of the G7 countries are working on “convergence to foster future interoperability” of transfer tools.

11/

↔️ 4) Big Intergovernmental Push for #Crossborder Data Flows: G7 and G20

Cross-border #data flows entered the world of high-level intergovernmental organizations decidedly in 2019, when Japan proposed the concept of Data Free Flow with Trust as a guiding principle for rule-making in this field, under the leadership of Shinzo Abe, the late prime minister of Japan. DFFT was endorsed in June 2019 by the members of the G20 nations, with only India expressing opposition towards it back then.

10/

:knitting: 3) Seeing the results of ever-more-intertwining Competition and Data Protection Law

Scholars and some regulators have been writing for years now about how some parameters of competition law should include assessments of how lawfully or unlawfully companies collect, share and overall process personal data in a given market, when assessing anticompetitive behavior. The intertwinement of the two fields is now widely accepted & incorporated in new antitrust legal obligations.

9/

🤓 See some manifestations of this already last year, with a decision from the Hungarian DPA against a bank using an emotion recognition AI system for its customer services; https://www.lexology.com/library/detail.aspx?g=a9c66d5f-4faf-4500-a1bd-458bf9ebcec7

✍️ Of note, the CNIL published in September 2022 guidance on the GDPR and AI systems: https://www.cnil.fr/en/artificial-intelligence-cnil-publishes-set-resources-professionals

✍️ The Spanish DPA published extensive guidelines on AI and the GDPR already since 2020; https://www.aepd.es/sites/default/files/2020-02/adecuacion-rgpd-ia.pdf

8/

Meanwhile, attention should be paid to Data Protection Authorities. 🕵️

They are increasingly realizing that there are many AI systems running with the help of personal data processing, which brings such AI systems under their realm of enforcement.

This, paired with the enforcement appetite explored at point 1. above, will likely lead to some interesting decisions applying data protection law to the processing of personal data underpinning AI systems.

7/

🤖 2) The race to AI Regulation, and the AI awakening of DPAs

The question is not if (yes!) or when (this year?), but who will be the first jurisdiction with a general legal framework for AI. The EU, Brazil and Canada are the frontrunners in the race to adopting a general law that applies to AI systems.

6/

🇪🇺 Last but not least: the enforcement of the #EU’s landmark laws in the Digital Strategy package, the #DMA and the #DSA, will start rolling this year.

And enforcement is largely left in the centralized hands of the European Commission for both acts, in a departure from the national enforcement model coordinated at EU level by a Board that the GDPR advanced.

5/

🇧🇷 🇰🇪 Two other regulators to watch are the ANPD in #Brazil and the Data Protection Commission in #Kenya. For the past two years, the ANPD has systematically and patiently hired and trained staff, set up its processes, adopted guidance, and opened public consultations.

While it might take another two before #LGPD enforcement becomes robust, it is likely that in 2023 we will see the first relevant LGPD enforcement actions.

Created 2 yrs ago, the Kenyan DPC is already active and vocal.

4/

The South Korean PIPC is proving to be just as active in enforcing the country’s recently updated data protection law.

Announcing itself on the big global stage last September with the largest fines on record for privacy violations under South Korea’s Personal Data Protection Act (the equivalent of 50 million $ against Google and of 22 million $ against Meta, in cases involving behavioral advertising), the PIPC laid its groundwork for more enforcement this year.

https://www.reuters.com/technology/skorea-fines-google-meta-over-accusations-privacy-law-violations-yonhap-2022-09-14/

3/

Think for instance of the Irish DPC/EDPB Decisions in the Meta cases: these decisions in the application of the #GDPR go to the core principles of EU data protection law and may have implications for entire online business models.

Think also about the fact that the CJEU currently has 60 pending cases requiring it to interpret and apply the GDPR (kudos to https://gdprbeetle.eu/which-cjeu-data-protection-cases-are-currently-pending/)

But It is not only the EU DPAs & court system finding their footing with data protection law enforcement.

2/

#GlobalPrivacy: What to Pay Attention to in 2023.

👩‍⚖️ 1) Enforcement, enforcement, enforcement

GDPR is reaching a certain maturity of enforcement which will become evident in 2023.

And this is not only about the number of #GDPR fines, but it is more about the enforcement processes put in place at national level and under the One-Stop-Shop, the body of CJEU case-law building precedents and the complexity of the legal issues analyzed related to processing of personal data.

1/several

Report. 'Privacy and Protection: A children’s rights approach to encryption'

The report, co-published by CRIN and defenddigitalme aims to capture the full complexity of how encryption affects children’s lives. It sets out principles for an approach to encryption that recognises and respects the full range of their rights.

https://home.crin.org/readlistenwatch/stories/privacy-and-protection

Publication Day! 🖨️🥂 "Privacy and/or Trade," out with the University of Chicago Law Review. Forever indebted to my legendary coauthor, Paul Schwartz, who helped define the field of privacy law. And brilliant and hard-working students of
the Law Review for their diligence and care. 🙏🏾https://lawreview.uchicago.edu/publication/privacy-andor-trade

(reminder) APPLICATIONS DUE Tuesday 10 January 2023:

New #NSF-funded program in #AIEthics and #DataEthics at #NortheasternUniversity!

We'll bring in cohorts of approx. 10 #philosophy (or related) graduate students to #Boston for 10 weeks for each of the next 3 years (beginning this year) for training in #AIEthics and #DataEthics from our faculty and visiting scholars.

$12k stipend per student

More details+application info for summer 2023 at the program website.

https://cssh.northeastern.edu/ethics/summer-grad-training-program/

Millions of workers are struggling to please their new boss: an algorithm
https://restofworld.org/2022/__trashed/

Surely I’m biased, but I love my small town in Michigan, every season. Including (especially?) winter! ❄️ ✨ 🌅
#Birmingham #Michigan #Winter #Sunset