On October 12, 2023 the Italian Data Protection Authority (“Garante”) published guidance on the use of AI in healthcare services (“Guidance”). The document builds on principles enshrined in the GPDR, national and EU case-law. Although the Guidance focuses on Italian national healthcare services, it offers considerations relevant to the use of AI in the healthcare
Inside Privacy
Updates on developments in data privacy and cybersecurity
Latest from Inside Privacy - Page 2
California Amends Data Broker Law
On October 10, 2023, California Governor Gavin Newsom signed S.B. 362, the Delete Act (the “Act”), into law. The new law represents a substantive overhaul of California’s existing data broker statute, which requires data brokers to register with the California Attorney General annually. The passage of the Act follows a renewed interest in data…
Biden Administration Announces Artificial Intelligence Executive Order

Earlier today, the White House issued a Fact Sheet summarizing its Executive Order on a comprehensive strategy to support the development of safe and secure artificial intelligence (“AI”). The Executive Order follows a number of actions by the Biden Administration on AI, including its Blueprint for an AI Bill of Rights and voluntary commitments from…
UK Information Commissioner’s Office Releases New Guidance for Monitoring at Work
On 3 October 2023, the UK Information Commissioner’s Office (“ICO”) finalized its Employment practices and data protection − Monitoring workers guidance (“Guidance”) to account for new types of work, including work from home, and the use of more sophisticated technologies for monitoring. In November 2022, we published a detailed blog post on the ICO’s public…
China Proposes Significant Changes to Cross-Border Transfer Rules
On September 28, 2023, the Cyberspace Administration of China (“CAC”) issued draft Provisions on Standardizing and Promoting Cross-Border Data Flows (Draft for Comment) (规范和促进数据跨境流动规定(征求意见稿)) (draft “Provisions”) (Chinese version available here) for a public consultation, which will conclude on October 15, 2023.
The draft Provisions propose significant changes to the existing cross-border data transfer regime…
FTC and HHS Announce Updated Health Privacy Publication

On September 15, the Federal Trade Commission (“FTC”) and U.S. Department of Health and Human Services (“HHS”) announced an updated joint publication describing the privacy and security laws and rules that impact consumer health data. Specifically, the “Collecting, Using, or Sharing Consumer Health Information? Look to HIPAA, the FTC Act, and the Health Breach…
European Commission Publishes Guidance on NIS2: Interplay with Sector-Specific Laws
As many readers will be aware, the EU’s new cybersecurity directive, NIS2, imposes security, incident notification, and governance obligations on entities in a range of critical sectors, including energy, transport, finance, health, and digital infrastructure (for an overview of NIS2, see our previous post here). One of the main reasons the Commission proposed these new…
ICO Encourages Organizations To Cooperate with NCSC and Flags Potential Reduction in Fines
On 12 September 2023, the UK Information Commissioner, John Edwards, and the Chief Executive of the National Cyber Security Centre (“NCSC”), Lindy Cameron, signed a joint memorandum of understanding (“MoU”) detailing how the Information Commissioner’s Office (“ICO”) and NCSC will work together moving forward.
The MoU does not create legally binding obligations between the ICO…
CPPA Releases Draft Rules on Cybersecurity Audits and Risk Assessments
Ahead of its September 8 board meeting, the California Privacy Protection Agency (CPPA) has issued draft regulations on cybersecurity audits and risk assessments. Public comments will be requested once the formal rulemaking process is kicked off. Accordingly, the draft regulations are subject to change. Below are the key takeaways:
Cybersecurity Audits
- New cybersecurity audit
…
CISA, NSA, and NIST Urge Critical Infrastructure and Others to Prepare for Quantum Computing Cyber Threats
On August 21, 2023, the Cybersecurity and Infrastructure Security Agency (“CISA”), National Security Agency (“NSA”), and National Institute of Standards and Technology (“NIST”) issued a joint quantum-readiness factsheet (the “Factsheet”) to inform organizations—particularly those that support critical infrastructure sectors—about quantum computing threats and to urge these organizations to begin planning for future migration to…