Privacy and Cybersecurity in Canada, the US and the EU
This is a monthly report published by Fasken's national privacy and cybersecurity team. The information contained here includes notable news, topics, discussions, and examples in the area of privacy and cybersecurity. If you have any questions about any of the topics covered here, please contact our friendly Fasken Privacy and Cybersecurity team.
This month's featured news
EU Parliament passes AI law
On 13 March 2024, the European Parliament AI law It received considerable support, with 523 votes in favor, 46 against, and 49 abstentions. The law establishes comprehensive regulation for the use of AI in the EU, a major milestone and the first of its kind in a major economy. Its main objectives include protecting fundamental rights, democracy, the rule of law, and environmental sustainability from risks associated with high-risk AI technologies. The regulation also introduces specific obligations for AI systems based on their potential risk and impact level.
Following this adoption, the French data protection authority has published practical guidelines on AI: https://www.cnil.fr/fr/les-fiches-pratiques-ia (available in French only).
US federal privacy bill introduced
On April 5, 2024, it was reported that two key members of Congress introduced a bipartisan federal privacy bill. This demonstrates the United States' continued efforts to harmonize national approaches to privacy protection. The text of the bill can be found here. Although this bill is currently in its early stages, it is a development worth following for any organization doing business in the United States.
Draft Quebec Health Information Regulations
Following the adoption of Respect for Health and Social Services Information Act In Quebec (“Act 5”), the Quebec government has published two draft regulations.
- On February 21, 2024, the Government of Quebec released a draft bill. Regulations regarding the application of certain provisions of the Act on Health Information and Social Services;
- On March 6, 2024, Regulations on governance of health and social services information.
The purpose of these draft regulations is to clarify the terms of certain provisions of the new legislation governing the collection, use and dissemination of health and social services information in Quebec. For example, the right of an individual to have certain categories of people access their personal information, or the right to restrict access to their information by indicating that certain service providers are not entitled to access their personal information. In context, one or more pieces of information. For more information, a specific Fasken bulletin will be published soon.
United Nations adopts resolution on safe use of AI
On March 21, 2024, the United Nations adopted a resolution promoting the safe, secure, and trustworthy use of AI. This resolution speaks to the rapid technological changes occurring around the world and how we must continue to respect, protect and promote human rights. This is reportedly the first time the United Nations General Assembly has adopted a resolution on regulating an emerging sector. You can read the UN press release here.
Kentucky passes consumer privacy law
Kentucky's governor signed a comprehensive privacy law on April 4, 2024, making it the 15th state to enact it. The Kentucky bill includes provisions similar to the Virginia Privacy Act and is scheduled to go into effect on January 1, 2026. The text of the bill can be found here.
Utah passes new privacy amendments
In March 2024, the Governor of Utah signed the bill, HB 491, government privacy law. This bill focuses on how government agencies should protect privacy. The text of the bill can be found here.
U.S. DHHS issues report on healthcare providers using HIPAA-based tracking technology
On March 18, 2024, the U.S. Department of Health and Human Services (“DHHS”) published a bulletin outlining the obligations of covered health care providers and their business associates. Health Insurance Portability and Accountability Act When we use online tracking technologies, such as cookies, pixels, and tags, we comply with the 1996 Regulations (“HIPAA”). Specifically, DHHS clarified that regulated health care organizations are not permitted to use tracking technology in a manner that would result in the disclosure of personal health information to tracking technology vendors, including for marketing purposes. I made it clear. All organizations affected by HIPAA should review their website and application settings to ensure compliance.
In case you missed it!
The Fasken Privacy and Cybersecurity group recently published the following article that you may find interesting:
