Resources

GDPR Amendments Proposal

НАРЕДБА No 1 ОТ 27 ФЕВРУАРИ 2013 Г. ЗА ПРЕДОСТАВЯНЕ НА МЕДИКО- СТАТИСТИЧЕСКА ИНФОРМАЦИЯ И НА ИНФОРМАЦИЯ ЗА МЕДИЦИНСКАТА ДЕЙНОСТ НА ЛЕЧЕБНИТЕ ЗАВЕДЕНИЯ

REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the European Health Data Space and amending Directive 2011/24/EU and Regulation (EU) 2024/2847

Directive 2225/2023 on credit agreements for consumers

AIIA example

AI, Data Protection Impact Assessment (DPIA)

Childrens Online Privacy Protection Rule

Data Protection Impact Assessment (DPIA) – Microsoft CoPilot 365

Data Protection Impact Assessment (DPIA)

Adoption of AI, Blockchain and other emerging technologies within the European public sector A Public Sector Tech Watch report by EU Commission

AI, Public Interests

Decision of 19 October 2010 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data in Andorra

Adequacy Decisions

Decision of 30 June 2003 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data in Argentina

Adequacy Decisions

Decision of 20 December 2001 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided by the Canadian Personal Information Protection and Electronic Documents Act

Adequacy Decisions

Decision of 5 March 2010 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection provided by the Faeroese Act on processing of personal data

Adequacy Decisions

Decision of 21 November 2003 on the adequate protection of personal data in Guernsey

Adequacy Decisions

Decision of 31 January 2011 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by the State of Israel with regard to automated processing of personal data

Adequacy Decisions

Decision of 28 April 2004 on the adequate protection of personal data in the Isle of Man

Adequacy Decisions

Decision (EU) 2019/419 of 23 January 2019 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate protection of personal data by Japan under the Act on the Protection of Personal Information

Adequacy Decisions

Decision of 8 May 2008 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data in Jersey

Adequacy Decisions

Decision of 19 December 2012 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by New Zealand

Adequacy Decisions

Decision (EU) 2022/254 of 17 December 2021 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate protection of personal data by the Republic of Korea under the Personal Information Protection Act

Adequacy Decisions

Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data provided in Switzerland

Adequacy Decisions

Decision (EU) 2021/1772 of 28 June 2021 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate protection of personal data by the United Kingdom (notified under document C(2021)4800)

Adequacy Decisions

Decision (EU) 2021/1773 of 28 June 2021 pursuant to Directive (EU) 2016/680 of the European Parliament and of the Council on the adequate protection of personal data by the United Kingdom

Adequacy Decisions

Decision EU 2023/1795 of 10 July 2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework

Adequacy Decisions

Decision pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by the Eastern Republic of Uruguay with regard to automated processing of personal data

Adequacy Decisions

Decision pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by the Eastern Republic of Uruguay with regard to automated processing of personal data

Adequacy Decisions

Decision pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by the Eastern Republic of Uruguay with regard to automated processing of personal data

Adequacy Decisions

Assessing Potential Future AI Risks, Benefits, and Policy Imperatives OECD

AI, Risk Management, Technical and Organisational Measures (TOMs)

Reducing Risks Posed by Synthetic Content by NIST

AI, Risk Management, Technical and Organisational Measures (TOMs)

REGULATION (EU) 2024/2847 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (CYBER RESILIENCE ACT)

Technical and Organisational Measures (TOMs)

The Consumer Financial Protection Bureau (CFPB) by Consumer Financial Protection Bureau WASHINGTON, D.C

Finance and Fintech

DIRECTIVE (EU) 2024/2853 on liability for defective products and repealing

New technology

Senate Bill No. 362 (Delete Act)

Data Brokers

LAW DIVISION 6. CALIFORNIA PRIVACY PROTECTION AGENCY CHAPTER 3. Data Broker Registration

Data Brokers

EDPB Report on the first review of the European Commission Implementing Decision on the adequate protection of personal data under the EU-US Data Privacy Framework

GDPR in Practice – Experience of Data Protection Authorities by FRA

Supervisory Authorities

Data (Use and Access) Bill [HL] Draft

EU Cyber Resilience Act (CRA)

Technical and Organisational Measures (TOMs)

AIPact by the European Artificial Intelligence Office

AI, Data Subjects Rights, Specific processing situations

Manipulative, Deceptive, and Exploitative AI Systems report by the Dutch DPA

AI, Lawfulness of Processing, Specific processing situations

Secure Future Initiative Report by Microsoft

Technical and Organisational Measures (TOMs)

“AI & Algorithmic Risks Report” by Dutch Data Protection Authority

AI, Risk Management, Specific processing situations

MITIGATING SECURITY & PRIVACY RISKS by Data Security Council of India

Technical and Organisational Measures (TOMs)

Report of the work undertaken by the ChatGPT Taskforce by EDPB

AI, Specific processing situations

National Strategy to Advance Privacy-Preserving Data Sharing and Analytics by the EO by the US President

Anonymisation, Controllers and Processors, Technical and Organisational Measures (TOMs)

EO 13800 on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Controllers and Processors, Technical and Organisational Measures (TOMs)

DRAFT RISK ASSESSMENT REGULATIONS FOR CALIFORNIA PRIVACY PROTECTION AGENCY

Risk Management

2023 Coordinated Enforcement Action Designation and Position of Data Protection Officers by EDPB

Controllers and Processors, Data Protection Officer (DPO)

EU DATA ACT

[PROPOSAL 2024] EU AI ACT

AI, Specific processing situations

[DRAFT] FRAMEWORK CONVENTION ON ARTIFICIAL INTELLIGENCE, HUMAN RIGHTS, DEMOCRACY AND THE RULE OF LAW

AI, Specific processing situations

Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL LAYING DOWN HARMONISED RULES ON ARTIFICIAL INTELLIGENCE (ARTIFICIAL INTELLIGENCE ACT)

AI, Specific processing situations

Advancing Governance, Innovation, and Risk Management for Agency Use of Artificial Intelligence (PROPOSED MEMORANDUM )

AI, Specific processing situations

Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence by the US President

AI, Specific processing situations

Online Safety Bill | UK

Global Approaches to Auditing Artificial Intelligence by IPIE

AI, Specific processing situations

NSW report: Artificial intelligence in New South Wales

AI, Specific processing situations

Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on adapting non-contractual civil liability rules to artificial intelligence (AI Liability Directive)

AI, Liability and Remedies, Specific processing situations, Supervisory Authorities

Emerging digital technologies in the public sector report by EU Commission

New technology

KOSPA Passed by Senate: Strengthening Online Protections for Children and Teens

Securing Artificial Intelligence: Mitigation Strategy Report by ETSI

AI, Specific processing situations

Responsible AI Governance in Africa: Prospects for Outcomes Based Regulation by African Observatory on Responsible AI

AI, Specific processing situations

Office of the Privacy Commissioner of Canada Sweep Report 2024

Consent, Cookies, Lawfulness of Processing

Relying on the legal basis of legitimate interest to develop an AI system by CNIL

AI, Specific processing situations

Patent Landscape Report on Generative AI by WIPO

AI, Specific processing situations

Consent Banner Report Overview of EU and national guidelines on dark patterns by NOYB

Consent, Lawfulness of Processing

Mobilizing the legal basis of legitimateinterest to develop an AI system by CNIL

AI, Specific processing situations

Report from Multistakeholder Expert group on GDPR application

Data Subjects Rights

Risk and control for artificial intelligence and machine learning systems by Cybernetica

AI, Specific processing situations

Governance of artificial intelligence (AI) by House of Commons UK

AI, Specific processing situations

Neurodata risks report by EDPS and Spanish DPA

AI, Specific processing situations

Convention on AI, Human Rights, Democracy and the Rule of Law – by the Council of Europe (draft)

AI, Specific processing situations

Report of the work undertaken by the ChatGPT Taskforce bg EDPB

REGULATION (EU) 2024/900 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 13 March 2024 on the transparency and targeting of political advertising

Marketing and Advertising, Specific processing situations

ЕО Order on Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern

EO 13800 on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure

Technical and Organisational Measures (TOMs)

Federal Data Protection Act (Germany)

DIRECTIVE (EU) 2016/680 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL (Law Enforcement Directive)

REGULATION (EU) 2022/868 (Data Governance Act)

REGULATION (EU) 2022/1925 (Digital Markets Act)

DIRECTIVE (EU) 2019/1937 on the protection of persons who report breaches of Union law (Whistleblower Directive)

Whistleblowing

Directive 2002/58/EC on privacy and electronic communications

REGULATION (EU) 2018/1725 “GDPR for EU Institutions”

Directive (EU) 2016/1148 “NIS2 Directive”

UK Data Protection Act 2018

European Convention on Human Rights

Federal Act on Data Protection (Switzerland)

EU AI Act

Personal Information Protection and Electronic Documents Act (PIPEDA, CANADA)

Personal data protection law (Saudi Arabia)

Connecticut Data Privacy Act

Utah Consumer Privacy Act

COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework

Adequacy Decisions, Data Transfers

CALIFORNIA CONSUMER PRIVACY ACT REGULATIONS

CCPA Full Text

GDPR Full Text

Report of the work undertaken by the Cookie Banner Taskforce [Official EDPB Guidelines] [pdf]

Consent, Cookies

Annual Report 2023 NOYB

Data Subjects Rights

Second Report on the application of the General Data Protection Regulation by EU Commission

Data Subjects Rights, Data Transfers

Annual Report 2023 by Irish DPA

Data Subjects Rights

AI system development: CNIL’srecommendations to comply with the GDPR

AI, Specific processing situations

Addictive patterns in the processing of personal data Implications for data protection by AEPD

Definitions, Processing of personal data

AI Auditing Checklist for AI Auditing by EDPB

AI, Specific processing situations

AI, DATA GOVERNANCE AND PRIVACY SYNERGIES AND AREAS OF INTERNATIONAL CO-OPERATION BY OECD

AI, Specific processing situations

The Colorado AI Act “Senate Bill SB24-205”

AI, Specific processing situations

American Privacy Rights Act Discussion Draft

The American Privacy Rights Act (APRA) section-by-section draft

(NEW JERSEY) ACT concerning [commercial Internet websites] online, services, consumers, and [personally identifiable information] personal data and supplementing Title 56 of the Revised Statutes