Data protection is a constantly evolving concept

When attending the Global Privacy Assembly (GPA) in Jersey this October, it was evident that while data protection principles are widely recognised, the Data Privacy Authorities’ priorities differ depending on their jurisdiction’s privacy maturity. For example, we heard that in Africa, 65% of the jurisdictions now have a DP law, but enforcement often needs to be stepped up. AI is of increasing importance but so are mobile payments, for example, and the privacy issues they bring.

In the EU, DPAs are still grappling with interpretations of the GDPR, and now also the interaction with the new EU digital legislation, such as the Digital Markets Act. In Germany, there is some new case law that tries to clarify enforcement requirements and competition claims.

Next year, the GPA goes to South Korea. It will be interesting to see which topics will be chosen – we have seen many new privacy laws emerge from the region in the last few years. This edition includes an analysis of Vietnam’s new draft law which could be in force in 2026, and Chile’s new law which is about to be published in the Official Gazette.

As we start preparing for our own International Conference in Cambridge (7-9 July 2025), we are paying attention to the concept of human-centric data protection. After all, the laws are there to protect individuals who need to understand what rights they have and how to use them. Clear communication from DPAs and organisations is a key component. Nowhere is this needed more than in the field of AI as most people struggle to understand how their data is being used behind the scenes. Fulfilling the right to be forgotten in AI chatbots is easier said than done.

Laura Linkomies
Editor, Privacy Laws & Business

December 2024

Previous

Contents

Next