On July 18, 2023, Singapore’s data protection authority published proposed guidelines on the use of personal data in artificial intelligence (AI) systems. The guidelines will be up for public consultation until August 31, 2023, and aim to address how Singapore’s privacy laws will apply to organizations which develop or deploy AI systems. The draft guidelines underscore the significance placed by the privacy regulator on the need to ensure personal data protection, without discouraging organizations from responsibly using AI systems in their businesses. Accordingly, organizations interested in using AI can use the guidelines for insight into what privacy expectations lie in store once the guidelines are finalized.
On June 30, 2023, Hong Kong’s data protection authority (the Office of the Privacy Commissioner for Personal Data, or PCPD) issued an updated version of its Guidance on Data Breach Handling and Data Breach Notifications (the Guidance, accessible here), which aims to guide companies on how they respond to data breaches. In particular, the Guidance contains a new recommendation for companies to adopt written data breach response plans.
On 1 June 2023, the Australian Government published the Safe and Responsible AI in Australia: Discussion Paper (“Discussion Paper”) to seek public feedback on identifying the potential gaps in the existing domestic governance landscape and possible additional AI governance mechanisms to support the “safe and responsible” development of AI. As noted in the Discussion Paper, although AI has been identified as a “critical technology in Australia’s national interest”, AI adoption rates across Australia remain relatively low. A key aim of the Discussion Paper is to inform the Australian Government on the steps that should be taken on AI regulation in order to increase “community trust and confidence in AI”. The Discussion Paper addresses a broad range of AI technologies and techniques, such as self-driving cars and generative pre-trained transformers (also known as GPT), and notes that any AI regulatory framework would need to consider existing as well as possible future uses of AI and any ensuing risks. The Discussion Paper has an eight (8) week consultation period ending on 26 July 2023.
In a briefing to the Legislative Council (Hong Kong’s legislative body) on February 20, 2023, the Privacy Commissioner (“the Commissioner”) announced that substantive amendments to the Personal Data (Privacy) Ordinance (“PDPO”) will take place.
As the year approaches its halfway point, Chinese government accelerates the legislation for cross-border data transfers. (more…)