Last Month in Privacy: July 2021
August 02, 2021
South Africa: Regulator enforcement powers under POPIA come into effect
The month kicked off with the Protection of Personal Information Act in South Africa entering into effect on 1 July.
The Information Regulator also announced that its enforcement powers under POPIA had also entered into effect from this date following the conclusion of the 12 month transition period. Since that time, the Information Regulator has also released guidance notes on the processing of personal information of children, and on the processing of special personal information.
Read more here.
Colorado: Personal data privacy bill signed into law by Governor
On 7 July, Colorado became the third state to enact a comprehensive privacy law, after the Governor signed the Colorado Privacy Act into law.
The CPA provides several privacy rights, including the right to opt-out of the processing of personal data, as well the right to access, correct, or delete personal data, or to obtain a portable copy of the data. It also imposes a variety of obligations on data controllers, including requirements to conduct assessments when processing personal data in activities that present a heightened risk to consumers. The Act will go into effect on 1 July 2023.
Read more here.
EU: EDPB adopts guidelines on codes of conduct, virtual voice assistants, and concepts of controller and processor
The European Data Protection Board released several guidelines following its 51st plenary session.
In particular, the EDPB released the final version of the Guidelines on the concepts of controller and processor which aim to clarify the meaning of the concepts as well as the different roles and the distribution of responsibilities between these actors. The Guidelines also provide practical examples to address the complexities of modern business relationships.
Read more here.