GDPR
This is the article that defines the lawful bases for processing personal data.
What is Article 6?
The U.S. federal agency primarily responsible for enforcing consumer privacy and data security.
What is the Federal Trade Commission (FTC)?
This key risk tier under the EU AI Act includes biometric categorization, emotion recognition, and real-time remote identification.
What is high-risk AI?
In 2023, this tech giant received a €1.2 billion fine under GDPR for unlawful data transfers to the U.S.
What is Meta (Facebook)?
This country introduced amendments to its data privacy law in 2023, including data localization and cross-border transfer rules.
What is India?
Under GDPR, this specific type of organization is not required to appoint a Data Protection Officer, even if it processes special categories of data, as long as it's occasional and not the core activity.
What is a small organization or SME (Small or Medium-sized Enterprise)?
This U.S. law governs the privacy of students' educational records.
What is FERPA (Family Educational Rights and Privacy Act)?
This AI provider had to retrain its model after regulators found training data included scraped biometric information from social media—without consent.
What is Clearview AI?
In 2023, this popular fast-fashion retailer was fined €5 million by France’s CNIL for illegal cookie practices.
What is Shein?
In 2024, this region in China announced stricter cross-border transfer rules requiring localized storage and prior security assessments, even for pseudonymized data.
What is Shanghai?
As of 2024, this regulation is set to work in tandem with the GDPR to enhance cybersecurity standards across EU sectors, especially critical infrastructure.
What is the NIS2 Directive?
This data broker registry requirement in California’s CPRA is enforced by this newly formed regulatory body.
What is the California Privacy Protection Agency (CPPA)?
In 2024, the UK's ICO released guidance stating that organizations must do this before deploying generative AI tools in HR recruitment.
What is conduct a Data Protection Impact Assessment (DPIA)?
This global consultancy firm was fined by the Hellenic DPA (Greece) for using algorithms in performance evaluations.
What is PwC?
As of 2024, China’s CAC requires organizations transferring data abroad to undergo one of three pathways, one of which includes this rarely-used but legally binding mechanism.
What is a standard contract filed with CAC (not SCC under GDPR)?
In its 2024 ruling, the CJEU clarified that this term, used in Article 9, requires a "broad and evolving" interpretation that includes inferred data about sexual orientation.
What is special categories of data?
This executive-level U.S. agency is now pushing for federal baseline privacy legislation, citing AI risks and state law fragmentation.
What is the White House Office of Science and Technology Policy (OSTP)?
This principle, cited in both GDPR and AI Act drafts, demands that AI systems must not reinforce discrimination, even if the training data includes historical bias.
What is fairness / non-discrimination?
This global fast food chain was fined in France in 2023 for facial recognition use in self-service kiosks, violating purpose limitation.
What is McDonald’s?
The Personal Data Protection Commission (PDPC) in Singapore issued 2024 guidelines stating that this emerging technology requires explicit consent before biometric data collection.
What is facial recognition in public spaces (e.g., in malls or building lobbies)?
Under the EDPB’s 2024 guidelines, this specific security measure must be considered mandatory for processing involving large-scale sensitive data, even if pseudonymized.
What is encryption at rest and in transit?
The 2024 Health Breach Notification Rule expansion clarifies that this type of company, even without HIPAA obligations, must notify individuals of breaches.
What are health apps and connected device platforms (e.g., wearables, fertility apps)?
This open letter in 2023 called for a pause on “giant AI experiments,” sparking global debates on AI safety and privacy.
What is the Future of Life Institute letter?
In 2024, this country’s DPA fined a bank for using AI-driven credit scoring algorithms that lacked explainability and disproportionately impacted protected groups.
What is Germany?
Japan’s PPC issued 2023 guidance emphasizing this new requirement for B2B data processors under its revised APPI.
What is mandatory third-party risk due diligence?