International Data Privacy Laws: What to expect in 2023

New international data privacy laws are expected in 2023. 

Saudi Arabia Personal Data Protection Laws (PDPL)  

Amendments to the Kingdom of Saudi Arabia (KSA) have been confirmed to take effect September 14, 2023 that resolve implementation challenges and align with more international regulations. The Saudi PDPL is the country’s first federal, sector agnostic data privacy law, 

Canadian Personal Information Protection and Electronic Document Act (PIPEDA)

The Canadian Personal Information Protection and Electronic Document Act (PIPEDA) is a national private-sector data privacy law. In September 2023, the Quebec Bill 64 will grant a private right of action for damages resulting from the infringement of the right to privacy, including granting consumers consent and data transparency rights. The bill includes: 

12.1 of Quebec’s Bill 64, any person carrying on an enterprise who uses personal information to render a decision based exclusively on an automated processing must, at the time of or before the decision, inform the person concerned accordingly.

Quebec 64 falls in line with GDPR, except it doesn’t provide any exceptions to the rights of cessation of dissemination, de-indexing, and re-indexing. GDPR provides individuals with the rights of restriction, objection, and the” right to be forgotten” or data deletion. 

Canada’s Digital Charter Implementation Act, Bill C-27

Canada’s Digital Charter Implementation Act, Bill C-27, is expected to become a law in 2023, with the goal to enact the Consumer Privacy Protection Act (CPPA), Personal Information and Data PRotection Tribunal Act, the Artificial Intelligence and Data Act, and amend an existing data privacy law.

This will require user consent to collect their personal information under that CPPA.  Some exceptions to the consent requirements include “legitimate interests” around conducting business activities.  Provisions include the requirement to keep personal information anonymized, individuals’ right to request data deletion and an individual portability right regarding their personal information. 

Ultimately, the CPPA grants the Canada’s Office of the PRivacy Commissioner the ability to assess privacy programs and issue recommended corrective measures. 

India Digital Personal Data Protection Bill 

The India Digital Personal Data Protection Bill provides a comprehensive legal framework, outlining the rights and duties of citizens processing personal data. It is expected to be enacted in 2023. Organizations processing personal information will need to provide notice of the data collected, collection purpose, and obtain consent for how the personal information is used. Data subjects will have the right to correct inaccurate or misleading personal information.  

The list of privacy laws is growing every year. In addition to the above-mentioned laws, the following currently make up some of the top privacy laws affecting cross-border data internationally:

• Payment Card Industry Data Security Standard (PCI DSS)
• Australia’s amended Australia Privacy Act
• Brazil’s General Data Protection Law (LGPD)
• Chile’s Amended Consumer Protection Law
• Japan’s Personal Information Protection Act (PIPA)
• Kenya’s Data Protection Act, 2019 (DPA)
• Nigerian Data Protection Regulation, 2019
• South Africa’s Protection of Personal Information Act (POPIA)
• South Korea’s Personal Information Protection Act (PIPA)
• Qatar’s Personal Data Privacy Protection Law

Stay Compliant with New and Changing Data Security and Privacy Laws 

Keeping up with new and evolving global, geographical, and industry mandated privacy and security regulations can be daunting. Secuvy can help you stay compliant with the numerous data privacy laws without manual processes or legacy-based solutions. We can help you automate and operationalize regulatory compliance with the industry’s most comprehensive, robotic Data Subject Requests (DSRs) technology leveraging self-learning AI.