Until the DPDP Act is enforced, the current data protection regime is contained under the provisions of the Information Technology Act, 2000 (“IT Act”). The guide provides 27 question and answer chapters, focusing on key privacy and data protection compliance issues under local laws in countries around the world. This year, new chapters have been added for Egypt, Hungary, Poland and Serbia, which reflects the growth of privacy compliance requirements and challenges in an increasing number of jurisdictions worldwide. As with other entries in the ICLG series, this edition provides a go-to resource for anyone seeking practical guidance on these complex legal issues around the world. As the GDPR enforces the responsibilities of an organization in regard to data collection, it also grants individuals some control over their personal data and protects several individual rights.
Future of U.S. data privacy laws
While these laws don’t explicitly mention anything about SMS, it’s been ruled that texts are treated as phone calls under the TCPA. Explicit Prior Consent and Data Retention Are Non-NegotiableTo legally send marketing texts, businesses must obtain and document clear, written consent from recipients. This consent should be retained for at least four years to protect against future legal claims, per the TCPA’s statute of limitations. The UK government has published secondary legislation that will signal a “significant shift” in the telecoms infrastructure market and the respective rights of telecom operators and landowners when it comes into force in April 2026, an expert has said.
China’s Pharmaceutical Regulatory Update: Faster Routes to Market, Stronger IP and Data Protection
This act prohibits SMS telemarketers from messaging an Oklahoma resident more than three times about the same subject within 24 hours. And like Florida’s bill, the Oklahoma act prevents companies from sending messages using automated systems without the customer’s prior consent. The Telephone Consumer Protection Act (TCPA) is the federal legislation that governs telemarketing, text messaging, and the Do-Not-Call list.
Guidelines 3/2025 on the interplay between the DSA and the GDPR
In 2026, organizations are navigating a growing landscape of U.S. data privacy laws, with nearly 20 states now introducing their own regulations. While early privacy legislation focused primarily on California’s Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), the modern privacy landscape is far broader. Multiple states have enacted comprehensive privacy statutes, and several existing laws now include new regulatory requirements. Further, under the financial sector guidelines (please see question 1.3), a handling operator in the financial sector must also report non-material data breaches to the Financial Services Agency. The prior consent of the principals is required to transfer their personal data to a third party located in a foreign country (APPI, Article 28). The APPI imposes no requirement on a handling operator to register or notify the PPC to process personal information.
- Effective data protection strategies are crucial for organisations navigating the complex and evolving data protection trends landscape.
- The updated regulations have introduced the new concept of a “temporary custodian” of “inadvertently obtained information”, with detailed provisions on how such information should be managed and the role and responsibilities of the temporary custodian.
- It describes consumer rights and data protection requirements for businesses, including privacy notices, opt-in consent and data impact assessments.
- The final regulations and supporting materials will be posted on the CPPA website as soon as they are processed.
- The firm seeks to work in partnership with its clients to anticipate and address the legal and regulatory aspects of their business goals and objectives.
The failure of large-scale telecommunications service providers to appoint an information protection officer is punishable by a fine of up to 2 million yen. The Enforcement Tracker gives an overview of reported fines and penalties which data protection authorities within the EU have imposed so far. The Montana Consumer Data Privacy Act, in effect since 2024 and amended in April 2025, applies to entities that conduct business in Montana or provide products or services to Montana residents.
For the provisions which relate to processors, he may be subject to sanctions directly and/or in conjunction with the controller. It provides consumer rights and describes business data protection assessments and security measures. The competition team at AZB & Partners is a market-leading competition practice in India. The team has been involved in several landmark cases and merger filings before the CCI, including the first cartel case and the first merger filing in India. The firm’s services include advising on specific projects and contracts, evaluating projects from a legal and regulatory perspective, and supporting clients in tender processes, financing, and the sale or acquisition of greenfield and brownfield projects.
The firm comprises approximately 740 lawyers and over 660 support staff (including patent attorneys, licensed tax accountants, judicial scriveners, legal assistants and translators). Many of the firm’s senior lawyers are highly respected practitioners and leaders in the Japanese and international legal communities. Mori Hamada & Matsumoto’s senior lawyers also include prominent law professors from the University of Tokyo and a former Prosecutor-General from the Public Prosecutors Office. The firm also has experienced lawyers qualified in the US, England and Wales, the People’s Republic of China, the Philippines, India, Indonesia, Malaysia, Myanmar, Singapore, Thailand and Vietnam. In general, the PPC renders guidance in the case of a relatively less important violation, and a recommendation in the case of a more important violation. However, the Telecommunications Business Act requires a DPO to have (i) management level responsibilities, and (ii) at least three years of experience in data protection or compliance or equivalent.
Personal data must be processed with appropriate technical and organizational security measures https://carsdirecttoday.com/how-to-move-to-web-3-0-rules-and-expert-recommendations.html to protect it against unauthorized access, accidental loss, destruction, or damage. This is a trade group that represents wireless carriers and other entities in the telecommunications industry. The CTIA maintains the Short Code Monitoring Handbook, which lays out additional guidelines for SMS marketing. The CTIA guidelines align with TCPA laws to protect individuals from unwanted text messages, while also helping marketers create a better experience for consumers. In this module, we will explore the complexities of transferring personal data across borders under the GDPR.