On December 5, 2024, the Canadian Securities Administrators (CSA) released CSA Staff Notice and Consultation 11-348 – Applicability of Canadian Securities Laws and the Use of Artificial Intelligence Systems in Capital Markets (the Notice). The Notice was issued in light of the continued growth in the use of artificial intelligence (AI) systems in capital markets,
Data Protection Report
Data protection legal insight at the speed of technology
Blog Authors
Latest from Data Protection Report
The EDPB Opinion on training AI models using personal data and recent Garante fine – lawful deployment of LLMs
The final days of 2024 were very eventful in the world of AI and data protection: the European Data Protection Board (EDPB) published its Article 64 General Data Protection Regulation (GDPR) opinion on training AI models using personal data (the EDPB Opinion). Two days later, the Italian Garante per la Protezione dei Dati Personali (Garante)…
2024 Technology Privacy and Cybersecurity Summit | November 25 – 28, 2024

Norton Rose Fulbright Canada invites you to its leading annual technology, privacy, and cybersecurity virtual summit. Learn how to leverage AI for a competitive edge while mitigating its inherent risks.
This four-part series is tailored for legal professionals, business leaders, and IT specialists. Equip yourself with the knowledge to address critical legal challenges and ensure…
China’s proposed AI Labelling Regulations: Key points
In response to the rapid development of artificial intelligence (AI) technologies, the Cyberspace Administration of China (the CAC) recently issued two draft regulations for public consultation: Measures for Labelling Artificial Intelligence-Generated or Synthetic Content (the Draft AI Labelling Measures) and Cybersecurity technology—Labelling method for content generated by artificial intelligence (the Draft Labelling Method Standard). The Draft Labelling Method…
The UK’s Public Authority Algorithmic and Automated Decision-Making Systems Bill: key takeaways
Lord Clement-Jones has introduced a Public Authority Algorithmic and Automated Decision-Making Systems Private Members’ Bill (Bill) into the House of Lords. Currently at the second reading stage, the Bill addresses increasing reliance on AI and algorithmic systems by public authorities in the UK, and aims to mitigate the potential risks associated with their use. The…
Don’t throw the AI baby out with the data leakage bath water: Reading “AI Snake Oil” with a spirit of optimism
The privacy-cyber world seems preoccupied with issues related to the nexus between personal data and AI. Those issues, although important, are dwarfed by a more pressing and fundamental question: can we get AI to do useful things reliably and accurately in the realm of predicting significant human outcomes, such as health, criminal propensity, credit risk,…
New York Department of Financial Services addresses cybersecurity risks from artificial intelligence
On October 16, 2024, the New York Department of Financial Services (“NYDFS” or “DFS”) issued guidance raising awareness about combatting cybersecurity risks arising from artificial intelligence (“AI”) used by DFS licensees, such as insurers and virtual currency businesses. Risks revolve around both threat actors’ use of AI offensively and businesses’ increasing AI reliance. The short…
California and Artificial Intelligence Watermarking Law

On September 19, 2024, California enacted another law relating to artificial intelligence, this time relating to watermarking. The new law (SB 942) requires making certain AI detection tools available at no cost to users. The new law does not take effect until January 1, 2026.
AI Detection Tools (SB 942)
This bill, the…
Announcing NT Analyzer 2.0: Combating Privacy Risks, Powered by AI
NT Analyzer Refresher: Why Network Traffic Analysis?
Keeping track of where all the data is going can be devilishly difficult for companies, given the increasingly data-centric economy, massive changes in browser/mobile platforms, and the necessary use of a variety of modularized services and hosted solutions to make any website or mobile app function properly. All of…
Lessons on international transfers to the US to organisations caught by the GDPR

The Dutch data protection authority, the Autoriteit Persoonsgegevens (AP) announced a fine of €290 million on Uber Technologies Inc. (UTI) and Uber B.V.,(UBV) (together Uber) with press releases in Dutch and English. The fine relates to the transfer of drivers’ personal data to the US. Uber has announced that it will appeal the fine.…