EU AI regulation

Government Affairs and Professional Standards | August Newsletter
ESOMAR Legal Affairs Committee in delegation visit at European Commission
Date 18 August 2021
Author Srikar Govindaraju

Data Security Law of the People's Republic of China

DigiChina, the cyber policy centre of Stanford University, has prepared an English translation of the Data Security Law of the People's Republic of China which will become effective on September 1st 2021.

As declared in its art. 1, this piece of legislation is meant “to standardize data handling activities, ensure data security, promote data development and use, protect the lawful rights and interests of individuals and organizations, and safeguard national sovereignty, security, and development interests.”

Read the full text


The Israel Privacy Protection Authority has opened a public consultation on its data protection impact assessment guide. This guide is aimed at any organization adopting projects or technologies that need the use of personal data, and it encourages them to evaluate and identify privacy risks. The deadline for public comments is September 30th.
To the consultation (English available)

South Korea

The Personal Information Protection Commission of South Korea has opened a public consultation on changes to the notice on pseudonymized data activities. The amendments aim to clarify proper pseudonymization practices and make exporting pseudonymous data easier.
To the consultation (English available)


The European-level association for the digital marketing and advertising ecosystem, IAB Europe, has released a contextual advertising guide. As third-party cookies are phased out, the guide explains contextual advertising and discusses Europe's opportunities. The document also discusses best practices for maximizing the effectiveness of contextual advertising and how it may change in the future.
Read the guide

CIPL response to new the proposed EU AI Regulation

The Centre for Information Policy Leadership (CIPL) is a global privacy and data policy think tank based in Washington, DC, Brussels and London.  CIPL works with industry leaders, regulatory authorities and policymakers to develop global solutions and best practices for privacy and responsible use of data to enable the modern information age.
While the CIPL is delighted that its recommendations were incorporated into the proposed regulations, CIPL “regrets, however, that the AI Act does not sufficiently account for imperatives such as providing for outcome-based rules; clearly enabling organisations to calibrate compliance with the requirements based on risks and benefits of the AI system; rewarding and encouraging responsible AI practices; leveraging takeaways from regulatory sandboxes; and clarifying that the AI Act’s oversight and enforcement provisions should also be risk-based.”
Read the response

Srikar Govindaraju
ESOMAR Staff, Senior Standards Programmes Coordinator at ESOMAR