This article examines the provisions of the DPDPA from the lens of a comparative study measuring it along the way against the GDPR. After a brief introduction (I.), the article begins with (II.) unpacking the applicability and scope of the DPDPA: identifying what is included, what is excluded and what is exempt, before moving on to (III.) extrapolating the bases for processing personal data; (IV.) explaining the obligations that apply to personal data of special categories of data principals; (V.) discussing data sharing and cross-border data transfers (VI.) outlining the obligations of data fiduciaries as well as (VII.) the rights and duties of data principals; and finally turning to (IX.) enforcement of the DPDPA by taking a look at the Board (VIII.) as well as at penalties and voluntary undertakings (XI.).

Artificial Intelligence (AI) has recently received a lot of public awareness especially based on the program called ChatGPT. This article describes the problems which AI provides under the existing laws in the USA and in the EU especially in the context of Copyright Law.

This article is the second of two parts, comparing recent global legislative developments in three key jurisdictions regulating cyber breaches which occur in critical infrastructure, specifically: in Canada (Bill C-26), in the U.S. (the U.S. Cyber Incident Reporting for Critical Infrastructure Act of 2022 – “CIRCIA”), and in the EU (the Network Infrastructure Security Directive 2.0 (EU) 2022/2055 – “NIS2 Directive”). The first part (Beardwood, CRi 2023, 109–114) provided an overview of the legislative background and purpose of CCSPA, CIRCIA and the NIS2 Directive (I.); compared the scope of their application, based on systems and entities (II.) as well as their respective definitions of incidents (III.); and concluded with an comparative analysis of these foundational scope elements of the Critical Infrastructure cyber breach regime (IV.). This Part 2 continues the analysis and compares the details of their reporting requirements, with a focus on report content, timing and exceptions (V.); contrasts the approaches to record keeping (VI.) and enforcement (VII.); compares their respective penalty regimes (VIII.); and finally concludes with a brief analysis of the challenges for any company facing a critical infrastructure cyber breach across all three jurisdictions (IX.).