Vague Data Protection Authority

The Agency can make determinations about data handling and privacy requirements based on what it "finds just and equitable" - an undefined, subjective standard that undermines legal certainty in data protection. Modern privacy frameworks like the GDPR require clear, predictable rules so individuals know their rights and organizations understand their obligations. This provision allows the Agency to impose data requirements beyond existing data protection laws without clear criteria, creating potential conflicts with the Data Protection Commission and unpredictable compliance obligations for any organization handling personal data in emerging technology systems.