California Gov Signs Tracking Disclosures into Law
California Gov. Jerry Brown has signed into law an amendment to the California Online Privacy Protection Act (CalOPPA) that requires websites to disclose in privacy policies how they react to Do-Not-Track signals, becoming the first state in the U.S. to impose such regulations on operators, reports Hunton and Williams’ Privacy and Information Security Law blog. As well as requiring operators to inform users about their handling of browsers and other DNT mechanisms, the law requires them to disclose whether they allow third parties to access personal information about users’ online behavior over time and on other sites. Operators who fail to comply with CalOPPA will receive a warning and have 30 days to come into compliance “before being deemed in violation of the law and subject to an enforcement action,” the report states.
California Bill Would Extend Employee Social Media Law to Public Sector
The California Senate has passed a bill that would prevent public agencies from accessing employees’ or potential employees’ personal social media accounts except under certain circumstances, Lexology reports. While Labor Code 980 already protects the social media accounts of employees and applicants in private-sector organizations, if Gov. Jerry Brown signs this bill, 980 will be amended to include public entities. The state sheriff’s association and probation officers oppose the bill, saying they won’t be able to appropriately screen candidates.
Gov. Signs Bill Allowing Kids To Delete Online Pasts
California Gov. Jerry Brown has signed into law a bill that requires online companies and app developers to give minors the ability to remove their online content, KVNU reports. The bill is similar to EU proposals for a right to be forgotten. “A minor with a juvenile record can petition the courts to have it expunged when he turns 18,” said an attorney specializing in Internet privacy. “This new law is akin to what’s already out there in traditional law.” While the law only applies to Californians, companies based outside of the state must comply when dealing with California residents.
UPDATE: Minnesota Off the Hook for DPPA Violation
While an employee of the Departments of Public Safety and Natural Resources may still see charges for inappropriately accessing drivers’ data through the state database, a judge has ruled that the state is not responsible for his alleged violations of the Drivers’ Privacy Protection Act (DPPA). Law360 reports that the judge based her ruling on the plaintiffs’ failure “to allege that any act by the state defendants violated the federal Drivers’ Privacy Protection Act—specifically, the complaint does not allege the defendants knowingly ‘obtained, disclosed or used’ any of the plaintiffs' personal information ‘for a purpose not permitted’ by the DPPA.” (Login required for Law360 story.)
Senators Address NSA Phone Program; Rival Bills Issued
At least two new bills have been introduced in the Senate addressing the National Security Agency (NSA) phone surveillance program. The Senate Intelligence Committee is looking to swiftly pass legislation that would “change but preserve” the recently revealed dragnet program, according to The New York Times. The bill, backed by Sens. Diane Feinstein (D-CA) and Saxby Chambliss (R-GA), would require public reports revealing frequency of access by the NSA to the call log database, reduce the retention time from five to two years and require the NSA to send the data it searches to the Foreign Intelligence Surveillance Court for review. A rival bill, backed by Sens. Ron Wyden (D-OR) and Mark Udall (D-CO), would ban the collection program. (Registration may be required to access this story.)
Court Says Facebook "Like" Is Protected
The Fourth U.S. Circuit Court of Appeals has ruled in favor of a former Virginia deputy sheriff who said he was fired for “liking” the Facebook page of a man running for his boss’s position, MarketWatch reports. Chief Judge William Traxler, Jr., said in the ruling, “On the most basic level, clicking on the ‘like’ button literally causes to be published the statement that the user ‘likes’ something, which is in itself a substantive statement.” However, the report cautions, “The decision may not protect social networkers who press the 'Like' button with abandon” as the First Amendment “primarily protects individuals from government action,” one expert notes.
Sen. Leahy Aims To Revamp NSA Capabilities
Speaking at Georgetown University on September 24, Senate Judiciary Committee Chairman Patrick Leahy (D-VT) said he plans to aggressively pursue legislation to curb the National Security Agency’s surveillance powers, The Hill reports. Leahy announced he is working together with USA PATRIOT Act author Sen. Jim Sensenbrenner, Jr., (R-WI) and Sen. Mike Lee (R-UT) to craft the new legislation. “I am convinced that the system set up in the 1970s to regulate the surveillance capabilities of our intelligence community is no longer working,” Leahy said, adding, “In my view—and I’ve discussed this with the White House—the Section 215 bulk collection of Americans’ phone records must end.”
And, in case you missed it, Privacy Tracker also reported on U.S. District Judge Lucy Koh’s decision that Google’s practice of intercepting e-mails to and from Gmail users may violate federal and California wiretap laws.
MEPS: Stop TFTP Agreement in Its Tracks
European politicians have demanded that a broad data-sharing agreement between the U.S. and EU be suspended, PCWorld reports. The demands to halt the Terrorist Finance Tracking Program (TFTP) at Tuesday’s hearing of the Civil Liberties Committee follow allegations that the U.S. National Security Agency illegally tapped banking data, the report states. "We have no evidence that they have actually been doing this, but they don't deny it either. So in a way it is irrelevant whether they have used the opportunity so far, because they will continue to reserve that right in the future," said Dutch MEP Sophie in’t Veld, adding she considers the agreement to be “effectively dead.”
New Australian Privacy Principle Guidelines Released for Comment
The second stage of Australian Privacy Principle (APP) guidelines have been released for public comment, ComputerWorld reports. APPs one through five were published in August, and this next set addresses “new requirements for agencies in how they use or disclose personal information, undertake direct marketing activities and send data off-shore,” according to Privacy Commissioner Timothy Pilgrim. Noting specific concerns related to APP 8, Pilgrim said, “These new requirements provide a compelling business case for organisations to protect their business when planning to send personal information overseas." The Office of the Australian Information Commissioner will accept submissions until 21 October.
New Data Protection Guidelines for Singapore
Singapore’s Personal Data Protection Commission has issued new data protection guidelines for businesses operating in the country, Out-Law.com reports. Failure by consumers to opt out can signal consent to process data in certain circumstances, according to the new 18-page guidance note. The guidelines have been published to complement the Personal Data Protection Act—introduced in January and which goes into effect next July. One technology law expert said, “With the issuance of these advisory guidelines, the whistle has blown for organizations to kick off their compliance programs if they have not done so.”
South African President To Sign Data Protection Bill
The Protection of Personal Information Bill has recently passed in Parliament and will soon be signed into law by the president, report attorneys for Edward Nathan Sonnenbergs. The bill brings South Africa in line with international data protection laws, the report states, granting citizens the right to privacy when it comes to organizations collecting and processing their personal information by mandating compliance with eight conditions, including accountability, purpose specification and security safeguards.