S17_Banner_300x250-COPY
CS17_Banner_300x250-COPY
PrivacyCore_ad_300x250-01

U.S.

California Gov Signs Tracking Disclosures into Law
California Gov. Jerry Brown has signed into law an amendment to the California Online Privacy Protection Act (CalOPPA) that requires websites to disclose in privacy policies how they react to Do-Not-Track signals, becoming the first state in the U.S. to impose such regulations on operators, reports Hunton and Williams’ Privacy and Information Security Law blog. As well as requiring operators to inform users about their handling of browsers and other DNT mechanisms, the law requires them to disclose whether they allow third parties to access personal information about users’ online behavior over time and on other sites. Operators who fail to comply with CalOPPA will receive a warning and have 30 days to come into compliance “before being deemed in violation of the law and subject to an enforcement action,” the report states.

California Bill Would Extend Employee Social Media Law to Public Sector
The California Senate has passed a bill that would prevent public agencies from accessing employees’ or potential employees’ personal social media accounts except under certain circumstances, Lexology reports. While Labor Code 980 already protects the social media accounts of employees and applicants in private-sector organizations, if Gov. Jerry Brown signs this bill, 980 will be amended to include public entities. The state sheriff’s association and probation officers oppose the bill, saying they won’t be able to appropriately screen candidates.

Gov. Signs Bill Allowing Kids To Delete Online Pasts
California Gov. Jerry Brown has signed into law a bill that requires online companies and app developers to give minors the ability to remove their online content, KVNU reports. The bill is similar to EU proposals for a right to be forgotten. “A minor with a juvenile record can petition the courts to have it expunged when he turns 18,” said an attorney specializing in Internet privacy. “This new law is akin to what’s already out there in traditional law.” While the law only applies to Californians, companies based outside of the state must comply when dealing with California residents.
Full Story 

UPDATE: Minnesota Off the Hook for DPPA Violation
While an employee of the Departments of Public Safety and Natural Resources may still see charges for inappropriately accessing drivers’ data through the state database, a judge has ruled that the state is not responsible for his alleged violations of the Drivers’ Privacy Protection Act (DPPA). Law360 reports that the judge based her ruling on the plaintiffs’ failure “to allege that any act by the state defendants violated the federal Drivers’ Privacy Protection Act—specifically, the complaint does not allege the defendants knowingly ‘obtained, disclosed or used’ any of the plaintiffs' personal information ‘for a purpose not permitted’ by the DPPA.” (Login required for Law360 story.) 

Senators Address NSA Phone Program; Rival Bills Issued
At least two new bills have been introduced in the Senate addressing the National Security Agency (NSA) phone surveillance program. The Senate Intelligence Committee is looking to swiftly pass legislation that would “change but preserve” the recently revealed dragnet program, according to The New York Times. The bill, backed by Sens. Diane Feinstein (D-CA) and Saxby Chambliss (R-GA), would require public reports revealing frequency of access by the NSA to the call log database, reduce the retention time from five to two years and require the NSA to send the data it searches to the Foreign Intelligence Surveillance Court for review. A rival bill, backed by Sens. Ron Wyden (D-OR) and Mark Udall (D-CO), would ban the collection program. (Registration may be required to access this story.)
Full Story
 

Court Says Facebook "Like" Is Protected
The Fourth U.S. Circuit Court of Appeals has ruled in favor of a former Virginia deputy sheriff who said he was fired for “liking” the Facebook page of a man running for his boss’s position, MarketWatch reports. Chief Judge William Traxler, Jr., said in the ruling, “On the most basic level, clicking on the ‘like’ button literally causes to be published the statement that the user ‘likes’ something, which is in itself a substantive statement.” However, the report cautions, “The decision may not protect social networkers who press the 'Like' button with abandon” as the First Amendment “primarily protects individuals from government action,” one expert notes.
Full Story

Sen. Leahy Aims To Revamp NSA Capabilities
Speaking at Georgetown University on September 24, Senate Judiciary Committee Chairman Patrick Leahy (D-VT) said he plans to aggressively pursue legislation to curb the National Security Agency’s surveillance powers, The Hill reports. Leahy announced he is working together with USA PATRIOT Act author Sen. Jim Sensenbrenner, Jr., (R-WI) and Sen. Mike Lee (R-UT) to craft the new legislation. “I am convinced that the system set up in the 1970s to regulate the surveillance capabilities of our intelligence community is no longer working,” Leahy said, adding, “In my view—and I’ve discussed this with the White House—the Section 215 bulk collection of Americans’ phone records must end.”
Full Story

And, in case you missed it, Privacy Tracker also reported on U.S. District Judge Lucy Koh’s decision that Google’s practice of intercepting e-mails to and from Gmail users may violate federal and California wiretap laws.

EU

MEPS: Stop TFTP Agreement in Its Tracks
European politicians have demanded that a broad data-sharing agreement between the U.S. and EU be suspended, PCWorld reports. The demands to halt the Terrorist Finance Tracking Program (TFTP) at Tuesday’s hearing of the Civil Liberties Committee follow allegations that the U.S. National Security Agency illegally tapped banking data, the report states. "We have no evidence that they have actually been doing this, but they don't deny it either. So in a way it is irrelevant whether they have used the opportunity so far, because they will continue to reserve that right in the future," said Dutch MEP Sophie in’t Veld, adding she considers the agreement to be “effectively dead.”
Full Story

ASIA-PACIFIC

New Australian Privacy Principle Guidelines Released for Comment
The second stage of Australian Privacy Principle (APP) guidelines have been released for public comment, ComputerWorld reports. APPs one through five were published in August, and this next set addresses “new requirements for agencies in how they use or disclose personal information, undertake direct marketing activities and send data off-shore,” according to Privacy Commissioner Timothy Pilgrim. Noting specific concerns related to APP 8, Pilgrim said, “These new requirements provide a compelling business case for organisations to protect their business when planning to send personal information overseas." The Office of the Australian Information Commissioner will accept submissions until 21 October.
Full Story

New Data Protection Guidelines for Singapore
Singapore’s Personal Data Protection Commission has issued new data protection guidelines for businesses operating in the country, Out-Law.com reports. Failure by consumers to opt out can signal consent to process data in certain circumstances, according to the new 18-page guidance note. The guidelines have been published to complement the Personal Data Protection Act—introduced in January and which goes into effect next July. One technology law expert said, “With the issuance of these advisory guidelines, the whistle has blown for organizations to kick off their compliance programs if they have not done so.”
Full Story

AFRICA

South African President To Sign Data Protection Bill
The Protection of Personal Information Bill has recently passed in Parliament and will soon be signed into law by the president, report attorneys for Edward Nathan Sonnenbergs. The bill brings South Africa in line with international data protection laws, the report states, granting citizens the right to privacy when it comes to organizations collecting and processing their personal information by mandating compliance with eight conditions, including accountability, purpose specification and security safeguards.
Full Story

Written By

Emily Leach, CIPP/US

Comments

If you want to comment on this post, you need to login.

Related

Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

Latin America Dashboard Digest

A roundup of the top privacy news from Latin America

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Get more News »

IAPP Communities

Meet locally with privacy pros, dive deep into specialized topics or connect over common interests. Find your Community in KnowledgeNet Chapters, Sections and Affinity Groups.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find a KnowledgeNet Chapter Near You

Talk privacy and network with local members at IAPP KnowledgeNet Chapter meetings, taking place worldwide.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

The Privacy Core™ Library Has Evolved

Privacy Core™ e-learning essentials just expanded to include seven new units for marketers. Keep your data safe and your staff in the know!

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

Upcoming Web Conferences

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Team

Get your team up to speed on privacy by bringing IAPP training to your organization.

Let’s Get You DPO Ready

There’s no better time to train than right now! We have all the resources you need to meet the challenges of the GDPR.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

FIP Designation

Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in today’s complex world of data privacy.

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

CIPP/E + CIPM = DPO

The IAPP’S CIPP/E and CIPM are the ANSI/ISO-accredited, industry-recognized combination for DPO readiness. Learn more today.

Learn more about IAPP certification »

Are You Ready for the GDPR?

Check out the IAPP's EU Data Protection Reform page for all the tools and resources you need.

IAPP-OneTrust PIA Platform

New U.S. Government Agency privacy impact assessments - free to IAPP members!

IAPP Communities

Meet locally with privacy pros, dive deep into specialized topics or connect over common interests. Find your Community in KnowledgeNet Chapters, Sections and Affinity Groups.

Privacy Vendor List

Find a privacy vendor to meet your needs with our filterable list of global service providers.

More Resources »

Europe Data Protection Intensive 2017

The Intensive is sold out! But cancellations do happen—so hurry and get on the wait list in case more seats become available.

Global Privacy Summit 2017

The world’s premier privacy conference returns with the sharpest minds, unparalleled programs and preeminent networking opportunities. Early Bird ends TODAY.

Canada Privacy Symposium 2017

The Symposium returns to Toronto this spring and registration has opened! Take advantage of Early Bird rates and join your fellow privacy pros for another stellar program.

The Privacy Bar Section Forum 2017

The Privacy Bar Section Forum returns to Washington, DC April 21, delivering renowned keynote speakers and a distinguished panel of legal and privacy experts.

Asia Privacy Forum 2017

The Forum returns to Singapore for exclusive networking and intensive education on data protection trends and challenges in the Asia Pacific region. Call for Speakers open!

Privacy. Security. Risk. 2017

This year, we're bringing P.S.R. to San Diego. The Call for Speakers is now open. Submit today and be a part of something big! Submission deadline: February 26.

Europe Data Protection Congress 2017

European policy debate, multi-level strategic thinking and thought-provoking discussion. The Call for Speakers is open until March 19.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»