This week’s Privacy Tracker legislative roundup includes the IAPP’s coverage of the European Commission’s report critiquing the EU-U.S. Safe Harbor agreement and offering the U.S. 13 ways to save it, and insight from Eduardo Ustaran, CIPP/E, on the report. You’ll also find information on the United Nation’s approval of an unlawful surveillance resolution, why India may have to wait a little longer for a privacy law and South Africa’s new law. In the U.S., more regions are considering social media laws and DNA databases, and courts have decided cases relating to COPPA and consumer privacy.


South Africa: Zuma Signs Privacy Bill Into Law
South African President Jacob Zuma’s administration announced on Wednesday that he has signed the Protection of Personal Information Bill into law, reports Global Post. "The act will give effect to the right to privacy, by introducing measures to ensure that the personal information of an individual is safeguarded when it is processed by responsible parties," said presidential spokesman Mac Maharaj. The bill contains eight principles that express the right to privacy provided in the constitution and establishes the Office of the Information Regulator, which will take over responsibility for the Promotion of Access to Information Act.
Full Story

India’s Privacy Bill To See Further Delay
Differences between the ministries of Home and Law and the Department of Personnel and Training mean the Right to Privacy Bill has little chance of being tabled in this winter’s session of Parliament, reports Indian Express. The bill was originally proposed in 2011 and aims to "safeguard security interests of all affected individuals whose personal data has or is likely to have been compromised by such a breach." Causing the divide is a provision stating the proposed law will supersede all provisions of the 58 existing laws that touch on privacy, Economic Times reports. An official at the Department of Personnel and Training told ET that the bill has been “stuck at the law ministry for several months now.”


NJ Social Media Privacy Law In Effect, NYC Debating Its Own
On the heels of New Jersey’s Social Media Privacy Law going into effect, the Staten Island City Council is looking at a bill that would provide similar protections for employees and potential employees, SI Live reports. Councilwoman Debi Rose (D-North Shore) one of the bill’s sponsors, said it "would eliminate the ability of an employer to demand or retaliate against failure to divulge a job applicant's or employee's private social media account information,” adding, “Privacy rights in this technological age must be protected. Information that is not available to the rest of the public cannot be demanded by an employer and should not hinder an individual's prospective or current employment."

Pennsylvania Senate Committee Amends Proposal for DNA Database
The Pennsylvania Senate in June passed a proposal allowing police to collect and retain DNA from anyone arrested for a felony or misdemeanor, expanding the current law which allows for DNA collection from those convicted of a “serious felony,” reports The Sentinel. However, the House Judiciary Committee amended the bill before approving it to address concerns that the bill was too broad. One amendment would stop police from entering DNA data into any state or national database until a suspect is “held for court at a preliminary hearing or waives his right to the hearing,” the report states. Another makes it easier for those determined innocent to have their DNA records expunged. One ACLU representative says the amendments don’t go far enough.

Site Settles After State Alleges COPPA Violation        
New Jersey has reached a settlement with a California app developer who allegedly violated COPPA by collecting the personal information of customers, which included children, reports. Dokogeo has agreed to pay the state $25,000, but that payment will be suspended for 10 years and voided if the company complies with the settlement’s terms, which include Dokogeo’s disclosure of the type of information it collects on its apps and website and how it shares data with third parties. Meanwhile, attorneys at Reed Smith discuss the increasing attention state Attorneys General are paying to privacy lately.
Full Story

Apple Wins iPhone Privacy Lawsuit Dismissal
A federal judge has dismissed a lawsuit that accused Apple of not complying with the privacy promises it makes to iPhone and iPad users, MediaPost reports. The class alleged the company violated its privacy policy by allowing unique identifiers to be shared with third parties, thereby compromising user privacy. U.S. District Court Judge Lucy Koh ruled consumers failed to show they had read the privacy statements prior to purchasing the devices and none had submitted evidence they “read or relied on any particular Apple misrepresentation regarding privacy.”
Full Story

Data Broker Settles With NJ Attorney General
A firm specializing in the tracking of car buying has settled charges with New Jersey’s attorney general after it was accused of using code to identify websites visited by its customers without their knowledge or consent and selling the harvested data, InformationWeek reports. At least 181,000 consumers were affected. The Tennessee-based data broker in question, Dataium, has been fined $99,000, payable over the next two years, and will be liable to pay a suspended amount of $301,000 if the company fails to comply with the settlement over the next five years. New Jersey Division of Law Director Christopher S. Porrino said, “Dataium allegedly used software code to track the websites visited by consumers without their knowledge or consent. The company also allegedly transferred the personal information of 400,000 consumers to one of the largest data brokers in the world.” Meanwhile, the city of San Diego, CA, has settled with a family after their DNA was swabbed without their consent by police.
Full Story


Commissioner Supports Call for CSC Audit
Correctional Investigator Howard Sapers has recommended Correctional Service Canada “conduct an internal audit of its practices and procedures to protect personal information,” Canada NewsWire reports, and that call has prompted a statement of support from Privacy Commissioner Jennifer Stoddart. “We are very pleased that the correctional investigator has called for an internal audit,” Stoddart’s statement reads. “Year after year, our own office has identified serious privacy concerns with respect to Correctional Service Canada (CSC).” The statement notes the CSC “consistently accounts for the largest number of complaints received by our office”—with 284 received in 2012-2013.
Full Story

Journalists Concerned About Bill C-461
Journalists and broadcasters are raising concerns that Bill C-461 “could undermine the journalistic and programming integrity of Canada's public broadcaster, the CBC/Radio-Canada,” CNW reports. In a statement, the journalists cite multiple concerns, including that it “opens the door to privacy requests that could also jeopardize the CBC's journalistic integrity.” The report suggests, “C-461 changes the Privacy Act by removing the CBC's right to exclude privacy information collected for reasons of journalism and instead makes disclosure of that information subject to a test of injury to the CBC's ‘independence.’”
Full Story


Commission Gives U.S. 13 Ways To Save Safe Harbor
The European Commission has released its report on EU-U.S. data flows, including a critique of the widely-criticized Safe Harbor framework , which makes 13 recommendations to improve the data-transfer mechanism. The commission says U.S. authorities have until summer of 2014 to implement the recommendations, at which point it will revisit the review. In this exclusive for The Privacy Advisor, U.S. Federal Trade Commissioner Julie Brill said she’s pleased the commission has indicated its support for maintaining Safe Harbor as a data transfer mechanism. “I think some of the recommendations—increasing transparency and making alternate dispute resolution accessible and affordable—would be helpful.” Dutch MEP Sophie in ‘t Veld told The Privacy Advisor that while she’s pleased there’s progress, the report is long overdue. “Maybe we’re now finally entering the phase where we no longer tolerate that our own EU rules are being overruled by third countries’ laws,” she said. Covington & Burling’s Henriette Tielemans said the report indicates a “genuine willingness on the part of the commission” to save Safe Harbor.
Full Story

Safe Harbor Report Could Be the Start of Real Privacy Interoperability
According to Field Fisher Waterhouse Partner Eduardo Ustaran, CIPP/E, the European Commission’s report on Safe Harbor lived up to expectations of being “critical” of the agreement but stopped short of “delivering a fatal blow to the scheme.” Ustaran writes for Privacy Perspectives that false claims of compliance with Safe Harbor “appear to be a greater concern than the potential vulnerability of Safe Harbor as a conduit to allow U.S. intelligence authorities to access data originating from the EU,” adding, “In other words, the European Commission is not really seeking to turn Safe Harbor into a data bunker…”
Full Story

Cookie Monsters of Silicon Valley Come to Brussels
In the world of online tracking, the cookie is kingbut there may be a regime change on the horizon. Cookies are under more regulatory scrutiny than ever, especially in Europe, but even as legislation seeks to make cookie use more privacy protective, the technology itself is on the way out. Instead, server-side tracking alternatives and embedded device identifiers, mainly in the hands of Internet giants like Google, Facebook, Microsoft and Apple, are poised to supplant cookies in the digital tracking market. Thus, it is important to analyze the effect of these changes in the techno-business landscape on the EU regulatory framework. IAPP Westin Research Fellow Kelsey Finch examines how this new technology is likely to be viewed and regulated in the European Union. (Editor’s Note: The IAPP Data Protection Congress will explore these issues Dec. 10 through 12, in Brussels.)
Full Story

UN Passes Internet Privacy Resolution
The United Nations General Assembly’s Human Rights Committee has unanimously approved an unlawful surveillance resolution originally proposed by Brazil and Germany, the Associated Press reports. Though symbolic, the resolution looks to pass along privacy rights to people around the world. The U.S., along with the other “Five Eyes” nations, had tried to dilute some of the resolution’s language, the report states. Brazil’s UN ambassador said the resolution “established for the first time that human rights should prevail irrespective of the medium and therefore need to be protected online and offline.” Germany’s ambassador queried, “Is the human right to privacy still protected in our digital world? And should everything that is technologically feasible, be allowed?”
Full Story

Asia Pacific

Pilgrim Discusses New Powers                     
Privacy Commissioner Timothy Pilgrim has said his office “won’t take a ‘softly-softly’ approach with new regulatory powers that will become available to it in March,” IT News reports. Speaking at the iappANZ Privacy Unbound Summit this week, Pilgrim said, “The two sets of principles we have are fundamentally very similar to the ones that are coming into place. The private sector has been working with them for over 12 years; the government has been working with them for over 25 years; there’s a common theme, so there shouldn’t be a big challenge in complying with them." He noted, however, that for “difficult organisations and some intransigent organizations,” the office would take a stricter stance. Meanwhile, the Australian Law Reform Commission will be recommending updates to privacy laws to address serious invasions of privacy.
Full Story

Critics Say Hong Kong Data Protection Law Needs Update
Critics of Hong Kong’s data protection law say the law is “miles away” from comparable laws internationally and needs an update in order for the city to tackle privacy challenges and embrace opportunities presented by public data use, South China Morning Post reports. Reviews of the law have come following the privacy commissioner’s forced shutdown of mobile app “Do No Evil” for privacy violations. “There is a need to conduct a public consultation again to see whether people think the law now needs to be amended,” said lawmaker Charles Mok, adding he hopes the government will engage the public.
Full Story

Written By

Emily Leach, CIPP/US


If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Advertise in IAPP Publications

Find out how to get your message in front the people you want to reach. Download a media kit now.

Get more News »

Find a KnowledgeNet Chapter Near You

Network and talk privacy at IAPP KnowledgeNet meetings, taking place worldwide.

Women Leading Privacy

Events, volunteer opportunities and more designed to help you give and get career support and expand your network.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

New Web Conferences Added!

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Staff

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Close-up

Looking for tools and info on a hot topic? Our close-up pages organize it for you in one easy-to-find place.

Where's Your DPA?

Our interactive DPA locator helps you find data protection authorities and summary of law by country.

IAPP Westin Research Center

See the latest original research from the IAPP Westin fellows.

Looking for Certification Study Resources?

Find out what you need to prepare for your exams

More Resources »

GDPR Comprehensive: Registration Open

New! Intensive two-day GDPR training led by the sharpest minds in the field. It's a can't-miss event.

The Congress Is Cancelled

The IAPP Europe Data Protection Congress 2015 is cancelled. Click through to learn more.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Exhibit at an Event

Put your brand in front of the largest gatherings of privacy pros in the world. Learn more.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»