The Dutch Parliament has approved the use of drones for video surveillance, giving mayors the right to determine when the use is appropriate; meanwhile, in the U.S., Washington state’s governor vetoed a drone bill there, saying it doesn’t go far enough to protect privacy. This week’s Privacy Tracker legislative roundup offers information on Idaho’s new DNA privacy law, Utah’s new mobile device privacy law and clarification on TCPA issued by the Federal Communications Commission. Also learn about the one-million Euro fine Google will pay to Italian regulators and a suit in Canada seeking class-action status that claims the Communications Security Establishment Canada “has been violating the constitutional rights of millions of Canadians.”
Dutch Parliament Approves Drone Surveillance
The Dutch Parliament has approved legislation allowing the use of drones for video surveillance in certain circumstances, reports ZDNet. Mayors will be charged with determining when to use camera surveillance, including mobile mounted cameras and drones to monitor residents, and the legislation makes a distinction between the two. While mobile cameras, such as those mounted to police helmets, can be used in peacekeeping efforts, drones may only be used in times where public safety is at risk.
FCC Issues TCPA Orders Clarifying Rules
The Federal Communications Commission (FCC) has issued two Telephone Consumer Protection Act (TCPA) orders: the first clarifying rules relating to “prior express consent” and the second creating an exemption for wireless package delivery notification. Inside Privacy reports that the FCC exempted package delivery notifications from the “prior express consent” requirement when the called party is not charged for them by the wireless carrier. In another case, GroupMe “asked the FCC to rule that senders of purely informational calls or text messages can rely on representations from an intermediary that the recipient’s ‘prior express consent’ has been obtained,” the report states. An 11th Circuit opinion seems to have confirmed the FCC’s limitation that “an intermediary’s representation regarding prior express consent will protect the sender from TCPA liability only when consent actually has been obtained.”
Breach Notification, Prevention Bill Proposed in California
Assemblyman Roger Dickinson (D-Sacramento) has proposed legislation that would require businesses to notify consumers of a breach within 15 days, limit the kind of data companies can retain and adopt better security practices, reports Capitol Television News Service. Dickinson says as well as protecting consumers, he believes it protects businesses by “making sure that they don't have data beyond that which they need to conduct a transactions in which they are engaged, which makes them less vulnerable to a breach,” adding, “We don't believe this legislation is going to prevent all data breaches. What we're trying to do is make sure that prudent steps are taken to prevent them to the extent possible.”
Cali Bill: “Gov’t Shouldn’t Be Able To Film Us Taking Bribes”
California Sen. Leland Yee (D-San Francisco) has proposed the “Complete Privacy from Government Intrusion, Including and Especially the District Attorney's Office Bill” that would not only make it illegal for authorities to read “our e-mails to the Chinese mafia” or listen in on “our burner phones just prior to making a drop” but would apply retroactively to all information collected by the government after January 1, 2012, reports SF Weekly, under the tags “Fauxopnions” and “It’s Called Satire, People.” The bill has the support of Attorney General Kamala Harris, who added, “I have a locked drawer in my office desk that nobody from the government better look through. It's locked, so it's private, okay?" I hope you all had a happy April Fool’s Day.
Idaho Passes DNA Privacy Bill
Idaho Gov. C.L. “Butch” Otter signed into law a bill that limits authorities’ collection of DNA samples to individuals convicted of felonies, reports KTVB. The bipartisan legislation effectively preempts a Supreme Court decision involving another state allowing police to collect DNA upon arrest. Idaho Sen. Elliot Werk (D-District 17), one of the authors of the bill, said, "Once we start down the road of simply collecting DNA upon arrest, that's a pretty slippery slope. In Idaho law it is very, perfectly clear now that it's only upon conviction, a criminal conviction, or with a court order,” adding, “DNA is your blueprint of you as a human being." SB 1240 passed through the legislature without a single objection and goes into effect July 1.
Louisiana House Committee Approves Social Media Bill
A Louisiana House Committee has given its approval to HB 340, which would protect students’ and employees’ from disclosing login information to their personal online accounts, reports The New Orleans Advocate. With the exception of requesting a personal e-mail address from employees and one that involves using company hardware to access social media accounts, employers and schools would be prohibited from penalizing employees and students for keeping this information private. The bill now heads to the House for debate.
A new policy at the Minnesota Department of Public Safety (DPS) means that it will now charge $5 per record and records will only be available during business hours through a secure online system. A bill aimed at halting this policy died in committee, clearing the way for the policy to go ahead as planned, KAAL TV reports. Opponents of the policy, including the Insurance Federation of Minnesota, claim it is unnecessary and will increase insurance prices, as this cost is around five times what companies currently pay, but DPS says the policy allows it to keep track of who’s accessing the records and when while also generating “additional revenue.”
Utah Gets Anti-Surveillance Law
Utah Gov. Gary Herbert has signed into law a bill that makes inadmissible in court any electronic data acquired by law enforcement without a warrant, reports the Tenth Amendment Center. HB 128 states, “a government entity may not use, copy or disclose, for any purpose, the location information, stored data or transmitted data of an electronic device” that is not the subject of a warrant” and takes effect on July 1.
Washington Gov. Vetoes Drone Bill, Places 15-Month Moratorium Instead
Saying the bill doesn’t go far enough to protect privacy, Gov. Jay Inslee vetoed a bill aiming to limit the use of drones by government authorities, reports The Spokesman-Review. Inslee instead placed a 15-month moratorium on government agencies buying or using drones in nonemergency situations. “I’m very concerned about the effect of this new technology on our citizens’ right to privacy,” said Inslee, but those who worked on the bill, as well as civil rights activists, are disappointed in his decision.
Judge: No Privacy Case Over "Less Sensitive" Data
Courthouse News Service reports U.S. District Judge Donovan Frank has dismissed various claims in Brook Mallak’s case alleging “unauthorized persons accessed her personal information—including her address, Social Security number, date of birth, height, weight and eye color—by searching her name in a database maintained by the Minnesota Department of Vehicle Services,” violating the Driver's Privacy Protection Act (DPPA) and U.S. Constitution. Frank found Mallak “does not have a privacy case with regard to less sensitive data like her height,” the report states. However, he determined “Mallak should proceed with the suit as a whole, after finding that searches made by name—not license plate number—and searches made at 3 or 4 in the morning justify evidence of a DPPA claim,” the report states.
The Future of Drone Regulation
The expected uptick in public and private use of unmanned aerial systems (UAS) in the U.S. has brought on a requisite increase in legislation in this area—both passed and proposed. “In 2013, 13 states passed laws governing UAS operations, and three states—Idaho, Oregon and Texas—enacted laws that specifically address UAS use by private entities,” write Hogan Lovells’ Partner Harriet Pearson, CIPP/US, and Associate Jared Bomberg in this Privacy Tracker post, leaving UAS operators with “a patchwork of state laws impacting their operations.” The authors outline three possible scenarios for the future of drone regulation in the U.S., taking into account current applicable privacy laws, Sen. Ed Markey’s (D-MA) proposal and the possibility for self-regulation. Editor’s note: For more on the future of drones, see parts one and two of this series for The Privacy Advisor, and look for part three next month.
Proposed Class-Action Targets CSEC; U.S. Seeks Changes To Allow Hosting
A proposed class-action filed this week in federal court by the BC Civil Liberties Association group seeks “payment or other remedies” for anyone who used a mobile device such as cellphones, laptops or tablets over the past 13 years “for potentially having their privacy rights violated,” Postmedia News reports. The suit, which targets Communications Security Establishment Canada (CSEC), claims CSEC “has been violating the constitutional rights of millions of Canadians,” the report states. “It's certainly a large class of people, that's for sure, but we also can't be entirely sure who in Canada, which specific people have been targeted by this kind of electronic spying," said Josh Paterson, the association’s executive director. Meanwhile, The Huffington Post reports on the U.S. “prodding Ottawa and some provinces to overhaul their privacy laws and allow Canadians’ personal data to be hosted on U.S. servers.”
Google Pays 1M Euro Fine
Google has paid a one million euro fine for privacy breaches in Italy related to its Street View mapping service, AAP reports, citing an announcement from Italy’s DPA, the Garante. The use of unmarked Street View vehicles resulted in bystanders not being able to discern whether their images were captured or by whom, the report states, noting the Garante asked Google to identify the vehicles and publicize their movements in advance. Though Google complied, the report states, the Garante fined the company for "the illicit collection of data destined for a large database of particular significance.” The Garante's announcement, in Italian, can be accessed here.
ALRC Recommendations Include Safe Harbour Laws
An Australian Law Reform Commission (ALRC) review on how current privacy law fits with current technological use has generated many headlines this week and, as ZD Net reports, “has recommended that online services that publish content generated by users should be able to access safe harbour laws where an invasion of privacy is concerned.” The ALRC released its “Serious Invasions of Privacy in the Digital Era” discussion paper on Monday. The paper contains 47 proposals and recommends a new federal law to “deal with serious privacy invasions,” the report states. “The ALRC proposes the introduction of a safe harbour scheme for Internet intermediaries, to protect them from liability for serious invasions of privacy committed by persons who use their services, where the intermediary meets certain conditions," the discussion paper states.
What Australia's New Privacy Principles Mean for Foreign Cos
While many organizations within Australia work to implement the newly enacted Australian Privacy Principles (APPs), organizations outside the country may wonder in what way the new law affects their business practices. In this Privacy Tracker post, IAPP Westin Fellow Dennis Holmes outlines aspects of the APPs that non-Australian businesses, particularly service providers, may want to pay attention to, including the privacy commissioner’s interpretation of “carrying on business” that “departs from the traditional notion of that standard in Australian law.” Holmes notes that the newness of the APPs makes it unclear how they will be applied, but “companies must understand whether they are subject to liability under the new rules and take meaningful steps toward full compliance if so.” (IAPP member login required.)
If you want to comment on this post, you need to login.