Brazil Internet Bill of Rights Becomes Law
Brazilian President Dilma Rousseff has signed the country’s Internet “Bill of Rights” into law, CNET reports. The bill, also called the Marco Civil, or Constitution for the Internet, aims to “safeguard online privacy and pave the way to complete net neutrality,” the report states. While the bill has been in the process of passing for years, revelations on invasions of privacy via the U.S. National Security agency spurred government action. Whistleblower Edward Snowden sent an open letter to the people of Brazil last December alleging the NSA tracks residents. World Wide Web creator Tim Berners-Lee said the law could lead to similar legislative action worldwide.

California Senate Panel Approves Online Privacy Bill
Law360 reports that a California Senate panel passed a bill to limit how commercial websites can handle consumers’ personal information. The bill would require data brokers to allow California residents to opt out of the sale and public posting of their personal data, the report states. (Registration may be required to access this story.)

California Vehicle Data Bill Stalls in Committee
A bill requiring car makers to open up access to data transmitted by computerized cars has stalled in committee, reports The Sacramento Bee. The bill’s backers say it would give consumers more control over the data, allowing them to share it with whom they choose, but automakers have claimed it’s an attempt by insurance companies to get access to this data. Still others say the bill would be very costly for automakers and raises questions about compromising data privacy and security, among others. Interestingly, seven of the 11 lawmakers abstained from voting, ending in a 3-1 vote—three short of the votes needed for advancement.

California Mayor Wants Surveillance Notification
Compton, CA, Mayor Aja Brown has proposed the Citizen Privacy Protection Policy, which would require law enforcement to notify the public before installing surveillance equipment, reports Los Angeles Times. The proposal was prompted by news that for nine days in 2012, police conducted aerial surveillance of the city. There are currently cameras mounted throughout the city, with plans for approximately 75 more. A sheriff’s department spokeswoman cited the ground cameras as the rationale for not notifying the public of the aerial recording; however, Sgt. Doug Iketani said the surveillance was kept quiet to mitigate complaints.

Connecticut Senate Passes Pharmacy Rewards Program Bill, Addition to Do-Not-Call Registry
The Connecticut Senate has passed a bill requiring pharmacies to notify customers that take part in prescription drug rewards programs about which third parties will have access to their data because of agreeing to the program and what their medical privacy rights are if they waive their HIPAA rights by signing up. The Hartford Courant reports that while SB 208 does not prohibit these programs, Sen. Paul Doyle (D-Wethersfield) says “it's making the consumer aware if they opt in and become a participant, what they can be giving up.” The Senate also unanimously approved a measure to include unsolicited text messages on the state’s do-not-call registry. Both bills will now head to the House.

Florida Senate Passes Amended Breach Notification Law
The Florida Senate has unanimously passed the Information Protection Act of 2014, requiring businesses to notify consumers of a breach within 30 days, reports Law360. SB 1524 also repeals previous breach legislation and contains a provision stating that for breaches of more than 500 individuals, organizations must also notify the attorney general’s office. “While Florida is one of 47 states that currently have state security breach notification laws, the replacement legislation modernizes and updates the statute and expands the statute to include state governmental entities and their instrumentalities, according to a representative with the attorney general's office,” the report states. (Registration may be required to access this story.)

Michigan Senate Passes Gun-Owner Privacy Bills
The Michigan Senate has passed three bills that would make gun-owner records confidential and therefore not subject to Freedom of Information Act requests, reports WILX 10 . The records would be available only to law enforcement and only under certain conditions. Violations could result in a fine of $550, the report states. The bills now head to the House.

Minnesota Committee Aims To Stop Public Employees’ Snooping
Due in part to an incident involving a Department of Natural Resources employee improperly accessing driver's license data, a House-Senate committee is struggling to create a bill aimed at halting the snooping of public workers, the Associated Press reports. The group has discussed options such as publicly naming snoopers, informing the targets of the snooping that their data was inappropriately accessed and creating reliable means of tracking access. The group has yet to come up with legislation to propose.

Minnesota Senate Passes Indefinite Newborn Data Retention Bill
The Minnesota Senate has passed a bill allowing the State Department of Health to retain newborn bloodspot data indefinitely, restoring a policy that was overturned in a state court, reports GenomeWeb Daily News. While the bill requires more education for parents about the screening and allows parents to opt out of the program, it would allow the state to use the data for research and to develop new tests. Individuals would also be able to opt out of the program upon their 18th birthday. In a written statement, the Citizen's Council for Health Freedom expressed its disapproval, saying the Senate “just voted to repeal genetic privacy rights at birth."

NH House Approves Mobile Privacy Bills
The New Hampshire House has approved two anti-surveillance bills aimed at protecting individuals’ mobile devices, reports Offnow.org. HB 1619 prohibits government agencies from obtaining or accepting personal information from “third-party providers of information and services” without first getting a warrant. HB 1533 bans the use of information obtained from a “portable electronic device” in “a criminal, civil, administrative or other proceeding.” A committee will tackle a third bill targeting the collection of location information next month. As a group, the bills aim to thwart government surveillance.

Drone Bill Proposed in Rhode Island, Nixed in NH
RI Rep. Teresa Tanzi (D-District 34) has proposed HB 7170 to regulate government use of drones in the state, and while most believe there is an appropriate use for drone surveillance, privacy advocates and authorities differ on where to draw the line, reports WPRI. RI State Police Col. Steven O’Donnell says as written, the bill would limit first responders’ ability to do their jobs. In New Hampshire, HB 1620, which aimed to restrict commercial drone use, has been sent to interim study by the Senate, “a polite way to kill bills in the second year of a legislative session,” according to Government Technology. While the bill’s sponsor, Rep. Neal Kurk (R-Weare) believes the bill strikes the right balance, opponents say it is too restrictive, placing limits on drones that do not exist for small helicopters and planes.


The FTC's Common Law of Privacy
Columbia Law Review has published the “The FTC and the New Common Law of Privacy,” co-written by Profs. Daniel J. Solove and Woodrow Hartzog. They note the Federal Trade Commission (FTC) has been enforcing companies’ privacy policies through its Section 5 authority since the late 1990s, resulting in a body of FTC jurisprudence that “is functionally equivalent to a body of common law…” In their paper, Solove and Hartzog “explore how and why the FTC, and not contract law, came to dominate the enforcement of privacy policies” while contending the FTC’s jurisprudence has effectively “codified certain norms and best practices and has developed some baseline privacy protections.” They argue standards now resemble rules and this “common law” is the foundation for “a robust privacy regulatory regime.” Editor’s Note: Woodrow Hartzog will be an instructor, focusing on privacy and the FTC, at this year’s IAPP Information Privacy Summer Institute. Find the IAPP’s burgeoning FTC Casebook here.
Full Story

Justice Dept. Fights Judge Over Bulk E-mail Collection Rulings
Lawyers from the Justice Department are appealing to a higher court after Magistrate Judge John Facciola’s denial of the department’s application to search and seize several months’ worth of a suspect's e-mails, reports The Wall Street Journal. Facciola has twice denied the application saying the first step of the government’s two-step process, in which the government obtains all e-mails and information tied to the account from a third party, puts too much personal information in their hands. Facciola believes the third party, in this case Apple, can sift through the data prior to giving it to the government, but the Justice Department objects to giving investigative responsibility to a service provider. (Registration may be required to access this story.)
Full Story

Illinois To Write a New Consent Law, But What About Other Two-Party States?
It’s a good thing producers of The Good Wife aired their episode “A Few Words” when they did, or one of the best lines—for privacy litigators, at least—would’ve been moot. In this Privacy Tracker post, InfoLawGroup’s Tanya Forsheit, CIPP/US, breaks down the People v. Clark decision deeming Illinois’ two-party consent law unconstitutional and why most other two-party state laws won’t be affected—most notably California’s. “California’s two-party consent law does not suffer from the defect that doomed Illinois’s two-party consent law in Clark,” writes Forsheit, noting, however, “it remains to be seen, in California and elsewhere, what happens in close cases where it is far less clear whether all the parties have a reasonable expectation of privacy in the conversation.”
Full Story

Ohlhausen on the Challenges of Creating Policy for Big Data
Federal Trade Commissioner Maureen Ohlhausen spoke at last week’s “Privacy Principles in the Era of Massive Data” at Georgetown Law, highlighting a need for more guidance for industry, but also noting that she hasn’t “seen anything that suggests that big data technology raises fundamentally new data security issues." Ohlhausen also discussed contradictions between the Fair Information Practice Principles and the way Big Data is currently used, and while underscoring the need for diligence in the FTC, cautioned against “preemptive action that could preclude entire future industries."
Full Story

Wyndham and the Future of Cybersecurity Legislation
The FTC v. Wyndham case has been called by some­ the “most important federal court decision on data security enforcement,” but what does it mean for the possibility of cybersecurity legislation in the U.S.? Andrew Proia, a postdoctoral fellow at Indiana University, outlines some possible outcomes in this Privacy Tracker blog post. “Calls for comprehensive data privacy and security legislation are nothing new,” Proia writes, but with the affirmation of the FTC’s authority under the FTC Act, will passage of such a proposal be more or less likely? It may depend on who you ask. (IAPP member login required.)
Full Story

FTC Issues Advice on COPPA Compliance; New Tool Aims To Help
The Federal Trade Commission (FTC) has expanded the guidance attached to its children’s online privacy rule (COPPA) to provide schools with information on how to obtain consent to collect students’ personal data, Law360 reports. In its “Complying with COPPA: Frequently Asked Questions” guide, the FTC offers advice on how to enable students to share information using a publicly available online social network, among other topics. Meanwhile, a free cloud-based compliance service, AgeCheq, aims to help mobile app and game publishers to comply with COPPA. “The mobile app industry requires a single, simple-to-use system that manages COPPA compliance for both publishers and parents, and that is exactly what AgeCheq is," said the company’s CEO.
Full Story


Opinion: The Trouble With the Digital Privacy Act
With the Digital Privacy Act (Bill S-4) in the news, commenters are beginning to make their voices heard in opposition. Tony Drake writes for ITBusiness.Ca in agreement with Michael Geist that the privacy legislation “could mean lots more work for (Ontario Privacy Commissioner Ann) Cavoukian and her federal counterpart,” due to the broad allowances the act makes for investigating agencies to acquire PII without a warrant. Advocacy organization Index on Censorship likens the proposed bill to the U.S. legislation known as CISPA. Further, the Canadian Bar Association’s publication, National, rounds up other concerns generated by the bill, including the chance it will “open the door to copyright trolling in Canada.”
Full Story


Senators Submit Report on Open Data
Telecompaper reports on a report from French Sens. Gaetan Gorce and Francois Pillet on an open data policy for government information. “After three months and around 40 interviews, the senators concluded that open data represents a risk to citizen 'e-identification.' In the healthcare sector, for example, someone can identify a person in 89 percent of cases using information about hospital name, date of birth and post code, and 100 percent if there have been two hospital visits,” the report states. The report includes about 20 recommendations, including that the government “anonymise, if necessary, all of its databases that have personal information and could be opened publicly.”
Full Story

Albrecht Talks Technology, Proposed Regulation
This piece in The Irish Times profiles European member of Parliament (MEP) Jan Philipp Albrecht, who was among the first of the MEPs to support the decision to toss out the data retention directive recently. Albrecht credits his youth with helping him understand the implications of certain technologies. At 31 years old, he grew up with the Internet and was among the first wave of lawyers to be trained in the area. “Now, the whole question of how we combine legal issues with technical issues has become so important. There is a need for people who can understand and explain the technology environment in which we live,” Albrecht says, adding he’s confident the new data protection regulation will be passed by 2015.
Full Story


FOI Request Produces Briefs on Australian Gov’t Plan
The Australian Attorney General’s Office has released ”heavily censored” documents related to the government’s shuttered data retention plans, reports The Sydney Morning Herald. The documents include talking points in the form of “If asked about…” bullet points, background on telecommunications security and indicators of the need for reform.
Full Story

ACC Calls for Mandatory Data Retention Regime
The Australian Crime Commission (ACC) has appointed a new chief executive and told Internet service providers to up their game on tackling crime, ITWire reports. In its submission to the Senate Standing Committee on Legal and Constitutional Affairs, the ACC called for a two-year mandatory data retention regime to provide law enforcement agencies “the flexibility to tackle the complications posted by emerging technologies,” the report states.
Full Story

Edwards To Limit Cost of Credit Reports in New Zealand
New Zealand Privacy Commissioner John Edwards has proposed limiting the amount credit reporters can charge individuals for immediate access to their credit information to $10, reports NewstalkZB. The efforts were prompted by a company charging $51.95 for access, which Edwards called unreasonable and a breach of the Credit Reporting Privacy Code, as it is a barrier to individuals’ access rights.
Full Story

Written By

Emily Leach, CIPP/US


If you want to comment on this post, you need to login.


Related Posts


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Advertise in IAPP Publications

Find out how to get your message in front the people you want to reach. Download a media kit now.

Get more News »

Find a KnowledgeNet Chapter Near You

Network and talk privacy at IAPP KnowledgeNet meetings, taking place worldwide.

Women Leading Privacy

Events, volunteer opportunities and more designed to help you give and get career support and expand your network.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

New Web Conferences Added!

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Staff

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Close-up

Looking for tools and info on a hot topic? Our close-up pages organize it for you in one easy-to-find place.

Where's Your DPA?

Our interactive DPA locator helps you find data protection authorities and summary of law by country.

IAPP Westin Research Center

See the latest original research from the IAPP Westin fellows.

Looking for Certification Study Resources?

Find out what you need to prepare for your exams

More Resources »

GDPR Comprehensive: Registration Open

New! Intensive two-day GDPR training led by the sharpest minds in the field. It's a can't-miss event.

The Congress Is Cancelled

The IAPP Europe Data Protection Congress 2015 is cancelled. Click through to learn more.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Exhibit at an Event

Put your brand in front of the largest gatherings of privacy pros in the world. Learn more.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»