California’s bill banning the sale of license-plate scanner data has failed, but the state has bigger fish to fry—the Senate recently passed a bill to legislate data brokers and the Assembly has passed a breach notification bill. Meanwhile, Tennessee is the latest state to pass a social media law and Oregon is debating mobile privacy legislation. In New Zealand, Privacy Commissioner John Edwards is pushing a new privacy act giving his office increased powers and, in Canada, government surveillance bills are drawing the ire of privacy commissioners and advocates nation-wide. Read all about it in this week’s Privacy Tracker weekly legislative roundup. 


California On Its Way to Regulating Data Brokers?
The California Senate has passed SB 1348, a bill that would require online data brokers to provide consumers with a way to opt out and access data held about them, Lexology reports. Under the bill, brokers that sell data would be required to honor requests from consumers that information about them be removed within 10 days and could then not be reposted or sold to a third party. The bill also includes a private right of action. The action comes amid investigations, reports and discussions at the federal level surrounding similar legislation. SB 1348 has the backing of privacy groups but is expected to face challenges from industry groups.

California Bill Banning the Sale of License-Plate Data Fails
The California Senate this week rejected SB 893, which would have banned the sale of data from license-plate scanners by public and private entities, require operators to maintain a privacy policy and ban cameras from private property, reports the Associated Press. One Senator who supports the bill said she expects the bill to be revised and brought back to the table.

California Breach Notification Bill Passes Assembly
In a 43-24 vote, the California Assembly passed AB 1710, which would set requirements for breach notifications and ID theft mitigation. According to a press release from the bill’s authors, Assemblymembers Roger Dickinson (D-Sacramento) and Bob Wieckowski (D-Fremont), it requires businesses to notify affected individuals by e-mail or snail mail, post notification to their websites and to statewide media and also provide at least two years of ID theft protection services. The bill was gutted of more stringent provisions due to warnings from industry groups against enshrining evolving technologies into law. “Recent breaches emphasized the need for stronger consumer protections and awareness. The retailers affected by the recent mega data breaches are not the first nor will they be the last,” said Dickinson.

Oregon Legislature Debates Privacy v. Public Safety
In front of an Oregon Senate panel last week, advocates weighed in on a slate of bills that would limit police access to digital data, reports NWPR. Portland criminal defense attorney Bronson James noted that current law was created prior to the digital age, adding, smart phones have “become the portal into where we contain our privacy." But prosecutors warned against tying the hands of law enforcement. Both sides agree the bills need more work before going up for a possible vote next year.

Tennessee Gets Social Media Privacy Law
Tennessee Gov. Bill Haslam has signed into law the Employee Online Privacy Act of 2014, which bans employers from requiring current and potential employees to hand over login credentials to personal online accounts, ESR Check reports. Businesses found in violation of the act may face fines of up to $1,000 per violation and exceptions have been made in the bill for employer-supplied devices.


While U.S. Companies Suffer, Bi-partisan Push for ECPA Reform Grows
While U.S. businesses continue to suffer “real, tangible” harms following the Snowden revelations, bipartisan supporters are pushing for an update to the nearly 30-year-old Electronic Communications Privacy Act (ECPA) in the name of bolstering privacy protections, The New York Times reports. “It’s very easy for providers outside the country to say, ‘Hey, move your business offshore into an area that cares more about your privacy.’ They don’t have better laws necessarily. They have a better marketing department,” said the COO of a web-hosting company in Virginia. Sen. Mike Lee (R-UT) said it’s “frightening” we still have a law on the books that says the government can read your e-mail, and bi-partisan support is a no-brainer. (Registration may be required to access this story.)
Full Story

Sens. Paul, Coombs: Founding Fathers Would've Protected Smartphones
In a column for Politico, Sens. Rand Paul (R-KY) and Chris Coons (D-DE) write that privacy “is a core American value” and that two recent cases heard by the Supreme Court—Riley v. California and United States v. Wurie—give rise to “whether technological advancements have rendered one of our most treasured civil liberties obsolete.” The Fourth Amendment, they argue, “did not find its way into the Constitution by accident,” but, “Today, many Americans keep their entire lives on their phones … What protection does the Constitution offer them from suspicionless search by the government?” They add, “How the Supreme Court addresses this challenge will set an important precedent as technology continues to present capabilities and threats never specifically considered by our Founders.” Editor’s Note: For more on these cases, IAPP members can read Cellphone Privacy in the Supreme Court: What To Know in the Lead-Up to Oral Arguments in the IAPP’s Privacy Tracker.
Full Story

Franken Reintroduces Tracking Bill; Sens Question EBay on Breach
Sen. Al Franken (D-MN) will reintroduce legislation aimed at preventing organizations—both in the public and private sectors—from tracking individuals by their geolocation, Venture Beat reports. The Location Privacy Protection Act of 2014 aims to give consumers better control over their location-based data, particularly in the mobile sphere. The bill also would require companies to gain consent from consumers prior to collecting such data. Meanwhile, Sens. Joe Barton (R-TX) and Bobby Rush (D-IL) have sent a letter to eBay CEO John Donahoe with questions about the recent data breach affecting more than 100 million users. The senators asked whether eBay noticed a breach in location information and to explain if it intends to perform a data security assessment.
Full Story

So CalOPPA Was Amended. Now What Do I Do?
The latest amendment to the California Online Privacy Protection Act (CalOPPA) became effective on January 1 of this year. The law now requires privacy policies to include certain Do Not Track (DNT) disclosures, which has led to confusion and uncertainty on how to comply. To provide guidance, California Attorney General Kamala Harris recently released a guide titled Making Your Privacy Practices Public. But what to make of it? The IAPP will host a web conference aimed at helping you understand the CalOPPA guidance on Tuesday, June 10 from 1 to 2:30 p.m. In an exclusive for The Privacy Advisor, Lei Shen, CIPP/US, unpacks the AG’s CalOPPA guide and offers tips on how to comply.
Full Story

FTC Calls for Legislative Action to Regulate Data Brokerage
In a report roughly 18 months in the making, the FTC has released “Data Brokers: A Call for Transparency and Accountability,” which both defines the data broker industry and includes strenuous recommendations for legislative action. Through 130 pages of report, appendices and exhibits, the FTC commissioners have unanimously raised a series of concerns over data brokerage while offering a series of pointed fixes, including a call for mandatory notification by all companies when collected data could potentially be sold to a broker. This exclusive for The Privacy Advisor examines the report and gets initial comment from FTC Chairwoman Edith Ramirez and FTC Commissioner Julie Brill. “We want to lift the veil of secrecy that shrouds the data broker industry’s practices,” Ramirez said. Editor’s note: Speakers will expand on the data broker industry and the meaning of the FTC Data Broker report at the IAPP Privacy Academy, in San Jose, CA, Sept. 17-19.
Full Story

Industry Reaction to FTC Report: Eh.
Whether talking to the Digital Marketing Association, Acxiom or the Consumer Data Industry Association, you won’t find much disagreement with the FTC’s data broker report, released yesterday. There is some general puzzlement, however: “One interesting thing about this report is that after thousands of pages of documentation submitted over the two years of thorough inquiry by the FTC, the report finds no actual harm to consumers, and only suggests potential misuses that do not occur,” said Peggy Hudson, DMA senior vice president of government affairs. The Privacy Advisor rounds up response and looks ahead to next steps.
Full Story


Bills Have Privacy Commissioners, Advocates Worried
A Senate subcommittee is investigating online advertising, InsidePrivacy reports. The Senate Permanent Subcommittee on Investigations held a hearing last week entitled “Online Advertising and Hidden Hazards to Consumer Security and Data Privacy,” looking at advertisement-based malware that cybercriminals could use to target consumers. It was supplemented by a report by Sen. John McCain (R-AZ) and Subcommittee Chairman Carl Levin (D-MI). Meanwhile, privacy advocates are concerned that the bill aimed at reforming the surveillance practices of the National Security Agency is getting watered down before it sees a vote.
Full Story

Senate Liberal Caucus Tackles Surveillance Oversight Bill
A meeting of the Senate Liberal caucus on Wednesday discussed a bill to create a parliamentary committee to oversee Canada’s surveillance regime, reports The Globe and Mail. Sen. Hugh Segal, the bill’s sponsor, called national security a struggle between a democracy’s freedoms and protecting the public, and the bill’s co-sponsor said he believes the intelligence community backs it. During the meeting, former head of the Communications Security Establishment Canada John Adams commented Canadians post more online than any other country, adding, “We’re not very smart, so we’ve got a long ways to go.” Interim Privacy Commissioner Chantal Bernier noted, “we’re at a crossroads at this point where we use the Internet without having fully understood its powers and its risks.” Meanwhile, a group of academics and privacy advocates issued a seven-part statement calling for stricter privacy controls on agencies conducting surveillance.
Full Story

CCLA Pushing for Rules on Police Database Disclosures
The Toronto Star conducted an investigation into what and how much information police have stored in data banks and how often that data is requested, finding that the Canadian Police Information Centre alone holds more than 10 million records and processes 200 million inquiries a year. The Canadian Civil Liberties Association (CCLA) is pushing for clearer rules around what police should be able to release from their data banks. According to the CCLA, “The current legal lacunae largely leave it to requesting organizations and local police services to decide what should be disclosed, to whom, and under what circumstances,” adding, “The widespread release of non-conviction records runs counter to the presumption of innocence; violates individuals’ privacy; and leads to discriminatory, stigmatizing exclusion from employment, education and community opportunities.”
Full Story

Expert: IGA Good for Banks, but Needs Refinement
Roy Berg, director of U.S. Tax Law with Moodys Gartner Tax Law in Calgary explains in this Calgary Herald report some of the intricacies of the Foreign Account Tax Compliance Act (FATCA) and the more recently signed intergovernmental agreement (IGA). “If Canada hadn’t entered into this intergovernmental agreement then the banks would have been subject to the full nasty force of FATCA. Instead, they’re in a better position having entered into this IGA,” said Berg. But the rules need refining. Berg would like to see certain Canadian trusts included in the definition of organizations subject to reporting under the IGA, noting, “This would eliminate the problem of every Canadian trust and every Canadian estate that have non-Canadian accounts being subject to additional withholding of distributions back to Canada.”
Full Story


Data Privacy Pledges in Elections; One-Stop-Shop Still Debated
PCWorld reports on the recently held European Parliament elections and how dozens of candidates pledged to support data privacy initiatives and curb surveillance. “It’s great to see that so many candidates and citizens consider their digital civil rights worth defending and were ready to commit to the principles of the charter,” said digital rights group EDRi Director Joe McNamee. The New York Times reports on the continued debate in the EU about the proposed “one-stop-shop” regulatory efforts. The aim is to streamline data protection regulation for companies doing business in the EU, but some are concerned that companies will set up headquarters in the country with the most lenient regulations. “This issue has become more political than technical,” said a representative from Brussels digital rights group Access. “Who gets to decide these matters is very important.”
Full Story

Germany May Set Up RTBF Arbitration Court; Ireland to Audit Apple, Adobe, Yahoo
The government of Germany may set up arbitration courts to advise on what data EU citizens can compel Google and other search engine businesses to take down, after the recent European Court of Justice ruling on the so-called “right to be forgotten.” The Interior Ministry in Berlin is seeking to create “dispute-settlement mechanisms” for takedown requests. The ministry is concerned that algorithms that automatically remove links after takedown requests could put public information at risk. The ministry wrote, “Politicians, prominent figures and other persons who are reported about in public would be able to hide or even delete reports they find unpleasant.” The New York Times reports on how Irish Data Protection Commissioner Billy Hawkes finds himself in the middle of the “one-stop-shop” debates currently underway in the EU. Additionally, Hawkes said his office plans to conduct audits of Apple, Adobe and Yahoo in the near future.
Full Story


Edwards Pushes for Strengthening Privacy Act
New Zealand Privacy Commissioner John Edwards is pushing proposed changes to the 20-year-old Privacy Act, saying they would give New Zealanders more control over their information and give his office better tools to protect privacy in the digital age, reports ITNews. "These reforms will power up our privacy law to bring it more in line with world class standards of protection that New Zealanders are entitled to expect," Edwards said. The new law would mean mandatory breach notification, a five-fold increase in fines and give the privacy commissioner the power to order businesses to fix practices and make binding decisions on complaints, among other changes.
Full Story

Gov't To Develop New Systems for Int'l Biometric Data Sharing
Using funding from the Operation Sovereign Borders initiative, the new government plans to develop systems to share biometric data with other nations, reports ZDNet. Immigration Minister Scott Morrison told an audience at the Biometrics Institute conference that this kind of data sharing helps the government detect high-risk individuals before they enter the country. Currently, Australia has biometric data sharing agreements in place with New Zealand, Canada, the UK and the U.S. “This funding is directed towards the development of solutions that use secure Internet-based data exchange between partner countries, without reliance on data being stored on the Australian secure server," Morrison said.
Full Story

Written By

Emily Leach, CIPP/US


If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Advertise in IAPP Publications

Find out how to get your message in front the people you want to reach. Download a media kit now.

Get more News »

Find a KnowledgeNet Chapter Near You

Network and talk privacy at IAPP KnowledgeNet meetings, taking place worldwide.

Women Leading Privacy

Events, volunteer opportunities and more designed to help you give and get career support and expand your network.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

New Web Conferences Added!

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Staff

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Close-up

Looking for tools and info on a hot topic? Our close-up pages organize it for you in one easy-to-find place.

Where's Your DPA?

Our interactive DPA locator helps you find data protection authorities and summary of law by country.

IAPP Westin Research Center

See the latest original research from the IAPP Westin fellows.

Looking for Certification Study Resources?

Find out what you need to prepare for your exams

More Resources »

GDPR Comprehensive: Registration Open

New! Intensive two-day GDPR training led by the sharpest minds in the field. It's a can't-miss event.

The Congress Is Cancelled

The IAPP Europe Data Protection Congress 2015 is cancelled. Click through to learn more.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Exhibit at an Event

Put your brand in front of the largest gatherings of privacy pros in the world. Learn more.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»