In this week’s Privacy Tracker global legislative roundup, the IAPP had wall-to-wall coverage of the official announcement of the record-breaking settlement between the U.S. Federal Trade Commission and Facebook. Additionally, Facebook is staring down other fines and legal action in the U.S. and Europe. Equifax also settled with the FTC, the U.S. Consumer Financial Protection Bureau and 50 U.S. states and territories for upward of $700 million and resolved a U.S. class-action suit related to its 2017 data breach. The European Commission published a review of the EU General Data Protection Regulation. Colombia handed out four fines worth nearly 864 million pesos combined. In the U.S., Illinois is seeing a flurry of class-action suits under its Biometric Information Privacy Act. And there are updates on the progress of data protection laws in India and Tanzania.
THE LATEST
Australia is creating a regulatory office that will focus on policing big tech platforms such as Facebook and Google.
More
Colombia’s data protection authority has issued two fines against Comcel S.A. and one fine each to DIRECTV and Avantel for data breach violations. The four fines amount to 864 million pesos.
More
The Court Justice of the European Union has ruled that companies using Facebook’s “Like” button can be held liable for collecting data.
More
India is still waiting for a draft of its Personal Data Protection Bill to be presented to Parliament a year after it was drawn up.
More
The Tanzania Human Rights Defenders Coalition has called for the government to work on a bill for data security and privacy protections.
More
A trio of class-action suits has been filed in Illinois courts based off the state’s Biometric Information Privacy Act. The cases against Menasha Corporation, Lakhani Hospitality, Metal Impact and Thunderbird all involve alleged unlawful use of fingerprint scans.
Minnesota lawmakers are attempting to resurrect a bill that would regulate drone use. After a House-Senate panel hearing, the plan is to reintroduce the modified bill in 2020.
More
Law firm Wyrick Robbins explains how Nevada’s new consumer privacy law appears strict in its language, but a deeper look proves otherwise.
More
The Electronic Privacy Information Center has filed a motion in a Washington court to challenge the U.S. Federal Trade Commission’s settlement with Facebook.
More
Washington Attorney General Karl Racine has filed a suit to have Facebook unseal internal communications regarding Cambridge Analytica now that the matter has been resolved in a recent settlement with the U.S. Securities and Exchange Commission.
More
ICYMI
The IAPP was all over the U.S. Federal Trade Commission's formal announcement of its $5 billion settlement with Facebook. Editorial Director Jedidiah Bracy, CIPP/E, CIPP/US, filed a story for The Privacy Advisor on the FTC’s announcement. Editor Angelique Carson, CIPP/US, caught up with privacy pros for reaction on the settlement’s mandates beyond the fine in another piece for The Privacy Advisor. And Vice President and Chief Knowledge Officer Omer Tene offered his take on the settlement in a Privacy Perspectives post.
Onur Sümer, CIPP/E, CIPM, wrote for Privacy Tracker outlining the steps data controllers need to take to register their data mapping before the Sept. 30 deadline given by Turkey's data protection authority.
More
APAC
In Australia, the New South Wales Information and Privacy Commission announced the Department of Communities and Justice has released a discussion paper for mandatory reporting of data breaches by public agencies in the state.
More
Australia’s federal government plans to introduce the Consumer Data Right to Parliament this week after officially announcing the scheme two years ago.
More
The Law Council of Australia has called for the use of warrants when enforcement agencies seek to access metadata from the country’s telecommunication companies.
More
India may make changes to its Personal Data Protection Bill, including relaxing the mandate that all personal data be stored in the country and instead store only "critical" or "sensitive" information.
More
EUROPE
The European Commission is asking the Court of Justice of the European Union to impose financial sanctions on Greece and Spain for failing to transpose the rules on the Data Protection Law Enforcement Directive before the May 6, 2018, deadline.
More
Thirty civil society organizations sent an open letter to European Commission President-Elect Ursula von der Leyen and First Vice President Frans Timmermans calling for an independent assessment to study the need for data retention legislation.
More
The European Commission released a report looking at the impact of the EU General Data Protection Regulation and how implementation can be improved.
More
France’s data protection authority, the CNIL, has imposed a fine of 180,000 euros against Active Insurances, citing the company “breached its obligation to secure personal data provided for by Article 32 of the [EU] General Data Protection Regulation.”
More
The Irish Data Protection Commission expects a decision by the end of 2019 on its probe into Facebook's possible violations of the EU General Data Protection Regulation, according to DPC Deputy Commissioner Dale Sunderland.
More
Advocacy groups have taken the U.K. government to court over its decision to deny European citizens the right to access individual immigration data held by the Home Office.
More
U.K. House of Commons Digital, Culture, Media and Sport Committee Chair Damian Collins said the government may investigate privacy concerns with Facebook's new cryptocurrency, Libra.
More
US
In a U.S. District Court in Georgia, Equifax agreed to a proposed settlement worth at least $1.4 billion in a multidistrict class-action suit over its 2017 data breach.
More
Lawmakers in New York City are introducing a bill that would make it illegal for cellphone companies and mobile apps to share user location information collected in the city without the customer’s permission.
More
The U.S. House of Representatives passed a bipartisan bill designed to stop robocalls.
More
Facebook will pay $100 million to the U.S. Securities and Exchange Commission for making misleading disclosures regarding the risk of misuse of user data.
More
