India’s attorney general says the government is mulling over a comprehensive data protection law expected to be released by August. Australia’s metadata-retention law has hit the end of its implementation period with critics continuing to say it misses the point. In the U.S., at least 10 states are considering bills prohibiting ISPs, and in some cases other internet companies, to sell customer data — with one city council passing a resolution in the same vein. New Mexico became the 48th state with a data breach notification law. Oregon has a new law protection the information of individuals who buy marijuana products from state-licensed dispensaries. And the Washington legislature has passed a biometric privacy law awaiting the governor’s signature. Read about this and more in this week’s Privacy Tracker legislative roundup.
LATEST NEWS
The Pioneer reports that Attorney General of India Mukul Rohatgi disclosed before a Constitution Bench of the Supreme Court that the government intends to put in place a law to protect data stored and exchanged on digital platforms by August.
More
The National Law Review offers an overview of changes to breach notification laws in Tenessee and Virginia as well as the new law in New Mexico.
More
Oregon Governor Kate Brown has signed into law a bill to protect the personally identifying information of individuals who purchase marijuana products at state-licensed dispensaries, reports The Daily Chronic.
More
Michigan state Sen. Rick Jones, R, says legislation is being written to limit the selling of customer data by internet service providers, search engines, and social media sites, reports WEDT.
More
Utah's legislature has passed a drone privacy bill making the use of video or audio recording devices to violate an individual's privacy a misdemeanor, reports reports The Republic. The bill awaits the governor's signature.
The San Juan Islander reports, the Washington state legislature has passed a bill prohibiting businesses from obtaining or selling biometric information from individuals without their consent. It now awaits the governor’s signature.
More
The Tacoma, Wa., city council has passed a resolution requiring the two ISPs that lease space on the local cable provider to get consent prior to acquiring or selling customers’ personal information, reports KIRO 7.
More
ICYMI
Just weeks after the Irish High Court heard arguments from select parties in a case that could affect the future of private trans-Atlantic data flows, Irish Data Protection Commissioner Helen Dixon, at the IAPP Global Privacy Summit in Washington, shared her thoughts about the case and questions the court must consider.
More
US
The Verge reports the United States is fast-tracking a facial recognition system in U.S. airports that employs facial matching to individuals leaving the country to identify whether a traveler entered the U.S. legally.
More
The Federal Trade Commission announced it will join in on President Donald Trump's call for federal agencies to cut down on regulations. Though not covered under Trump's executive order, FTC Acting Chairman Maureen Ohlhausen welcomed the directive.
More
The state of New Mexico has become the 48th U.S. state to enact a data breach notification law, BankInfoSecurity reports.
More
The reaction to the rollback of Obama-era U.S. Federal Communications Commission privacy rules continues, Ad Age reports, with at least 11 states considering 21 new privacy bills.
More
Virginia recently updated its data breach notification law to require notification when payroll data is compromised, HealthITSecurity reports.
More
The New York Supreme Court has ruled patient records from the New York Organ Donor Network are not liable to HIPAA regulations, HealthITSecurity reports.
More
Illinois state Sen. Jacqueline Collins, D-16th District, has proposed legislation that would ban car insurance companies from using an individual's ZIP code when setting premiums, the Chicago Sun Times reports.
More
ASIA PACIFIC
As Australia’s metadata-retention law hits the end of its two-year implementation period, critics remain, saying the regulation doesn't take into account the nature of tech companies' relationship with data, The Australian reports.
More