In this week's global legislative roundup, Switzerland's Federal Data Protection and Information Commissioner determined the Swiss-U.S. Privacy Shield arrangement is no longer adequate. The European Data Protection Board adopted new guidelines for concepts of controllers and processors under the EU General Data Protection Regulation. Indonesia plans to have its Personal Data Protection Bill drafted by November, while Singapore is considering privacy law amendments. And the U.K.'s Age Appropriate Design Code entered into force.
THE LATEST
Argentina's data protection authority, the Agencia de Acceso a la Información Pública, issued guidance on body temperature checks.
More
Colombia's data protection authority, the Superintendencia de Industria y Comercio, ordered Google to bring processing operations into compliance with the provisions of Law 1581 of 2012 for lack of transparency, inadequate information, and lack of verifiable and valid parental consent regarding processing children's personal data.
More
Switzerland's Federal Data Protection and Information Commissioner announced the Swiss-U.S. Privacy Shield program does not provide an adequate level of data protection following the judgment of the Court of Justice of the European Union on the EU-U.S. Privacy Shield.
More
The U.S. Foreign Intelligence Surveillance Court ruled the Federal Bureau of Investigation and National Security Agency violated a rule to safeguard civil liberties with their collection of emails and other communications gathered from U.S. tech and phone companies, The Washington Post reports.
More
Also in the U.S., the Virginia Mercury reports on Virginia's efforts to add new and bolster current data privacy laws.
More
ICYMI
Donaldson & Burkinshaw's Jansen Aw, CIPP/A, CIPP/E, CIPM, FIP, and Ngaim Ruo Ling look at the amendment on meaningful consent in Singapore's Personal Data Protection Act, as well as the issues with the current regime, in this piece for Privacy Tracker.
More
ENFORCEMENT
The European Data Protection Board adopted new guidelines on the concepts of data controllers and processors under the GDPR during its 37th plenary session. The guidance includes an explanation of the concepts and consequences for data controllers, processors and joint controllers.
More
The European Data Protection Supervisor issued orientations on proper practices for body temperature checks conducted by EU institutions.
More
The French data protection authority, the Commission nationale de l'informatique et des libertés, presented a control charter to ensure greater transparency of its assessment of organizations that process personal data.
More
Poland's data protection authority, the Urząd Ochrony Danych Osobowych, fined the Surveyor General of Poland PLN 100,000 for violations of Articles 5(1) and 6(1) of the GDPR in relation to improper data processing.
More
The Office of the Data Protection Authority for the Bailiwick of Guernsey announced it fined telecom Sure 80,000 GBP for lacking transparency with its data processing.
More
Spain's data protection authority, the Agencia Española de Protección de Datos, fined Vodafone España 60,000 euros for violating Article 6 of the GDPR.
More
ASIA-PACIFIC
The Ministry of Communication and Information Technology, Kominfo, announced Indonesia's Personal Data Protection Bill is expected to be ready by November.
More
An article from BSA looks at Singapore’s Personal Data Protection Commission and the Ministry of Communications and Information's proposed amendments to the Personal Data Protection Act.
More
EUROPE
The U.K. Information Commissioner's Office announced the Age Appropriate Design Code is now in effect.
More
US
According to Hunton Andrews Kurth's Privacy & Information Security Law Blog, the California Legislature passed the Genetic Information Privacy Act.
More
