In this week’s Privacy Tracker global legislative roundup, members of Indian Parliament continue work on amending the draft Data Protection Bill, with a goal of tabling and passing the legislation during the July session. The European Commission published its proposal for a Data Act, introducing binding requirements for the manufacturer of connected devices and related services to provide access to the data that users create. And Brazil’s Congress passed a constitutional amendment giving citizens the fundamental right to personal data protection.
The Latest
The Economic Times reports members of Indian Parliament remain engaged on amending the draft Data Protection Bill, 2019, with an eye to tabling and passing the legislation during Parliament's Monsoon Session beginning in July.
More
The Council of Europe and representatives of Gambia’s government discussed recommendations and conclusions of an analysis of options to establish a Data Protection and Privacy Agency.
More
ICYMI
California Privacy Protection Agency Executive Director Ashkan Soltani provided an update on the rulemaking timeline for California Privacy Rights Act regulations, revealing the agency will miss its July 1 deadline and likely finish regulations sometime during Q3 or Q4. IAPP Staff Writer has details on the developing situation.
More
Journalist Luca Bertuzzi has the details on the European Commission’s published proposal for a Data Act, introducing binding requirements for the manufacturer of connected devices and related services to provide access to the data that users create.
More
Or-Hof Law owner and Lecturer in Law at Tel Aviv University Dan Or-Hof reviews Israel's data protection authority's recently published guidelines on the role of a data protection officer as well as a set of introduced bills to amend the Protection of Privacy Law.
More
Andrea Jelinek, chairwoman of the European Data Protection Board, penned a letter to European Commissioner for Justice Didier Reynders about adapting liability rules in the digital age and for artificial intelligence.
More
The EDPB said protections of personal data transferred to third countries resulting from the Second Additional Protocol to the Cybercrime Convention “must be essentially equivalent to the EU level of protection.” The EDPB also adopted a final version of the Guidelines on Codes of Conduct as a tool for transfers and a letter on AI liability, welcoming plans to adapt rules to artificial intelligence.
More
The Irish Times reports Ireland's Data Protection Commission reached a preliminary decision to potentially suspend Facebook's data transfers between the EU and the U.S. The DPC has given Meta, Facebook's parent company, 28 days to respond to a revised decision before it is presented to members of the EDPB under Article 60 of the EU General Data Protection Regulation.
More
The Irish DPC’s Annual Report for 2021 notes a 7% increase in queries and complaints over 2020, the conclusion of 95% of valid breach notifications received in 2021, and the DPC’s 225 million euro fine against WhatsApp.
More
Latvia's State Data Inspectorate said in 2021 it received nearly 1,000 citizen complaints and 88 notifications from data controllers regarding potential personal data protection violations. Corrective measures were applied in 23% of inspections and fines for violations were imposed in six cases, the inspectorate said.
More
The Netherlands’ data protection authority, Autoriteit Persoonsgegevens, fined Belgium-based DPG Media 525,000 euros for EU GDPR violations.
More
Asia-Pacific
India's Ministry of Electronics and Information Technology opened a public consultation on the country's draft Data Accessibility & Use Policy. The proposed scheme would facilitate the sharing of unspecified non-personal data that is collected, generated and stored by government entities.
More
Canada
The government of Ontario is planning to introduce legislation that would require employers to notify employees of electronic monitoring, CBC News reports. Under the proposal, employees would be notified in the event of monitoring via computers, cellphones, GPS systems or other electronic devices whether in the workplace or working from home.
More
Europe
France’s Constitutional Council recently ruled that components of the country’s data retention regime were unconstitutional, according to a Question of Constitutionality decision. The decision noted the retention of data under the law resulted in an infringement of the right to respect for private life, as well as a breach of EU law.
More
Latin America
Brazil’s Congress passed an amendment to Article 5 of the constitution that gives citizens the fundamental right to personal data protection, ZDNet reports.
More
US
U.S. Sens. Jeff Merkley, D-Ore., and Roy Blunt, R-Mo., introduced a bill to block the Internal Revenue Service from deploying biometric technologies to obtain services.
More
Two bills seeking extended exemptions for employee and business-to-business data under the California Privacy Rights Act were filed to the California State Assembly.
More
The Iowa House Information Technology Committee voted 15-0 to advance House Study Bill 674, a proposal related to consumer data protection.
More
The Oklahoma House Technology Committee passed HB 2969, the Oklahoma Computer Data Privacy Act.
More
State Sen. Joseph Rafferty, D-Maine, introduced "An Act To Protect Consumers' Privacy by Giving Them Greater Control of Their Data and To Establish Consumer Protections Regarding Small Dollar Loans" Feb. 16.
More
Utah Senate Bill 227, the Utah Consumer Privacy Act, was reported out of the Senate Revenue & Taxation Committee with favorable recommendation. The bill is now eligible for Senate floor consideration.
More
The Wisconsin State Assembly voted 59-37 to pass Assembly Bill 957, the Wisconsin Data Privacy Act, out of chamber. The Senate has until the session adjourns March 10 to pass the bill.
More
Privacy operations management
The Spanish Data Protection Agency published a guide, the "Risk management and impact assessment in personal data processing," to help data controllers determine whether all required elements have been considered when conducting a Data Impact Assessment Data Protection.
More