In this week's global legislative roundup, IAPP Legal Research Fellow Cathy Cosgrove looked at the scope of the potential California Privacy Rights Act regulations. Latham & Watkins' Tim Wybitul, CIPP/E, Christoph Baus and Isabelle Bram detailed the German Federal Constitutional Court's ruling that the Court of Justice of the European Union needs to clarify if the EU General Data Protection Regulation contains a materiality threshold for damages. Gorodissky & Partners Senior Lawyer Stanislav Rumyantsev, CIPP/E, outlined Russia's personal data-processing amendments that go into effect March 1. And, in the U.S., a number of states introduced privacy legislation.
THE LATEST
Brazil's data protection authority, the Autoridade Nacional de Proteção de Dados, published its initial guidelines for reporting a security incident.
More
In the U.S., Virginia lawmakers voted unanimously in support of a bill that places “a de facto ban” on police use of facial recognition technology, Government Technology reports.
More
ICYMI
Latham & Watkins' Tim Wybitul, CIPP/E, Christoph Baus and Isabelle Brams broke down the German Federal Constitutional Court's ruling that the Court of Justice of the European Union needs to clarify if the EU General Data Protection Regulation provided a materiality threshold for GDPR damage claims.
More
Gorodissky & Partners Senior Lawyer Stanislav Rumyantsev, CIPP/E, detailed Russia's personal data-processing amendments that go into effect March 1 and how data controllers should prepare for them.
More
IAPP Associate Editor Ryan Chiavetta, CIPP/US, had the reactions to the Promoting Digital Privacy Technologies Act and how its existence offers a level of validation to the U.S. privacy tech industry.
More
In the ninth installment of a 10-part series examining the top operational impacts of the California Privacy Rights Act, IAPP Legal Research Fellow Cathy Cosgrove looked at the scope of the potential regulations, including those touching upon automated decision-making technology and consumer requests.
More
ENFORCEMENT
Belgian Data Protection Authority Director Alexandra Jaspar warned the agency may be in danger of losing its independence, The Brussels Times reports.
More
A proposed bill would amend Brazil's General Data Protection Law to have penalties for noncompliance come into effect immediately.
More
British Columbia Information and Privacy Commissioner Michael McEvoy told a legislative committee reviewing the province’s Personal Information and Protection Act it is “toothless” and in need of “urgent reform,” the Vancouver Sun reports.
More
The Dutch government published its position on the proposed Digital Services Act and Digital Markets Act.
More
France's DPA, the Commission nationale de l'informatique et des libertés, issued guidance for local authorities in the context of data protection related to COVID-19 vaccinations.
More
France's CNIL also closed a formal notice against Électricité de France over processing electrify consumption data collected by the company.
More
German property company Deutsche Wohnen announced the Regional Court of Berlin dismissed a 14.5 million euro EU GDPR fine issued by Berlin's Commissioner for Data Protection and Freedom of Information in September 2019.
More
Irish Data Protection Commissioner Helen Dixon said transborder data flows could be disrupted as a result of the Court of Justice of the European Union's "Schrems II" ruling, Reuters reports.
More
Ireland's DPC also published its annual report for 2020.
More
Italy's DPA, the Garante, issued fines to three health care organizations for various data violations.
More
New Zealand's Office of the Privacy Commissioner published guidelines on the new rules that restrict international data transfers from New Zealand to third countries.
More
Poland's DPA, the Urząd Ochrony Danych Osobowych, announced the Provincial Administrative Court of Warsaw turned back an appeal by the Chief National Surveyor over a PLN 100,000 fine related to a data breach.
More
Spain's DPA, the Agencia Española de Protección de Datos, published guidance on protecting employees' privacy during online meetings.
More
Spain's AEPD also issued a 6 million euro fine to CaixaBank for violations of the EU GDPR.
More
The U.K. Information Commissioner's Office provided an update on the resources it offers to help organizations comply with access-to-information requests.
More
The Commissioner for Human Rights of the Verkhovna Rada of Ukraine announced it created recommendations for citizens' right to access information.
More
South Korea's Personal Information Protection Committee issued fines totaling 17 million won to four companies over data processing violations under the Personal Information Protection Act 2011.
More
AdvisorHub reports the Financial Industry Regulatory Authority fined Securities America $125,000 for improper disclosure of personal data without consent.
More
AFRICA
South Africa's Information Regulator published guidelines for entities creating voluntary codes of conduct for processing data under the Protection of Personal Information Act.
More
ASIA-PACIFIC
The Office of the Australian Information Commissioner asked that powers granted under the pending Critical Infrastructure Bill be clarified to account for the impact on individuals’ privacy, ZDNet reports.
More
The Dubai International Financial Centre announced proposed amendments to data protection laws that would clarify the judicial redress process for data subject rights and implement accountability requirements for controllers and processors.
More
The Indian government announced the “Information Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules 2021,” which will tighten oversight over social media and streaming platforms, including requiring the appointment of a chief compliance officer responsible for ensuring compliance, The Wire reports.
More
BRAZIL
Brazil's ANPD is accepting feedback on guidelines for reporting data security incidents under the LGPD.
More
EUROPE
The Court of Justice of the European Union ordered Spain to pay the European Commission 15.5 million euros and a potential daily fine thereafter for failing to transpose Directive (EU) 2016/680, the Data Protection Law Enforcement Directive.
More
Russian President Vladimir Putin signed a bill into law that would increase fines for data-processing violations.
More
US
U.S. TikTok users reached a $92 million preliminary class settlement with ByteDance over alleged data privacy violations, Reuters reports.
More
A proposed bill residing with the Arizona State Legislature would revise rules on the disclosure of student information.
More
Faegre Drinker Biddle & Reath Partners Kenneth Dort, CIPP/C, CIPP/E, CIPP/US, and Paul Luehr, CIPP/US, and Associate Mitchell Noordyke, CIPP/E, CIPP/US, CIPM, identified the most significant changes introduced by the California Privacy Rights Act, including the introduction of the California Privacy Protection Agency and adhering to broader notification obligations.
More
The Illinois House of Representatives is considering two privacy bills: House Bill 3910, the Consumer Privacy Act, was introduced Feb. 22, while HB 2404, the Right to Know Act, was submitted Feb. 17.
More
Clearview AI is willing to take Illinois' Biometric Information Privacy Act claims to the Supreme Court of the United States.
More
State Sen. Cynthia Stone Creem, D-Mass., introduced Senate Bill 1726, an act establishing the Massachusetts Information Privacy Act, Feb. 18.
More
According to law firm Winthrop & Weinstine, State Reps. Steve Elkins, D-Minn., and Mohamud Noor, D-Minn., introduced HB 1492, the Minnesota Consumer Data Privacy Act, Feb. 22.
More
A group of state representatives introduced the Rhode Island Transparency and Privacy Protection Act, which would require online entities to disclose the personal information they collect and "to what third parties they sell the information."
More
The Utah Senate's Transportation, Public Utilities, Energy, and Technology Committee unanimously approved moving SB 200, the Consumer Privacy Act, onto the Senate floor with a favorable recommendation.
More
Vermont Attorney General TJ Donovan is asking lawmakers to revise a moratorium on the police use of facial recognition technology to enable its help in solving child sexual exploitation cases, VTDigger reports.
More
