In this week’s Global News Roundup, Turkey’s data protection authority fined TikTok 1.75 million liralar. U.S. Federal Trade Commissioner Christine Wilson announced she will resign at the end of the month. Reforms to the Australian Privacy Act are poised to have significant impacts on small and medium-sized businesses. And new compromise texts of the EU Artificial Intelligence Act were circulated by its co-rapporteurs.
The Latest
The National People’s Congress of China is expected to approve the creation of a data authority during March's annual session.
The House of Commons of Canada plans to re-open debate on the proposed Digital Charter Implementation Act, Bill C-27, at second reading.
U.S. Sens. Mazie Hirono, D-Hawaii, Amy Klobuchar, D-Minn., and Elizabeth Warren, D-Mass. introduced legislation to protect citizens’ personal health data.
The Washington state House of Representatives passed legislation protecting consumer health care data.
Enforcement
New Zealand’s Office of the Privacy Commissioner issued a statement on the value of court injunctions to secure individuals’ data following a data breach.
Turkey’s data protection authority, the Kişisel Verileri Koruma Kurumu, fined TikTok 1.75 million liralar for insufficiently protecting users from unlawful data processing.
Following its investigation into the use of Google Analytics, Norway's data protection authority, Datatilsynet, issued a preliminary conclusion finding the tool breaches the EU General Data Protection Regulation's data transfer rules.
U.S. Federal Trade Commissioner Christine Wilson will resign from her post March 31.
The U.S. Federal Trade Commission announced a proposed order against online counseling service BetterHelp over alleged improper data sharing for advertising purposes.
The U.S. Federal Trade Commission warned Amazon and its newly acquired health care chain One Medical that patients' personal health information should not be used for advertising or marketing purposes.
Asia-Pacific
Conflicting reports emerged over Indian Parliament's Standing Committee on Communications and Information Technology's approval of the proposed Digital Personal Data Protection Bill.
Potential reforms of Australia’s Privacy Act 1988 are poised to make significant changes and could require entities to devote significant resources to compliance.
Other major provisions of the proposed Privacy Act changes include defining data controllers and processers in Australian law, removing the small business exemption, tightening employee information collection and increased standards to demonstrate “valid consent.”
Under proposed reforms of Australia's Privacy Act, certain small and medium-sized businesses could have their data protection programs regulated.
Europe
The Swedish Presidency of the EU Council circulated new compromise text of the Cyber Resilience Act, detailing its interplay with the Artificial Intelligence Act, and enforcement and penalties.
Proposed Artificial Intelligence Act co-rapporteurs Brando Benifei and Dragoș Tudorache offered a new set of compromise texts concerning a range of disputed topics in the EU proposal.
The U.K. government reportedly won't act on the proposed Data Protection and Digital Information Bill during the current parliamentary session.
U.K. Secretary of State for Science, Innovation and Technology Michelle Donelan refuted a reported pause on consideration of the proposed Data Protection and Digital Information Bill.
US
The reauthorization of Section 702 of the Foreign Intelligence Surveillance Act is a "top priority" for U.S. President Joe Biden's administration, National Security Advisor Jake Sullivan said in a statement.
Hawaii Senate Bill 974 advanced out of the Senate Committee on Ways and Means on a 13-0 vote.
Kentucky's proposed Senate Bill 15 was moved to a second reading in the Senate Rules Committee.
The Montana Senate voted 50-0 to advance Senate Bill 384 to House consideration.
Utah Senate Bill 152 on social media regulation amendments earned final passage following Senate concurrence on House amendments.
Guidance
The Hong Kong Office of the Privacy Commissioner for Personal Data published a review of its 2022 activities, during which it responded to 105 data breach notifications.
The Office of the Privacy Commissioner of Canada issued guidance to employers on the use of virtual staffing platforms.
Spain’s data protection authority, the Agencia Española de Protección de Datos, published guidance for anonymizing data.
The Spanish autonomous region of Catalonia’s data protection authority, the Autoritat Catalana de Proteccio de Dades, published the "Privacy by design and privacy by default" guide for developers, allowing them "to develop applications, to identify the different important elements for personal data protection, and (to identify) steps that can be taken to deal with it right from the moment of design."
ICYMI
The European Data Protection Board released its nonbinding opinion on the draft adequacy decision related to the EU-U.S. Data Privacy Framework. The IAPP's Jennifer Bryant and Jedidiah Bracy, CIPP, have the details.
Across the U.S., state legislatures are pushing for the adoption of comprehensive privacy legislation during their 2023 legislative sessions. IAPP Staff Writer Joe Duball looks at where commonality originated from and whether additional trends that could disrupt compliance are on the horizon.
