In this week’s Privacy Tracker legislative roundup, read about an increase in the scope of Israel’s anti-spam law; a delay in the implementation of the U.K. Investigatory Powers Act; an update on Schrems’ case against standard contractual clauses; and China’s draft Network Products and Services Security Review Measures. In the U.S., learn about the Federal Communications Commission’s continued effort to stall broadband privacy rules; the trend to increase the scope of personal information in state breach notification laws; a Utah bill to protect voter-registration records that has passed committee on its third try; and a Missouri bill requiring schools to notify affected individuals of a data breach. 

LATEST NEWS

Germany’s interior ministry announced a draft law last month that would allow authorities to access personal data from electronic devices of asylum seekers without their consent, reports The Verge.
More

Israel’s Knesset has enacted a new anti-spam amendment increasing the scope of the law, reports Mondaq.
More

Four U.S. lawmakers have proposed legislation to set up a cybersecurity grant program to help state, local and tribal governments more effectively fight cyber threats, reports the Augusta Free Press.
More

Jurist reports, a California court has ruled electronic communications sent by public employees on their personal devices that relate to public business are public information.
More

A Missouri Senate bill would require schools to notify affected individuals of a data breach, reports KSPR.
More

In response to fears of a crackdown on legal marijuana by the new administration, a group of Oregon lawmakers has proposed legislation requiring marijuana businesses to destroy customer information within 48 hours, reports CBS News.
More

The Salt Lake Tribune reports that a Utah bill aiming to protect voter-registration records has cleared committee and is now headed to the full House.
More

ICYMI

As data collection has become more ubiquitous, technologies more advanced and consumer data more valuable, the definition of "personal information" within U.S. state data breach notification laws has expanded to include things like login credentials, biometric information and health data. Emily Tabatabai, CIPP/E, CIPP/US, and Shea Leitch, CIPP/E, CIPP/US, write for Privacy Tracker about this trend.
More

Voting along party lines, the U.S. Federal Communications Commission voted 2-1 last Wednesday to halt data privacy measures that were slated to go into effect March 2. In this report for The Privacy Advisor, Jedidiah Bracy, CIPP, rounds up the latest news and reaction from dissenting commissioners from each agency, and exclusive insights from Davis Wright Tremaine Partner Christin McMeley, CIPP/US. 
More

A landmark case about metadata in Australia has challenged the scope of Australian privacy laws, overruled the privacy commissioner, and left practitioners with questions. Anna Johnston writes for Privacy Tracker about the case.
More

On February 4, the Cyberspace Administration of China issued draft measures are follow-on legislation to bring China one step closer to implementing a security review regime with respect to network products and services. Wei Fan, CIPP/C, CIPP/E, CIPP/G, CIPP/US, CIPM, CIPT, Jason Meng and Mark Zhang analyze the draft for Privacy Tracker.
More

All this month, Max Schrems is back in court in Dublin. Not content with bringing down Safe Harbor, Schrems is sticking to his guns and coming after standard contractual clauses and may even inadvertently demolish Privacy Shield. Jennifer Baker has the story in this exclusive for The Privacy Advisor.
More

The U.S. House of Representatives Judiciary Committee held a hearing last week on Section 702 of the Foreign Intelligence Surveillance Act. The Privacy Advisor's Angelique Carson, CIPP/US, was on hand to hear testimony that suggested, with caveats, that 702 be reauthorized.
More

US

The House Committee on Science, Space and Technology passed the NIST Cybersecurity Framework, Assessment, and Auditing Act of 2017, The Hill reports.
More

Federal Communications Commission Chairman Ajit Pai is planning to delay the implementation of the agency’s broadband privacy rules, Reuters reports.
More

ASIA PACIFIC

After an inquiry, Australian Privacy Commissioner Timothy Pilgrim has said that "agency-specific laws" can override the Privacy Act, giving the heads of agencies the ability to access and release public information, iTnews reports.
More

Acting NSW Privacy Commissioner Elizabeth Coombs has argued that the NSW Privacy Act should be amended so that her office has more authority to investigate complaints "as more state government duties are placed in private hands," iTnews reports.
More

EUROPE

A ruling from the Court of Justice of the EU is forcing the U.K. Home Office to delay the implementation of the Investigatory Powers Act, Ars Technica reports.
More

The European Parliament announced Civil Liberties MEPs voted for stronger safeguards and a shorter period of data retention within the EU entry-exit system.
More

In a blog post, 2 March, the U.K. Information Commissioner's Office released its first specific GDPR implementation guidance, focusing on consent, for public consultation.
More