In this week’s global legislative roundup, Gov. Andrew Cuomo, D-N.Y., proposed privacy legislation, and a Washington Senate Committee held a public hearing on a third iteration of the Washington Privacy Act. In India, the final draft of the Personal Data Protection Bill, 2019 will likely be tabled during Parliament’s Budget session beginning Jan. 29. In the EU, the European Data Protection Board and European Data Protection Supervisor published their joint opinions on the European Commission’s Implementing Decision on standard contractual clauses.
LATEST NEWS
In the U.S., Gov. Andrew Cuomo, D-N.Y., proposed a privacy bill that would require companies to disclose their data collection practices and create a “Bill of Rights” to give residents increased data subject rights.
More
Also in the U.S., New York–based Excellus Health Plan will pay $5.1 million to settle potential violations of the Health Insurance Portability and Accountability Act Privacy and Security Rules related to a 2015 data breach that affected more than 9.3 million people.
More
The European Data Protection Board and European Data Protection Supervisor published their joint opinions on the European Commission's Implementing Decision on standard contractual clauses.
More
The German Federal Government passed a draft law adapting the country’s information technology laws to the increasing digitalization of products and services.
More
ICYMI
During a panel at the 2021 Consumer Electronics Show, privacy leaders from Twitter, Google and Amazon said they are “cautiously” optimistic over the prospects of omnibus privacy legislation coming from U.S. Congress in the coming years. IAPP Associate Editor Ryan Chiavetta, CIPP/US, has the details for The Privacy Advisor.
More
As part of a series for The Privacy Advisor examining the top operational impacts of the California Privacy Rights Act, IAPP Legal Extern Anna Daniels looks at two new rights under the legislation: the right to correct inaccurate personal information and the right to limit the use of “sensitive personal information.”
More
The Washington Senate Environment, Energy & Technology Committee held a public hearing on a third iteration of the Washington Privacy Act. IAPP Staff Writer Jennifer Bryant reports the details for The Privacy Advisor.
More
Also for The Privacy Advisor, IAPP Staff Writer Joe Duball breaks down Court of Justice of the European Union Advocate General Michal Bobek’s non-binding opinion supporting the future application of the EU General Data Protection Regulation's one-stop-shop mechanism.
More
ENFORCEMENT
The Danish data protection authority, Datatilsynet, highlighted areas of focus in 2021, including monitoring television surveillance and transferring personal data to third countries.
More
France's data protection authority, Commission nationale de l'informatique et des libertés, announced sanctions against the Ministry of the Interior for its unlawful deployment of drones to oversee and enforce "containment measures."
More
Germany's State Commissioner for Data Protection in Lower Saxony issued a 10.4 million euro fine to retailer notebooksbilliger.de for monitoring its employees over a two-year span without a legal basis.
More
The Irish Times reports Ireland's Data Protection Commission acknowledged in a pre-budget submission for 2021 that its work, including GDPR enforcement of multinationals, has been hampered by limited resources.
More
Poland's data protection authority, Urząd Ochrony Danych Osobowych, announced a PLN 1 million fine against ID Finance Poland for insufficient data security measures that led to a data breach.
More
Singapore’s government issued legislative provisions to limit the future use of COVID-19 contact-tracing data by law enforcement.
More
A motor industry employee has been sentenced following a prosecution by the U.K. Information Commissioner’s Office for conspiracy to secure unauthorized access to computer data and selling unlawfully obtained personal data.
More
The U.S. Department of Health and Human Services Office for Civil Rights announced it reached a settlement with Banner Health over alleged violations of the HIPAA Privacy Rule’s right of access standard.
More
The U.S. Federal Trade Commission reached a settlement with Flo Health over the data-sharing practices related to its women's health-tracking application.
More
The FTC also announced a settlement with California-based photo app developer Everalbum regarding alleged facial recognition misuse.
More
ASIA-PACIFIC
The final draft of India's Personal Data Protection Bill, 2019 will likely be tabled during the Budget session of Parliament beginning Jan. 29, the Economic Times reports.
More
Pakistani Minister for Science and Technology Chaudhry Fawad Hussain said his ministry is considering a federal privacy law, Dawn.com reports.
More
CANADA
Canada's Department of Justice announced the public consultation on the modernization of Canadian privacy law has been extended to Feb. 14.
More
EUROPE
Ireland's Data Protection Commission will proceed with a complaint challenging Facebook’s transborder data transfers, Reuters reports.
More
The Russian State Duma announced amendments to the Federal Law on Personal Data were adopted Dec. 23, 2020, and take effect March 1.
More
The U.K. High Court ruled against a mass surveillance practice, deeming it illegal for intelligence agencies to search large numbers of phones and computers under a single “general warrant.”
More
US
Walmart will pay a total of $10 million to approximately 21,677 Illinois employees to settle a 2019 lawsuit alleging the company used a palm screening device in violation of Illinois' Biometric Information Privacy Act, the Chicago Tribune reports.
More
Nearly 1.6 million Illinois Facebook users will each receive $350 as part of a $650 million settlement over alleged BIPA violations, the Chicago Tribune reports.
More
The Minnesota Legislature is considering a privacy bill, including “rights regarding personal data, data transparency obligations placed on businesses, private right of action created, and enforcement provided by the attorney general."
More
GUIDANCE
The European Data Protection Supervisor launched its Website Evidence Collector tool for privacy and data protection inspections on websites.
More
Spain's data protection authority, Agencia Española de Protección de Datos, released guidance on controls to implement for conducting audits of personal data processing that involve artificial intelligence components.
More