In this week's Privacy Tracker global legislative roundup, read about recent legislative efforts in the U.S. to introduce state and federal privacy laws. Advocate-General Maciej Szpunar delivered his non-binding opinion to the Court of Justice of the European Union, advising that court should rule in favor of limiting the scope of the right to be forgotten. In India, both the DNA Technology (Use and Application) Regulation Bill, 2018, and the Aadhaar and Other Laws (Amendment) Bill, 2018, were introduced.
LATEST NEWS
A digital rights group in Nigeria called for the immediate suspension of the enforcement of National Identification Number, urging the National Identity Management Commission to end its mandatory registration until the country enacts a data protection law, Business Insider by Pulse reports.
More
The California Supreme Court denied a police union's petition to a state law that opens police records to the public, easing police privacy laws, Reuters reports.
More
Massachusetts Gov. Charlie Baker signed a new law requiring free "security freezes" and monitoring after data breaches, MassLive reports.
More
Proposed legislation in New Mexico would give state consumers more control over personal information that is bought and sold by businesses, the Albuquerque Journal reports.
More
A state lawmaker in Utah introduced a bill that would create a digital privacy law, providing protection for emails, messages and other online data, FOX 13 News reports.
More
ICYMI
In this Privacy Tracker post, Veronica Scott and Susan Kantor write about Australia’s newly passed Telecommunications and Other Amendments (Assistance and Access) Act, 2018, how it will work, and the ways it will affect tech companies in Australian and beyond.
More
In an article for The Privacy Advisor, Amber Welch, CIPP/E, reports on Australia’s recently passed Telecommunications and Other Legislation Amendment (Assistance and Access) Bill 2018 and its impact on privacy worldwide.
More
In this Privacy Tracker post, Karsten Holt, CIPP/E, CIPM, CIPT, FIP, writes about the Danish Data Protection Act, including provisions where the law extends to areas not covered by the GDPR and its treatment of derogations.
More
In this Privacy Tracker post, Rosa Barcelo and Matthew Buckwell write on the newly published European Electronic Communications Code, offering insight into the new obligations and which service providers are subject to the new rules.
More
In an article for The Privacy Advisor, Gabor Gerencser, CIPP/E, looks at Japan’s long road to adequacy under the EU General Data Protection Regulation and adds that any finalization on the matter is unlikely before the end of 2018.
More
In this Privacy Tracker post, IAPP Westin Research Fellow Mitchell Noordyke, CIPP/E, CIPP/US, writes about the complaint filed by the office of the Los Angeles City Attorney against the Weather Channel, saying, "The complaint is notable because every state has its own version of unfair and deceptive acts and practices statute, and it creates a blueprint for authorities in other states to follow."
More
Spain's law on the Protection of Personal Data and the Guarantee of Digital Rights brings the national data protection regime in line with the EU General Data Protection Regulation, and, as Miguel Recio writes in this Privacy Tracker blog post, "guarantees the digital rights of citizens and employees, beyond the GDPR."
More
In an interview with IAPP Publications Editor Jedidiah Bracy, CIPP, for The Privacy Advisory, U.S. Sen. Maggie Hassan, D-N.H., a co-sponsor of the Data Care Act, a bill that would provide the U.S. Federal Trade Commission with rule-making authority and impose fiduciary-like standards — duty of care, loyalty and confidentiality — on organizations collecting personal data.
More
US
A news release from Idaho’s Attorney General’s Office shows that Neiman Marcus has agreed to pay $1.5 million to those who may have had personal information stolen in a 2013 data breach, settling an investigation launched by 43 states and the District of Columbia, the Idaho Press reports.
More
Michael Feuer, the city attorney of Los Angeles, filed a lawsuit accusing the Weather Channel app of deceptive practices by collecting, sharing and profiting from users’ location data, The New York Times reports.
More
New York City Council Member Ritchie Torres has introduced legislation that would require businesses that use facial-recognition technology to be more transparent about its use, Fast Company reports.
More
Health Data Management reports that the new cybersecurity best practices out of the U.S. Department of Health and Human Services are not only helpful for provider organizations, but they are also likely to become the de facto standard industry-wide.
More
The U.S. National Institute of Standards and Technology has published its latest revision to its “Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy.”
More
U.S. Deputy Attorney General Rod Rosenstein announced criminal charges against two computer hackers who are alleged to have an association with the Chinese intelligence service known as the Ministry of State Security.
More
Highlighting numerous bipartisan efforts to develop U.S. federal privacy legislation, Cameron Kerry writes in an article for the Brookings Institution that there may be a “brief window” for federal legislation to take shape in the new Congress.
More
The Hill reports Bill Gates has become the latest tech figure to call for a federal U.S. privacy law.
More
The Association of National Advertisers wants the U.S. Federal Trade Commission to push for a federal U.S. privacy law, MediaPost reports
More
The Electronic Frontier Foundation reports it joined an amicus curiae brief, urging the Court of Appeals for the 9th Circuit to interpret Illinois’ Biometric Information Privacy Act in a way that ensures strong biometric privacy protections are upheld.
More
ASIA-PACIFIC
ZDNet reports that the Australian government has published initial guidelines governing the upcoming Consumer Data Right.
More
India’s Science and Technology Minister Harsh Vardhan introduced the DNA Technology (Use and Application) Regulation Bill, 2018, to the Lower House, BloombergQuint reports.
More
In an article for The Wire, Vrinda Bhandari reports that in India, the Aadhaar and Other Laws (Amendment) Bill, 2018, was introduced despite not having passed a data protection bill.
More
Reports show that that the Personal Data Protection Bill, 2018 is likely to be introduced in India after general elections finish in June, Analytics India reports.
More
In what is regarded as the first enforcement against a foreign technology group after Vietnam enacted its new cybersecurity law, the Authority of Broadcasting and Electronic Information has accused Facebook of violating the law for failing to manage online content, advertising and tax liabilities, the Financial Times reports.
More
CANADA
The Office of the Privacy Commissioner of Canada has published guidance designed to assist cannabis retailers and customers in understanding their rights under the Personal Information Protection and Electronic Documents Act.
More
EUROPE
Hunton Andrews Kurth’s Privacy & Information Security Law Blog looks at the Austrian data protection authority’s decision to dismiss a complaint raised by an individual about an Austrian newspaper’s online cookie consent options.
More
Fortune reports that in his non-binding opinion to the Court of Justice of the European Union, Advocate-General Maciej Szpunar said that in the legal case between Google and French data protection authority, the CNIL, the court should rule in favor of limiting the scope of the right to be forgotten.
More
Court of Justice of the European Union Advocate General Michal Bobek released a non-binding opinion on a case brought forth by German consumer advocates, Courthouse News Service reports.
More
The European Commission released a report on whether safeguards for automated decision-making are adequate for data transfers under the EU-U.S. Privacy Shield agreement.
More
The European Commission’s High-Level Expert Group on Artificial Intelligence released a draft of its ethics guidelines for trustworthy AI.
More
The European Commission published its second review of the EU-U.S. Privacy Shield.
More
France’s data protection authority, the CNIL, has fined Uber 400,000 euros for its 2016 data breach.
More
German officials have called for a tightening of data security laws after a data breach exposed documents belonging to hundreds of politicians, Reuters reports.
More
The U.K. Information Commissioner’s Office has updated its guidance on data protection impact assessments in response to an opinion released by the European Data Protection Board.
More
A district judge fined Cambridge Analytica’s parent company, SCL Elections, 15,000 GBP for failing to respond to an enforcement notice from the U.K. Information Commissioner’s Office, the Guardian reports.
More