![Default Article Featured Image_laptop-newspaper-global-article-090623[95].jpg](https://images.contentstack.io/v3/assets/bltd4dd5b2d705252bc/blt61f52659e86e1227/64ff207a8606a815d1c86182/laptop-newspaper-global-article-090623[95].jpg?width=3840&quality=75&format=pjpg&auto=webp)
The EU Network and Information Security (NIS) Directive is on its way to a full plenary vote in Parliament after being approved by its internal market and consumer protection committee. EU data protection authorities are expected to meet next month to iron out a new data-transfer agreement with the U.S., and the IAPP has some practical insight on consent requirements under the agreed upon GDPR. Also in this week’s Privacy Tracker legislative round up, read about changes to Taiwan’s Personal Data Protection Law issued by its president, and U.S. state legislatures, once again, looking at drone and student privacy
LATEST NEWS
The European Parliament’s internal market and consumer protection committee has voted in favor of the EU Network and Information Security Directive and confirmed that member states would not have power to impose further security or notification requirements on digital service providers, reports Inside Privacy.
The president of Taiwan has issued an order to amend the country’s Personal Data Protection Law’s consent requirements, aligning them with other jurisdictions such as Hong Kong, reports Hunton & Williams’ Privacy and Information Security Law Blog.
U.S. Rep. Justin Amash, R-Mich., has introduced a bill that aims to repeal the Cybersecurity Act of 2015, reports Law360.
Two Colorado legislators intend to introduce a bi-partisan bill to explore student data collection in the state, reports 7News Denver.
The Ohio legislature is expected to debate this week a bill aimed at protecting the information of victims of domestic violence, reports The Columbus Dispatch.
The Vermont Senate has approved a bill that would require law enforcement to get a warrant before using a drone to collect evidence, reports WPTZ.
Two Washington state representatives have announced plans to introduce the Washington Cyber Crime Act, which recognizes new categories of cybercrime not currently covered under law, reports Government Technology.
ICYMI
In this third of a 10-part series, IAPP Westin Fellow Gabriel Maldoff, CIPP/US, examines the requirements for obtaining data subject consent in the General Data Protection Regulation.
Renato Moneiro writes in this post for Privacy Tracker about recent data protection law in Brazil — noting, "Never have those topics been so discussed in the country” — and offers a look ahead to 2016.
U.S.
A group of Montana lawmakers are championing a bill that makes the Department of Homeland Security's REAL ID passenger flight requirement a privacy issue, The Hill reports.
New York Assemblyman Matthew Titone, D-Staten Island, has reintroduced a bill that would ban the sale of smartphones capable of strong communications encryption, Ars Technica reports.
The National Labor Relations Board has ruled that grocer Whole Foods cannot prevent employees from recording conversations or taking photos in the workplace, The Huffington Post reports.
The Financial Times reports that Affinity Gaming is suing cybersecurity firm Trustwave for failing to contain a breach it hired it to stop, "opening a new avenue of liability around data breaches."
ASIA PACIFIC
A Turkish hacker has been sentenced to 334 years in prison for a phishing scheme involving credit card data, ZDNet reports.
CANADA
CBC News reports, Rogers Communications Inc. and Telus Corp. won a Charter of Rights challenge disputing "tower dump" police orders, which would have required them to produce records containing metadata for more than 40,000 customers.
EUROPE
European data protection authorities plan to meet early next month to discuss whether and how data transfers to the U.S. will proceed after the previous EU-U.S. Safe Harbor Agreement was invalidated by the European Court of Justice last year, Bloomberg Business reports.
The European Court of Human Rights ruled an employee's rights were not impinged after a Romanian engineer was fired when his employer checked his Yahoo Messenger, a decision that highlights the breadth of "bosses' ... huge powers to snoop," The Independent reports.
The UK’s Draft Investigatory Powers Bill received more than 100 responses during its public comment phase, including criticism from the Information Commissioner’s Office and the United Nations, V3.co.uk reports.