In this week’s Privacy Tracker legislative roundup, read about Indonesia’s draft regulation on personal data protection; Malaysia’s consultation paper on draft standards for data security, retention and integrity, and a draft bill in Brazil that would require the retention of Internet users’ data for three years. In the U.S., a state lawmaker is seeking the expansion of Pennsylvania’s DNA-collection law, and a California bill that seeks to modernize state privacy laws as cleared a hurdle in the Assembly. And in case you missed it, read about the EU’s trilogue process in an exclusive from Olivier Proust, CIPP/E.

LATEST NEWS

The Brazilian Senate has approved a draft bill that requires the retention of Internet users’ data for three years for law enforcement purposes, Telecompaper reports, noting the bill will now go to the House of Representatives.

Indonesia’s government has published the Draft Regulation of the Minister of Communication and Information of the Protection of Personal Data in Electronic Systems, which “addresses the protection of personal data collected by a variety of government agencies (and) enumerates the rights of those whose personal data is collected and the obligations of users of Information Communication Technology,” Hunton & Williams’ Privacy and Information Security Law Blog report.

Malaysia’s Personal Data Protection Commission has published its “Public Consultation Paper No.1/2015” for feedback on draft standards that relate to data security, data retention and data integrity, Privacy This Week reports.

A California bill aimed at modernizing state privacy laws to keep in step with advances in technology has “cleared a hurdle in the state’s assembly,” Law 360 reports.

Pennsylvania Sen. Dominic Pileggi (R-Delaware County) wants to expand the state’s DNA-collection law, Pennsylvania Independent reports, noting Pileggi is “arguing police could stop repeat offenders if the authorities didn’t have to wait for a conviction before swabbing a suspect, as current law requires.”

ICYMI

Olivier Proust, CIPP/E, of counsel at Fieldfisher, explains the EU’s trilogue process in layman's terms in this Privacy Tracker post.

U.S.

A "sharply divided" Federal Communications Commission has issued its Telephone Consumer Protection Act (TCPA) Declaratory Ruling and Order with "a range of new statutory and policy pronouncements that have broad implications for businesses of all types that call or text consumers for informational or telemarketing purposes," Laura Phillips and Eduardo Guzman of Drinker Biddle & Reath write for the firm's TCPA Blog.

The House of Representatives passed the 21st Century Cures bill, which "contains a controversial provision calling for significant changes to the HIPAA Privacy Rule," by a vote of 344 to 77, Gov Info Security reports.

Sens. Steve Daines (R-MT) and Richard Blumenthal (D-CT) have introduced the Safe Kids Act, aimed at restricting the sale and use of student data by education-technology companies, The Hill reports, noting the bill is similar to one introduced in May by Sens. Orrin Hatch (R-UT) and Ed Markey (D-MA).

Beth Israel Deaconess CIO John Halamka and Office for Civil Rights Deputy Director for Health Information Privacy Deven McGraw write that HIPAAis neither as antique nor as cumbersome a regulation as recent critiques make it out be, FierceHealthIT reports.

The Federal Trade Commission’s case against Nomi Technologies is based on presumption, George Mason University School of Law's James Cooper writes for The Hill.

Nine House Democrats have unveiled the Recover Act, a bill that would provide "lifetime identify-theft monitoring" for victims of the Office of Personnel Management breaches, as a companion to a bill from Sen. Ben Cardin (D-MD), The Hill reports.

Massachusetts-based St. Elizabeth's Medical Center has entered into a $218,400 settlement with the Department of Health and Human Services for failing to comply with HIPAA, The Boston Globe reports.

Google users were blocked for a fourth time from suing the company by a judge who indicated their claims of breach of personal privacy could not be proven, Bloomberg Business reports.

The Information Technology and Innovation Foundation is calling on Congress to ban revenge porn, recommending Congress pass legislation like the bill Rep. Jackie Speier (D-CA) will release July 23, The Hill reports.

Filmmaker Laura Poitras is suing the U.S. government after receiving no response to her Freedom of Information Act requests for documents pertaining to the government's targeting of Poitras at airports, The Intercept reports.

Seattle’s law requiring garbage collectors to look through trash to determine that no more than 10 percent is recyclables or food has sparked a privacy lawsuit, KiroTV reports.

AFRICA

Kenya Communications Authority's Francis Wangusi has announced a new set of regulations to fight cyber crime, Ars Technica reports.

ASIA-PACIFIC

The Office of the Australian Information Commissioner released its Guide to Privacy Regulatory Action.

CANADA

In an op-ed for The Tyee, Scott Sinclair discusses the forthcoming Trans-Pacific Partnership and its impact on BC privacy laws.

EU

The Register reports that negotiators involved in the second round of trilogue negotiations on the General Data Protection Regulation have said progress was made.

Germany’s Bundesrat has passed legislation to improve IT security, SC Magazine reports.

The UK High Court has struck down a key provision in the Data Retention and Investigatory Powers Act that required communications providers to retain customer data in case intelligence services needed to investigate crimes, finding the law did not include enough privacy or data-protection safeguards, Politico reports.