In this week's Privacy Tracker legislative roundup, the European Commission announced it has reached a "reciprocal adequacy" agreement with Japan and has also adopted a "Communication outlining the ongoing work on the preparation for all outcomes of the United Kingdom's withdrawal from the European Union." India’s Telecom Regulatory Authority called the existing framework for personal data protection by companies and service providers insufficient. In the U.S., the Federal Trade Commission voiced a need for expanded authority in data protection and privacy, and the Solicitor General asked the Supreme Court to vacate a deal that allows Google to donate damages to charity.
LATEST NEWS
Citing the EU General Data Protection Regulation, a Cypriot woman successfully applied for and was granted the ability to remove her religious affiliation from state records, Neos Kosmos reports.
More
Speaking to the U.S. House Energy and Commerce Committee's digital commerce and consumer protection subcommittee, Federal Trade Commission Chairman Joseph Simons said the agency is seeking additional authority from Congress in the privacy and data security area, HealthITSecurity reports.
More
The U.S. Solicitor General asked the Supreme Court to vacate a deal that allows Google to settle a class-action privacy lawsuit by donating $5.3 million to nonprofits, arguing that companies shouldn't be able to resolve class-actions by making donations to charity unless trial judges have conducted a "rigorous" scrutiny of the deal, MediaPost reports.
More
U.S. House Republicans introduced a bill to provide the Department of Homeland Security and Justice authority to protect buildings and people from threatening unmanned aerial vehicles, Air Transport World reports.
More
Illinois Gov. Bruce Rauner vetoed a bill that would end the state's participation in the Interstate Voter Registration Crosscheck Program, which has been criticized by some for being inaccurate and vulnerable to cyberattacks, the Plainview Daily Herald reports.
More
The Massachusetts Senate unanimously approved a bill that would empower the Department of Telecommunications and Cable to act as a watchdog over internet service providers doing business in Massachusetts, the Greenfield Recorder reports.
More
The New York City Council voted unanimously to restrict Airbnb and other online home rental services by requiring New York City hosts to register information with the Office of Special Enforcement, The New York Times reports.
More
ICYMI
Lithuania's new data protection law, the Law on Legal Protection of Personal Data, is now in effect. Natalija Bitiukova, CIPP/E, writes for Privacy Tracker that the law "consists of 35 articles, is fairly concise, and mostly aimed at particularizing the powers of the supervisory authorities."
More
The High Court of England and Wales handed down judgment in joined cases addressing the scope of a person's right to have results about them delisted by Google when no longer relevant, in line with the 2014 Google Spain case.
More
In this Privacy Tracker post, Filiz Toprak Esin and Asena Aytuğ Keser of Gün + Partners write about how he Turkish Data Protection Act will work together with the Criminal Code in terms of criminal liability for data protection violations.
More
US
The Centers for Medicare and Medicaid Services proposed a new rule aimed at streamlining the reimbursement process for telehealth services, GovInfoSecurity reports.
More
More than 50 civil liberties organizations and tech companies have called on Congress to ensure the passage of the Email Privacy Act as part of a defense-spending package, ZDNet reports
More
The U.S. Food and Drug Administration has issued new guidance for organizations using electronic health record data for FDA-regulated clinical trials, GovInfoSecurity reports.
More
The Reform Government Surveillance coalition, a group of technology companies, including Apple, Facebook, Google, Microsoft and Twitter, wants the U.S. Senate "to act promptly on the nominations of Adam Klein, Ed Felten, and Jane Nitze to be members of the Privacy and Civil Liberties Oversight Board." The nominations are now ready for consideration by the full Senate.
More
A new law signed by California Gov. Jerry Brown requires people and organizations that have California voter registration data to report security breaches affecting the storage of that information, The Associated Press reports.
More
ASIA-PACIFIC
Singapore’s Personal Data Protection Commission now lists 17 enforcement cases for the first half of 2018. In 2017, the PDPC listed 19 enforcement actions for the entire year.
More
The Telecom Regulatory Authority of India called the existing framework for personal data protection by companies and service providers insufficient and recommended stricter rules be set in place to thwart data breaches, Reuters reports.
More
CANADA
In a news release, the Office of the Privacy Commissioner of Canada announced New Zealand–based social network and search engine startup Profile Engine violated Canadian privacy law when it scraped public profiles of approximately 4.5 million Canadians for reuse on its own site.
More
Canada’s Supreme Court ruled British Columbia does not have to provide health care records to tobacco company Philip Morris International, CBC News reports. While Philip Morris argued it needed access to individuals’ health data to defend itself in court, Justice Russell Brown wrote that the data it sought contained private information that the province was obligated to protect.
More
EUROPE
In what it is describing as "the world's largest area of safe data flows," the European Commission announced it has reached a "reciprocal adequacy" agreement with Japan. Both sides have "agreed to recognise each other's data protection systems as 'equivalent,' which will allow data to flow safely between the EU and Japan." The Commission is planning to adopt the adequacy decision "in autumn this year."
More
In a post on its new website, the European Data Protection Board, which was formerly the Article 29 Working Party — a collection of the EU's data protection authorities — has offered an update to its cross-border cooperation and consistency procedures.
More
In a news release, the European Commission said it has adopted a "Communication outlining the ongoing work on the preparation for all outcomes of the United Kingdom's withdrawal from the European Union."
More
Google was fined $5.1 billion by the European Union for antitrust practices involving its Android operating system, "a move that underscores Europe's willingness to issue steep financial penalties for bad behavior," AdExchanger reports.
More
Brave, a privacy-enhancing browser, has written to all 28 European Union member states urging them not to remove the Article 10 provision on privacy by design and by default from the pending ePrivacy Regulation.
More
France's data protection authority, the CNIL, has announced it has closed a formal notice procedure placed on a connected toy company. Last November, after it was alerted by a consumer association about a lack of security protections in two connected toys, the CNIL sent a questionnaire to Hong Kong–based Genesis Industries Limited, as well as a request to conduct online inspections.
More
The U.K. Information Commissioner's Office has released its annual report for 2017–18.
More
The U.K. Information Commissioner’s Office fined the Independent Inquiry into Child Sexual Abuse 200,000 GBP for sending a bulk email that identified possible victims of non-recent child sexual abuse.
More
Sir Cliff Richard, a musician, has won his privacy case against the BBC for its coverage of a police raid on his home. The U.K. High Court awarded Richard 210,000 GBP.
More