In this week's Privacy Tracker global legislative roundup, members from Baker McKenzie wrap up an eight-part series of guidance notes on the Court of Justice of the European Union's "Schrems II" decision. Following the court's ruling, NOYB Founder Max Schrems announced he plans to challenge Facebook should it use any new legal basis for data transfers. The German Federal Court of Justice sided with Google in a pair of right-to-be-forgotten cases. In the U.S., Rhode Island–based Lifespan Health System Affiliated Covered Entity agreed to pay $1 million to the U.S. Department of Health and Human Services’ Office for Civil Rights to settle alleged violations of the Health Insurance Portability and Accountability Act Privacy and Security Rules. 

ICYMI

An eight-part series of guidance notes from Baker McKenzie on what the Court of Justice of the European Union’s “Schrems II” decision means for various stakeholders is available through the IAPP Resource Center.
More

ENFORCEMENT

In Canada, LifeLabs will comply with orders from the information and privacy commissioners of Ontario and British Columbia recommended in an investigation report of a 2019 data breach.
More

Denmark’s data protection authority, Datatilsynet, fined the Arp-Hansen Hotel Group DKK 1.1 million for failing to delete approximately 500,000 customer profiles in accordance with the company’s deletion deadlines.
More

France’s data protection authority, the Commission nationale de l’informatique et des libertés, released the accreditation requirements for monitoring bodies of its codes of conduct.
More

The French DPA also issued standards related to the health sector and patient data, as well as a guide to help navigate the new standards.
More

Japan’s Personal Information Protection Commission issued an order suspending operations of sites that publish personal information, saying it is a violation of the Personal Information Protection Law, Nikkei reports.
More

Spain’s data protection authority, the Agencia Española de Protección de Datos, adapted its guide on the use of cookies to meet the consent guidelines revised by the European Data Protection Board, with the new criteria to be implemented by Oct. 31.
More

Taiwan’s Digital Minister Audrey Tang said the country needs an agency dedicated to personal data protection before electronic identification cards are introduced next year, Taiwan News reports.
More

The U.K. Information Commissioner’s Office published guidance on the relationship between artificial intelligence and data protection, aiming to provide recommendations on best practices and technical measures organizations can use to limit data protection risks associated with AI deployments.
More

In the U.S., Rhode Island–based Lifespan Health System Affiliated Covered Entity agreed to pay $1 million to the U.S. Department of Health and Human Services’ Office for Civil Rights to settle alleged violations of the Health Insurance Portability and Accountability Act Privacy and Security Rules.
More

ASIA-PACIFIC

The Australian Competition & Consumer Commission announced proceedings with the Federal Court of Australia alleging Google misled users into providing consent for the use of their personal information.
More

During an online discussion on personal data in the digital age, Indonesian House of Representatives Commission I Member Muhammad Farhan said the Personal Data Protection Act is a priority in 2020.
More

Several Indian government entities urged the Joint Select Committee examining the Personal Data Protection Bill to consider exempting them from privacy legislation, The Indian Express reports.
More

During an online discussion on personal data in the digital age, Indonesian leaders said the Personal Data Protection Act is a priority this year.
More

Filipino President Rodrigo Duterte called for more stringent enforcement of privacy laws in the Philippines to discourage future data breaches and scams, Inquirer.net reports.
More

EUROPE

NOYB Founder Max Schrems plans to challenge Facebook should it use any new legal basis for data transfers following the Court of Justice of the European Union’s ruling on the EU-U.S. Privacy Shield agreement and standard contractual clauses.
More

Facebook filed lawsuits against EU antitrust regulators, saying they have requested information beyond the scope needed for their investigations into the tech company’s practices, the Financial Times reports.
More

The German Federal Court of Justice sided with Google in a pair of right-to-be-forgotten cases, DW reports.
More

US

A group of 13 U.S. senators asked that the Public Health Emergency Privacy Act be a part of the next stimulus package, ensuring all personal data collected during the pandemic is strictly used for combating COVID-19, CNET reports.
More

U.S. Sen. Josh Hawley, R-Mo., proposed the Behavioral Advertising Decisions Are Downgrading Services Act, a bill that would require web publishers to stop targeted advertisements, MediaPost reports.
More

The Electronic Frontier Foundation announced it does not have a favorable view of the California Privacy Rights Act ballot initiative, calling it “a mixed bag of partial steps backwards and forwards.”
More

Robinson & Cole Associate Kathryn Rattigan, CIPP/US, wrote for the National Law Review on Massachusetts’ Ballot Question 1, which pertains to the potential addition of required open data platforms for vehicles starting in 2022.
More

A study on the issue of internet data privacy will be completed in Oklahoma by Oct. 29, announced U.S. Reps. Josh West, R-Grove, and Collin Walke, D-Oklahoma City, KOKH reports.
More

The Texas Attorney General’s office is probing Facebook over violations of the Texas Deceptive Trade Practices — Consumer Protection Act, Axios reports.
More