In this week’s global legislative roundup, the Federal Court of Canada sided with the Office of the Privacy Commissioner on an investigation of alleged Personal Information Protection and Electronic Documents Act violations against Google. Israeli law enforcement supported a bill to allow facial recognition technology in public spaces. In the U.S., Colorado officially enacted the Colorado Privacy Act, New York City’s biometric data protection law entered into force, and a proposal to ban use of facial and biometric recognition technology in federal-funded public housing was introduced.

LATEST NEWS

Brazil's data protection authority, the Autoridade Nacional de Proteção de Dados, published an ordinance introducing its regulatory process across units.
More

The Federal Court of Canada sided with the Office of the Privacy Commissioner of Canada over an individual's right to be forgotten and an investigation of alleged Personal Information Protection and Electronic Documents Act violations against Google.
More

Haaretz reports Israeli law enforcement threw its support behind a bill that would allow facial recognition technology in public spaces. The draft law would enable face matching with a police database and data sharing between agencies.
More

ICYMI

In the U.S., Colorado officially enacted the Colorado Privacy Act, becoming the third U.S. state to enact comprehensive privacy legislation. IAPP Westin Research Fellow Sarah Rippy breaks down the newly minted legislation, including a look at the bill's scope, exemptions and the consumer rights it gives citizens.
More

The IAPP created a chart comparing the comprehensive data privacy laws in California, Virginia and Colorado, providing an overview of each law’s requirements and highlighting their similarities and differences.
More

Italy's DPA, the Garante, published its 2020 Activity Report, covering how the agency handled the COVID-19 pandemic as well as its case involving TikTok.
More

The Netherlands' DPA, Autoriteit Persoonsgegevens, fined the Employee Insurance Agency 450,000 euros for insufficient safeguards for the agency's messaging platform.
More

The U.K. Information Commissioner's Office issued a 25,000 GBP fine to U.K.-based charity Mermaids for an email-related data breach.
More

The U.K. Information Commissioner's Office also published its annual report for 2020-2021. Information Commissioner Elizabeth Denham said the ICO's response to the challenges of the past year produced "what I believe is this office’s most significant body of work."
More

Politico reports the chief of staff for U.S. Federal Trade Commission Chair Lina Khan ordered the agency's staff to cancel their public appearances as the "under-resourced" agency faces "an all-hands-on-deck moment."
More

ASIA-PACIFIC

The New Zealand government implemented a legislative framework granting citizens a new consumer data right. Citizens will have the ability to share their data with third parties via standardized data formats and interfaces.
More 

EUROPE

In Germany, the Schleswig-Holstein Higher Regional Court ruled an account holder at a private credit bureau has a right to deletion under Article 17 of the EU General Data Protection Regulation.
More

The U.K. government published its "Plan for Digital Regulation," which outlines how the country will govern technology.
More

LATIN AMERICA

Brazil's Chamber of Deputies approved urgency rules for a bill establishing principles on the use of artificial intelligence.
More

US

U.S. Reps. Yvette Clarke, D-N.Y., Rashida Tlaib, D-Mich. and Ayanna Pressley, D-Mass., reintroduced the "No Biometric Barriers to Housing Act of 2021." The proposed bill would ban the use of facial and biometric recognition technology in "most federally funded public housing" and would require the Department of Housing and Urban Development to submit a report to Congress on the tech's impact on the public housing sector and its tenants.
More

GUIDANCE

France's DPA, the Commission nationale de l’informatique et des libertés, offered its opinion on the European Commission's proposal for regulating artificial intelligence, calling for clarification on what is permitted under the framework and seeking clarity on how the regulation interacts with the EU GDPR.
More