In this week's Privacy Tracker legislative roundup, read about the passage of the California Consumer Privacy Act of 2018 and why some are calling it a "historic step" for U.S. privacy law. Also in the U.S., the Supreme Court ruled on the side of privacy in Carpenter v. U.S. and South Dakota's breach notification law went into effect. In New Zealand, Facebook and Amazon Web Services have encouraged changes to the current draft update to the country's privacy law. Chile has joined other Latin American countries in including the right to protection of personal data into its constitution; Poland has a new employee monitoring law, and in Ireland, a bill was introduced to facilitate better data sharing between public entities.
LATEST NEWS
As New Zealand drafts a new privacy law, Facebook and Amazon Web Services are encouraging the committee to ensure any adoption of a new breach notification regime would be comparable with offshore schemes, Reseller News NZ reports.
More
The U.S. Senate Foreign Relations Committee will consider a number of nominations and five bills, one of which, the Cyber Diplomacy Act, would create a new top State Department cyber official.
More
A South Dakota data breach law went into effect July 1 that will require entities to notify state residents within 60 days of a data breach discovery, with some exception, KDLT reports.
More
The office of the Vermont Attorney General T.J. Donovan announced a series of hearings to consider legislative proposals aimed at protecting the privacy of state residents.
More
ICYMI
In a last-minute action, just a few hours before a looming deadline Thursday afternoon, the California legislature passed AB 375, the California Consumer Privacy Act of 2018. As a result of its passage, Alastair Mactaggart, the man behind a November ballot initiative to pass a similar law, has agreed to pull his bill from the ballot. IAPP Content Director Sam Pfeifle has the details for The Privacy Advisor.
More
The Polish legislature has passed changes to the country's employment law to regulate the monitoring of employees in the workplace. The new law outlines rules around video surveillance and email monitoring and aims to bring the country in line with the EU General Data Protection Regulation. Marcin Lewoszewski and Maja Karczewska of Kobylańska & Lewoszewski Kancelaria Prawna offer an analysis of the law in this Privacy Tracker blog.
More
In a groundbreaking decision, the U.S. Supreme Court in Carpenter v. United States held in a 5-4 ruling that the Fourth Amendment to the U.S. Constitution requires the government to obtain a warrant — and not merely a subpoena under the Stored Communications Act — to acquire cell site location information held by a wireless communications company about its customer. In so doing, the court acknowledged privacy interests in a cellphone’s persistent and constant generation of location data and found that such interests are not waived by involuntarily sharing that data with the wireless company. IAPP Research Director and DPO Rita Heimes, CIPP/E, CIPP/US, CIPM, lays out the arguments for Privacy Tracker.
More
Chile has joined other Latin American countries, such as Colombia, Mexico and Ecuador, to include the right to protection of personal data into its constitution following the recent publishing of a new amendment. While Article 19 now ensures everyone’s personal data is protected, the bill designed to replace Chile’s current Data Protection Law needs to be approved in order for the constitutional right to have real powers rather than just a declaration of good intentions. Albagli Zaliasnik Head of IT & Data Protection Group Oscar Molina, CIPM, takes a look at the situation in this piece for Privacy Tracker.
More
US
Following requests made by both the U.S. Federal Trade Commission and the state of Nevada, a nonconsensual pornographic website has been ordered to be shut down permanently. The U.S. District Court for the District of Nevada ruled the operators of MyEx.com must also pay $2 million for violating federal and state laws for posting intimate images without consent, as well as individuals' names, addresses, employers and social media information.
More
Former Microsoft executive Rep. Suzan DelBene, D-Wash., drafted a new privacy bill, Broadcasting & Cable reports. The Online Transparency & Personal Data Control Act would apply to internet service and edge providers, requiring them to obtain consumer consent for the collection, storage and use of sensitive personal data.
More
After reaching a consent order with regulators from eight states, Equifax will now be required to implement stronger data security measures, the Los Angeles Times reports.
More
Former Chief Counsel for the U.S. Immigration and Customs Enforcement Office in Seattle Raphael Sanchez has been sentenced to four years in prison for stealing the personal information of immigrants, NPR reports.
More
A New York City bill aimed at regulating online rental services, like Airbnb, would require hosts to disclose the address of their listing and their identity to the city’s Office of Special Enforcement on a monthly basis, The New York Times reports.
More
CANADA
Privacy concerns are ramping up after Bill C-21 recently passed through the House of Commons of Canada, CBC News reports. Among the most pressing privacy concerns is the sharing of Canadian citizens’ information with the United States, including monitoring individuals who stay in the U.S. for more than 182 days a year for tax purposes.
More
An Ontario casino currently facing a class-action lawsuit over a 2016 data breach was ordered to release a computer forensics investigation report to plaintiffs, Canadian Underwriter reports.
More
EUROPE
A proposed EU bill would implement a single certification program for information and communication devices, such as connected cars and smart devices, Bloomberg BNA reports. The bill aims to create a single standard across all EU member states while also making the European Union Agency for Network and Information Security the permanent cybersecurity agency for the entire European Union.
More
Advocacy groups, such as Privacy International, Liberty and Open Rights Group, have joined forces with 60 nongovernmental organizations to file complaints across the EU asking governments to stop requiring companies to store communication data, Forbes reports.
More
The District Court of The Hague ruled the Dutch government does not need to make changes to the Intelligence and Security Act, NLTimes.nl reports.
More
France’s data protection authority, the CNIL, fined the Association for the Development of Homes 75,000 euros for insufficiently protecting user data.
More
Ireland introduced a bill to facilitate better data sharing between public entities, The Irish Times reports.
More