![Default Article Featured Image_laptop-newspaper-global-article-090623[95].jpg](https://images.contentstack.io/v3/assets/bltd4dd5b2d705252bc/blt61f52659e86e1227/64ff207a8606a815d1c86182/laptop-newspaper-global-article-090623[95].jpg?width=3840&quality=75&format=pjpg&auto=webp)
The GDPR continues to make headlines in privacy with questions over the DPO requirement, data transfers, consent and new guidance out from the European Data Protection Supervisor. Meanwhile, Singapore’s Personal Data Protection Commission has released guidance on the enforcement of its Personal Data Protection Act, the U.K. House of Commons passed the Investigatory Powers Bill, and Privacy Shield has been delayed some more. In the U.S., New York is considering two student privacy bills, while nine more states have passed them; North Carolina is considering exemptions from public records for police videos; and Santa Clara, California, has adopted rules for employing new surveillance technology. Read about all this and more in this week’s Privacy Tracker legislative roundup.Â
LATEST NEWS
Data Guidance reports on the Court of Justice of the European Union Advocate General’s opinion on “establishment” in the Amazon case.
The U.S. House Energy and Commerce Committee is moving forward with a mental health reform bill without provisions loosening privacy protections, reports The Hill.
Mercury News reports, Santa Clara County, California, has approved an ordinance that requires government agencies to put policies in place before acquiring or activating new surveillance technologies.
The New Hampshire Supreme Court is poised to determine whether personnel files can be made public in a case against a country attorney accused of sexual harassment and mismanaged funds, reports NH1.com.
New York is considering two student privacy bills, addressing cloud computing and the unauthorized release of PII, reports PogoWasRight.org.
North Carolina legislators are considering exempting law enforcement videos from public record, reports the Daily Journal.
ICYMI
In this Privacy Tracker post, Lokke Moerel uses three different scenarios as evidence that the data transfer regime for processors under the EU General Data Protection Regulation does not make sense.Â
The full panel of the 4th Circuit Court of Appeals ruled that a warrant is not necessary for law enforcement to obtain suspects’ cell-site location information from service providers. Federica De Santis, CIPP/E, writes for Privacy Tracker about the case and the implications it could have going forward.Â
In this first in a two-part series of Privacy Perspectives posts, DPO Network Europe Managing Director Gonca Dhont, CIPM, CIPP/E, answers frequently asked questions for organizations that need to hire a DPO and for professionals looking to find a new position.
In this exclusive for The Privacy Advisor, David Meyer looks at how German companies have adapted to the DPO requirement, offering insight for companies that will be required to appoint a DPO under the GDPR.
Joke Bodewits of Hogan Lovells writes for Privacy Tracker about the new data breach notification law in the Netherlands.
U.S.
Sen. Mike Lee, R-Utah, released a statement announcing the Email Privacy Act has been delayed after it was pulled from the Senate Judiciary Committee’s markup agenda.
Nine more states adopt education privacy protections PBS Newshour reports, nine more states adopted new student data privacy regulations in 2016.
Practice Fusion settled with the FTC over claims it mislead customers by asking for reviews of its doctors without telling customers the reviews would be made public.
ASIA PACIFIC
Singapore’s Personal Data Protection Commission has released guidance for enforcement of the Personal Data Protection Act, Out-Law.com reports.
EUROPE
Official approval of the EU-U.S. Privacy Shield will be put on hold as national representatives wait on updated text of the agreement from the European Commission, Ars Technica reports.
The U.K. House of Commons passed the controversial Investigatory Powers Bill with a 444-69 vote, Reuters reports. The bill now moves to the upper house of Parliament, the House of Lords.
While the fines are relatively small, the Hamburg DPA fined three companies for illegal data transfer, signaling that the post-Safe Harbor honeymoon may be over, De Lege Data reports.
European Data Protection Supervisor Giovanni Buttarelli announced a new accountability initiative to help EU bodies transition to the General Data Protection Regulation.
In a blog post for Fieldfisher, Phil Lee, CIPM, CIPP/E, explains the differences between “unambiguous” and “explicit” user consent under the General Data Protection Regulation.