In this week’s global legislative roundup, the European Parliament rejected the Council of the European Union’s latest consolidated text for the proposed Digital Services Act. Luxembourg’s National Commission for Data Protection launched its EU General Data Protection Regulation Certified Assurance Report-based Processing Activities certification criteria. The U.S. House Committee on Energy and Commerce's Subcommittee on Consumer Protection and Commerce is scheduled to hold a hearing on the bipartisan discussion draft for the American Data Privacy and Protection Act.
Latest news
European Parliament rejected the Council of the European Union's latest consolidated text for the proposed Digital Services Act, Euractiv reports. After Parliament and the council announced a provisional agreement on the DSA in April, provisions and language around content monitoring are causing the current strain between the two sides.
More
The European Data Protection Board published the agenda for its June plenary session, which includes several items related to international data transfers, including potential adoption of guidelines for using certifications as tools for transfers, and dialogue on the proposed Trans-Atlantic Data Privacy Framework and data transfers to Russia.
More
Hong Kong’s Privacy Commissioner for Personal Data Ada Chung removed 90% of social media posts deemed to be doxxing and issued 774 cessation notices between October 2021 and May 2022. The notices involved 14 social media platforms, 3,900 messages and six arrests.
More
Luxembourg’s National Commission for Data Protection is launching its EU General Data Protection Regulation Certified Assurance Report-based Processing Activities certification criteria. The CNPD said the program certifies an organization’s processing operations and offers “data controllers and subcontractors a high level of GDPR compliance.”
More
ICYMI
IAPP Managing Director, Washington, D.C., Cobun Zweifel-Keegan, CIPP/US, CIPM, unpacked proposed provisions in the discussion draft for the U.S. American Data Privacy and Protection Act, including which organizations would be expected to comply if the bill were to pass and how obligations under the draft differ based on an organization’s size or function.
More
IAPP Senior Westin Research Fellow Müge Fazlioglu, CIPP/E, CIPP/US, provided a window into the draft bill with a contextual look at some of its key provisions.
More
IAPP Staff Writer Joe Duball gathered reactions from the privacy community on the federal proposal.
More
The U.S. House Committee on Energy and Commerce's Subcommittee on Consumer Protection and Commerce will hold a hearing June 14 on the bipartisan discussion draft.
More
IAPP Staff Writer Jennifer Bryant reports the California Privacy Protection Agency board voted unanimously to launch the California Privacy Rights Act rulemaking process. A public comment period of at least 45 days will now commence.
More
Enforcement
The Danish data protection authority, Datatilsynet, launched a series of inspections at both public institutions and private companies focusing on breach notifications to data subjects. The inspections will determine whether notification letters to individuals in the event of a breach meet requirements of the EU GDPR.
More
The European Commission's Consumer Protection Cooperation Network, led by national consumer authorities, sent WhatsApp a letter with a second call for disclosures regarding its use of personal data. The CPC Network “was not convinced by the company’s clarifications on the concerns raised” in its response to the first call in January.
More
Authorities from France, Lithuania, the Netherlands and Poland, with support from the European Data Protection Board, are jointly investigating potential EU GDPR violations by Vinted, the parent company of Lithuanian clothing website Vinted.com.
More
France's data protection authority, the Commission nationale de l'informatique et des libertés, released a question-and-answer document related to an unidentified number of compliance notices issued to companies over data transfers carried out through Google Analytics.
More
Thailand Minister of Digital Economy and Society Chaiwut Thanakmanusorn clarified mass media outlets and the work it carries out is exempt from the Personal Data Protection Act.
More
Europe
The EU Data Governance Act was published in the Official Journal of the European Union June 3. The DGA, providing for increased access to public-sector data for the purpose of developing new products and services, enters into force June 23.
More
The EU’s proposed Artificial Intelligence Act has amassed thousands of potential amendments from each political group within European Parliament, with one of the most debated topics within the draft being the definition of AI, Euractiv reports.
More
US
The U.S. House Committee on Energy and Commerce's Subcommittee on Consumer Protection and Commerce will hold a hearing June 14 on the bipartisan discussion draft for the American Data Privacy and Protection Act.
More
The U.S. Chamber of Commerce came out against Congress moving forward with the proposed American Data Privacy and Protection Act, initially deeming the discussion draft “unworkable and should be rejected” before backpedaling on a rejection, CNBC reports.
More
Maryland enacted the Personal Information Protection Act, legislation aiming to protect Maryland consumers’ personal identifying information and ensure they are notified in the event it is compromised.
More
Minnesota passed a student privacy bill governing educational data, effective for the 2022-23 school year and beyond.
More
Privacy Operations Management
Denmark's data protection authority, Datatilsynet, published its assessment of a data exporter's role and responsibilities in the context of cross-border data transfers.
More
