After months of contentious debate, Australia has passed its data retention law. Meanwhile, the Dutch justice minister to the Parliament has told communications providers that nation’s retention law no longer applies to them. Also in this week’s Privacy Tracker roundup, read about movement on U.S. bills including the Driver Privacy Act, Arkansas’ Personal Rights Protection Act, California’s CalECPA and Maine’s drone privacy bills. Also read about a surprising move by Virginia’s governor to change a legislature-approved license-plate reader bill and New Mexico’s failure to pass a breach notification bill.
LATEST NEWS
The U.S. Senate Committee on Commerce, Science and Transportation unanimously approved the Driver Privacy Act, which would give ownership of data from vehicle event data recorders to the owner of the vehicle.
Reps. Robert Hurt (R-VA) and Collin Peterson (D-MN) introduced the Healthcare Consumer Privacy Act, which will enable individuals to remove their profiles from the federal healthcare website, HealthCare.gov.
Covington Burling’s Inside Privacy provides an analysis of the Do Not Track Kids Act of 2015.
The Arkansas Senate has passed the Personal Rights Protection Act, requiring photographers to get written consent to use photographs of strangers with some exceptions for advertisements and newsworthy photos, among others, reports PetaPixel.
CalECPA has passed the Senate Public Safety Committee in a 6-1 vote, reports Ars Technica.
Portland Press Herald reports the Maine legislature is considering two drone privacy bills—one to limit law enforcement use of drones and another that would ban anyone from flying a drone over private property without permission.
Advocates and opponents of a New Hampshire student privacy bill debated its merits in the House, reports the Associated Press.
Albuquerque Journal reports, New Mexico’s Senate Judiciary Committee failed to pass a data breach notification bill, one of three U.S. states that currently don’t have one in place.
Virginia Gov. Terry McAuliffe has amended a license-plate reader data retention bill, upping the retention period from seven days to 60 days, after it had already passed both houses, sending it back to legislators, reports Ars Technica.
The Wisconsin Assembly passed a bill that would make it illegal to track an individual using GPS without consent, reports the Associated Press.
ICYMI
Todd Walls, CIPP/G, CIPM, offers an analysis of the Freedom of Information Act and the Privacy Act, including tips on responding to requests as well as an accompanying comparison chart in the IAPP Resource Center.
U.S.
Angelique Carson, CIPP/US, reports on the Federal Communications Commission’s reclassification of broadband providers to be considered "common carriers" and the two lawsuits aimed at blocking itin this exclusive for The Privacy Advisor.
The House Energy and Commerce Subcommittee on Trade has approved a data security and breach notification bill that would require businesses to maintain reasonable security practices and notify consumers within 30 days of a breach, The Hill reports.
In a piece for Future Tense,Laura Moy, senior policy counsel for New America's Open Technology Institute, discusses a threat posed by the Data Security and Breach Notification Act of 2015.
In an opinion piece for The Media Institute, Kurt Wimmer of Covington & Burling says the LEADS Act is the right bill to update the Electronic Communications Privacy Act.
Wired reports that “near mirror image” cybersecurity bills passed committees in both the House and Senate despite privacy concerns.
The Student Digital Privacy and Parental Rights Act was delayed out of concern it did not go far enough to protect students, Heartland reports.
The House Intelligence Committee's Rep. Adam Schiff (D-CA) says lawmakers will be moving soon on a bill to boost the public-private exchange of cybersecurity information, The Hill reports.
In this interview for The Privacy AdvisorOregon Attorney General Ellen Rosenblum talks about why she wants her state's data breach notification law strengthened.
The Washington Post reports federal officials are discussing ways to end a law that prohibits the Federal Trade Commission from regulating "common carriers."
CANADA
The Muse features a point-counterpoint by Michael Sullivan and Varsha Devika Carpen on the privacy implications of Bill C-51.
EU
In a hearing last week at the European Court of Justice, counsel for the European Commission conceded that the U.S. was under no legal obligation to comply with EU data protection standards, specifically under the EU-U.S. Safe Harbor Agreement, The Irish Times reports.
The Netherlands’ Upper House of Parliament is considering a draft law to require the reporting of breaches of personal data, Telecompaper reports, and several of the country's parties are in favor of the plan.
Telecompaper notes that a statement from the justice minister to Parliament states that Dutch communications providers are no longer subject to data retention requirements and can delete existing data.
The UK Court of Appeals has ruled that a group of claimants have the right to sue Google for bypassing the privacy settings on the Safari browser to install cookies to track clicks online, BBC News reports.
NCTM Studio Legale Associato Partner Rocco Panetta reports for The Privacy Advisor thatItaly's Data Protection Authority, the Garante, published the notice of the launch of a public consultation on the draft of the "code of conduct and professional practice applying to the processing of personal data carried out for commercial information purposes."
France's Data Protection Authority, the CNIL, has announced it "will grant a single decision (autorisation unique) to each group that adopted BCR(or francophone BCR)," meaning they will “no longer have to apply for each transfer outside of the European Union to be granted an authorisation."
ASIA PACIFIC
International Business Times reports on the passage of Australia's mandatory data retention plan