In this week’s Privacy Tracker legislative roundup, find an in-depth report on risk in the EU General Data Protection Regulation, plus learn why Hogan Lovells thinks the EU-U.S. Privacy Shield will withstand legal challenges. Also, read about the challenges of cross-border use of U.S. cloud services by Canadians and how industry groups continue to push back against Australia’s mandatory breach notification law. In the U.S., Colorado is considering a student privacy law some say would be the toughest in the nation, Georgia is set to adopt drone regulations, and Tennessee is about to be the first state to require breach notification even when the information is encrypted.
LATEST NEWS
The Colorado legislature is considering a student privacy law that would prohibit ed-tech companies from creating profiles on students, selling data or using it to target advertising, reports CBS Local.
Legislation to regulate drones in Georgia is headed to the governor for a signature, reports AJC.com.
The Nebraska Senate has passed a bill to establish workplace electronic privacy rules, reports Unicameral Update.
The Omaha legislature is debating an employee social media bill that would prohibit employers from requesting access to online accounts, reports Lincoln Journal Star.
ICYMI
IAPP Westin Fellow Gabriel Maldoff, CIPP/US, examines the EU General Data Protection Regulation's risk-based approach to data protection in this in-depth study.
Berkeley law professor Paul Schwartz writes for Privacy Perspectives about the “risk principle” is now enshrined in the EU’s General Data Protection Regulation, but adds it offers “two different approaches to the concept.”
Renato Leite Monteiro offers brief synopses of laws in Argentina, Brazil, Colombia, Costa Rica, Mexico, Peru, Uruguay and Venezuelafor Privacy Tracker.
“Canadian organizations considering using American cloud services should carefully consider how to ensure legal compliance and enforce contracts regarding comparable levels of protection,” writes Wael Hassan, founder of Ki Design, for Privacy Tracker.
Sen. Ron Wyden, D-Ore., has proposed a new five-pronged proposal the "New Compact for Privacy and Security in the Digital Age," Jedidiah Bracy, CIPP/E, CIPP/US, reports for The Privacy Advisor.
As indicated in early March, the U.S. Federal Communications Commission has adopted a Notice of Proposed Rulemaking that proposes the establishment of privacy guidelines for broadband Internet service providers.
U.S.
Law firm Hogan Lovells has released a 60-plus-page “Legal Analysis of the EU-U.S. Privacy Shield,” whereby the report’s authors assess the likelihood the Shield will withstand legal challenge by referencing jurisprudence of the Court of Justice of the European Union.
Georgia’s legislature passed a bill that both outlaws the use of weaponized drones and establishes a drone commission, The Atlanta Journal-Constitution reports.
Tennessee will be the first state in the nation requiring notification of any breach, regardless of whether the information is encrypted or not, The National Law Review reports.
Full Story
The Maryland Court of Special Appeals said in a legal opinion that state police must get a warrant before they can deploy Stingrays, and they also have to explain to the court exactly what the cell-simulator does and how it will be used, Ars Technica reports.
Gov. Mike Pence vetoed an Indiana bill allowing private university police departments to follow different standards than other police agencies for reporting crimes, The Observer reports.
ASIA PACIFIC
The Australian Industry Group believes that the Australian government’s mandatory data breach notification bill will create “unreasonable” responsibilities for small businesses, Delimiter reports.
CANADA
Canadian officials requested to meet with Information Commissioner Suzanne Legault in order to find "a mutually satisfactory resolution" to a constitutional challenge to a law that protected Mounties after they destroyed data, The Canadian Press reports.
EUROPE
In an emergency hearing, the Court of Justice of the European Union will discuss whether massive interception of communications data violates primary human rights, could have a major impact on both U.K. surveillance law and the upcoming “Brexit” vote, Lawyer Herald reports.