In this week’s global legislative roundup, the U.K has plans to reform its data protection law, and a potential replacement for the EU-U.S. Privacy Shield agreement was discussed. In the U.S., consumer data privacy legislation passed the House of Representatives in Florida, Rep. Suzan DelBene, D-Wash., reintroduced her proposed federal privacy law, and Illinois advanced a bill to revisit the state’s Biometric Information Privacy Act. And Ecuador considered the potential framework for the country’s draft Organic Law on Protection of Personal Data.
LATEST NEWS
Digital Secretary Oliver Dowden said the U.K. plans to reform data protection law, taking a “slightly less European approach as set out in (the EU General Data Protection Regulation),” Reuters reports.
More
A lawsuit against Google for allegedly collecting user data even in “private browsing mode” is moving forward after a U.S. district judge in California denied a motion to dismiss.
More
ICYMI
In this piece for the Privacy Advisor, the IAPP’s Jennifer Bryant, Joe Duball and Ryan Chiavetta, CIPP/US, had the details on a series of virtual events discussing a potential replacement for the EU-U.S. Privacy Shield agreement.
More
Also for the Privacy Advisor, IAPP Legal Research Fellow Cathy Cosgrove looked at how enforcement and potential penalties will be handled under the California Privacy Rights Act, which includes a private right of action and civil enforcement by the attorney general.
More
Florida’s House Bill 969 concerning consumer data privacy passed the House of Representatives’ Regulatory Reform Subcommittee by a unanimous 18-0 vote. IAPP Staff Writer Joe Duball had details for The Privacy Advisor.
More
In this Privacy Perspectives piece, Maersk Data Privacy Compliance Officer Petruta Pirvan, CIPP/E, CIPP/US, CIPM, broke down the relationship international organizations have with the EU GDPR.
More
ENFORCEMENT
Italy’s data protection authority, the Garante, issued a 300,000 euro fine to the office of Italy’s public retirement system, Istituto Nazionale della Previdenza Sociale, for violating the EU GDPR.
More
Spain’s DPA, the Agencia Española de Protección de Datos, issued 8.15 million euros in GDPR fines to Vodafone related to various privacy complaints, Spain’s News reports.
More
In the U.S., BBB National Programs’ Digital Advertising Accountability Program and Children’s Advertising Review Unit worked to bring gaming website and application publisher Azerion into compliance with the Digital Advertising Alliance Principles and CARU’s Advertising Guidelines.
More
U.S. President Joe Biden nominated Columbia Law School Professor Lina Khan to the Federal Trade Commission, Politico reports.
More
LATIN AMERICA
Ecuador’s Sovereignty, Integration and International Relations Commission held a pair of hearings on the potential framework for the country’s draft Organic Law on Protection of Personal Data.
More
US
U.S. Rep. Suzan DelBene, D-Wash., reintroduced her proposed federal privacy law, the Information Transparency and Personal Data Control Act, CNBC reports.
More
The U.S. Chamber of Commerce put its support behind DelBene’s proposal, according to Squire Patton Boggs’ Consumer Privacy World.
More
The U.S. Department of Health and Human Services’ Office for Civil Rights announced the public comment period for proposed changes to the Health Insurance Portability and Accountability Act Privacy Rule received a 45-day extension to May 6.
More
The Arizona Supreme Court ruled warehouse store chain Costco can face a lawsuit over alleged privacy violations, the first time the state’s highest court decided lawsuits can move forward under state law for violations of the U.S. Health Insurance Portability and Accountability Act.
More
Illinois’ House Judiciary Committee advanced a bill to revisit the state’s Biometric Information Privacy Act, Quad-City Times reports.
More
GUIDANCE
The European Data Protection Board published the statement it adopted on the proposed ePrivacy Regulation.
More
The EDPB also released the second version of its guidelines on “processing personal data in the context of connected vehicles and mobility related applications” and published the second version of its guidelines on “relevant and reasoned objection under” the EU GDPR.
More
The European Data Protection Supervisor published its opinion on the Proposal for the Network and Information Systems 2.0 Directive, which is part of the European Union’s Cybersecurity Strategy.
More
The EDPB and EDPS adopted a joint opinion on the proposed Data Governance Act, acknowledging its “legitimate objective” to improve data-sharing conditions in the internal market.
More
