In this week's Privacy Tracker global legislative roundup, the U.S. Congress continued hearings on topics related to privacy. Canada revealed its first steps to reforming national privacy and competition laws. Lithuania and Sweden each handed out EU General Data Protection Regulations fines, while Colombia doled out punishment for violations of its data protection laws. Singapore is giving its data breach notification guidelines an update in anticipation of its new data protection legislation. And the first anniversary of the GDPR has come and gone, but not without reflection.
LATEST NEWS
In February, Uganda signed its Data Protection and Privacy Act into law. Parts of the new legislation are said to be based off the EU General Data Protection Regulation.
More
The Georgia Supreme Court upheld a lower court’s ruling dismissing a class-action lawsuit against the state’s Department of Labor for releasing the personal information of about 4,700 residents of Cobb and Cherokee counties. The claim of negligence was ruled invalid as state or case law has not recognized a responsibility for the government to protect personal identifying information.
More
The Kentucky Court of Appeals has ruled that the University of Kentucky failed to comply with the state’s open records act when it refused to give the university’s student newspaper information about an investigation of a professor accused of sexual assault. The university had argued that the Title IX files being sought were educational records protected from disclosure by the Family Educational Rights and Privacy Act.
More
Rosalyn Layton penned an op-ed discussing how Maine’s proposed online privacy laws are incomplete and do not work to reel in big tech companies.
More
A federal jury is set to hear arguments on whether a Pennsylvania county’s government knowingly violated federal law when it posted criminal information online of some 67,000 people incarcerated over the years at the county prison. The class suit could cost Bucks County $670 million if its government employees are found negligent.
More
ICYMI
IAPP Associate Editor Ryan Chiavetta, CIPP/US, was at the IAPP Canada Privacy Symposium, where Privacy Commissioner of Canada Daniel Therrien discussed the country’s new Digital Charter that sets out to reform national privacy laws. Chiavetta has the scoop for The Privacy Advisor.
More
Hogan Lovells Partner Eduardo Ustaran, CIPP/E, penned a look back at the first year of the EU General Data Protection Regulation and discussed what comes next with the legislation, in this Privacy Perspectives post.
More
Daniel Castro and Eline Chivot teamed up on a Privacy Perspectives piece discussing how the GDPR will need to be reformed in order for Europe to have the best artificial intelligence.
More
Attorney Beth Graham, CIPP/E, CIPP/US, CIPM, provided her take on why a mandatory arbitration carve-out is necessary in any form of U.S. privacy law in this Privacy Perspectives post.
More
IAPP Editor Angelique Carson, CIPP/US, attended a pair of U.S. Congressional hearings last week for The Privacy Advisor. Tuesday’s hearing at the Senate Committee on the Judiciary focused on lawmakers’ consideration of anti-trust’s role in privacy regulation. On Wednesday, Carson sat in on hearing with theU.S. House Committee on Oversight and Government Reform regarding the status and possible ban of facial-recognition technology without federal rules policing its use.
APAC
Jeremy Lee won a landmark case in Australia against his employer, which fired him for refusing to clock in and out of work using his fingerprint.
More
Citibank Hong Kong received a HK$10,000 fine after admitting it violated a direct marketing offense under the Personal Data Privacy Ordinance.
More
Singapore is preparing to update its data breach notification guidelines as part of the upcoming amendment to its Personal Data Protection Act.
More
CANADA
Canadian Innovation Minister Navdeep Bains unveiled a Digital Charter with principles geared toward reforming the country's privacy and competition legislation.
More
University of Ottawa Law Professor Michael Geist wrote an op-ed on that the about Canada’s Digital Charter that involved both praise and questions.
More
EUROPE
Lithuania's State Data Protection Inspectorate announced a fine of 61,500 euros to Latvia-based electronic payment company UAB MisterTango for violations of the GDPR.
More
Datainspektionen, the Swedish data protection authority, announced it has received 3,000 complaints and 3,500 reported data breaches since the GDPR went into effect.
More
In the U.K., Prince Harry won a legal dispute in London's High Court over claims of privacy law violations, including the GDPR and the Data Protection Act 2018.
More
New data from business research firm eMarketer has disclosed that Facebook and Google have actually improved their digital advertising dominance in the U.K. a year after the implementation of the GDPR.
More
The U.K. has its first case against facial-recognition technology as Ed Bridges is suing the South Wales Police over biometric face scans.
More
EU Commissioner of Justice, Consumers and Gender Equality Věra Jourová called for respect "the spirit of the GDPR," while announcing that Greece, Portugal and Slovenia were among countries that had yet to fully comply with the legislation.
More
LATIN AMERICA
Colombia's data protection authority, Superintendencia de Industria y Comercio, has announced it has imposed fines of 496,899,600 and 298,121,760 pesos to Banco Falabella and delivery startup Rappi respectively for failure to implement data protection policies.
More
US
State Sen. Hannah-Beth Jackson, D-Calif., spoke about the fight for a more stringent California Consumer Privacy Act despite having her proposed bill killed.
More
The California State Senate is considering banning the use of facial-recognition technology and biometric scanners in body cameras used by law enforcement agencies throughout the state.
More
A U.S. federal judge in California ruled a lawsuit claiming entertainment companies and mobile advertising technology companies violated children’s privacy by harvesting their data for ad targeting can move forward.
More
Illinois hospitals are filing for a U.S. District Court to dismiss a putative class action regarding possible unlawful biometric scanning of employees under the Illinois Biometric Information Privacy Act.
More
An Indiana-based electronic medical records service reached a $100,000 settlement with the U.S. Department of Health and Human Services following violations of the Health Insurance Portability and Accountability Act.
More
Data breach notification laws in New Jersey are set to receive an upgrade, including the addition of online account information under the definition of personal information.
More
A New Jersey–based company may be the first to violate Vermont’s data broker law after it was discovered the entity failed to disclose its possession of data on minors.
More
U.S. Sens. Ron Wyden, D-Ore., and Rand Paul, R-Ky., introduced the Protecting Data at the Border Act, which would require federal agents to obtain a warrant before searching the personal devices of U.S. residents crossing the border.
More
Democratic U.S. senators want the right to sue a company for mishandling personal data to be added to any version of a federal privacy law.
More
The U.S. Federal Trade Commission has announced it is extending the deadline for comments on proposed changes to Safeguards Rule on information security programs at financial institutions to Aug. 2.
More
Vizio's $17 million class-action privacy settlement, which stems from allegations it shared data of more than 500,000 customers with advertising tech companies and data brokers, awaits approval from a U.S. District Court.
More