The European Data Protection Supervisor has published a preliminary opinion on the principle of privacy by design, aiming to raise awareness of "data protection by design and by default." India's health ministry has proposed a new law giving individuals control over their health data. In New Zealand, Privacy Commissioner John Edwards has asked for enhanced enforcement provisions as part of an overhaul of the country’s 25-year-old privacy law. In the U.S., President Donald Trump has signed the Economic Growth, Regulatory Relief and Consumer Protection Act, which, among other things, will allow consumers to freeze their credit for free; South Carolina has a new law requiring any insurance entity operating in the state to establish and implement a cybersecurity program; and Colorado has a "groundbreaking" new privacy and cybersecurity law. Read about all this and more in this week's Privacy Tracker global legislative roundup.
LATEST NEWS
India’s health ministry has proposed a law to govern data security in the health care sector that would give individuals control over their health data, Business Standard reports.
More
Saudi Arabia's Council of Ministers approved an anti-sexual harassment law that includes privacy protection for victims, albawaba reports.
More
U.S. President Donald Trump has signed the Economic Growth, Regulatory Relief and Consumer Protection Act, which, among other things, will allow consumers to freeze their credit for free, The New York Times reports.
More
California's Senate has approved a bill that would allow residents affected by a data breach to sue a company for $1,000 per breach, Fast Company reports.
More
The California Senate has passed a net neutrality bill, which now heads to the Assembly, Fast Company reports.
More
Colorado Gov. John Hickenlooper has vetoed a bill that would have prevented child autopsies from being made public, The Associated Press reports.
More
Colorado's governor has signed legislation that requires covered entities to implement and maintain reasonable security procedures, properly dispose of confidential information, ensure the protection of confidential information when transferred to third parties, and sets a 30-day limit on breach notification, The National Law Review reports.
More
Louisiana's governor has signed a bill expanding the state's data breach notification law, including changes to the definition of personal information, Louisiana Law Blog reports.
More
On Missouri Gov. Eric Greitens' last day, he signed 77 bills, including one that would make it a crime to threaten to share explicit photos of people without their consent, CBS News reports.
More
South Carolina has a new law requiring any insurance entity operating in the state to establish and implement a cybersecurity program protecting it and its customers from a data breach, Insurance Journal reports.
More
ICYMI
The IAPP Resource Center has a chart of EU member state GDPR implementation laws and summaries.
More
Croatia has passed its Law on Implementation of General Data Protection Regulation, which went into effect May 25 — just one of a handful of EU member states that have passed implementation laws. Maja Šutalo, CIPP/E, offers an analysis of the law in this Privacy Tracker post, noting that while the law does not cover many derogations, it establishes a clear framework for the data protection agency's powers, duties and composition.
More
US
The U.S. 9th Circuit Court of Appeals approved Facebook’s request to pause the trial proceedings in its privacy case where the tech company is accused of violating the Illinois Biometric Information Privacy Act, MediaPost reports.
More
With the EU General Data Protection Regulation in full swing, the U.S. Chamber of Commerce identified eight areas to watch.
More
Axios reports that Democrats are divided over Silicon Valley Rep. Ro Khanna’s approach to an Internet Bill of Rights. Khanna’s efforts to address consumer data privacy concerns have been met with criticism and viewed by some as pressuring lawmakers into supporting the bill.
More
Writing for the Financial Times, U.S. Secretary of Commerce Wilbur Ross discussed the U.S. government’s concerns with the EU General Data Protection Regulation.
More
In response to a recent opinion piece by U.S. Secretary of Commerce Wilbur Ross, Electronic Privacy Information Center President Marc Rotenberg argued in the Financial Times that the U.S. ought to follow the European Union's lead and install privacy laws of its own with similar teeth.
More
The North Carolina State Bar Board of Legal Specialization is now accepting applications for a new certification, the privacy and information security law specialization. Open to lawyers who hold a CIPP/US certification, the specialization will help identify those who show a dedication to the field and help clients identify qualified legal counsel.
More
ASIA-PACIFIC
Australian Acting Privacy and Information Commissioner Angelene Falk ruled in a long-running investigation into the government’s release of personal information about blogger Andie Fox and decided that the government acted “reasonably,” The Guardian reports.
More
New Zealand Privacy Commissioner John Edwards said he was seeking additional enforcement provisions as part of an overhaul of the country’s 25-year-old privacy law, which is now being considered by Parliament, Reuters reports.
More
The National Privacy Commission of the Philippines is backing the creation of a national ID system, called the Philippine Identification System, PTV reports.
More
EUROPE
Following privacy activist Max Schrems accusing Facebook and Google of violating the EU General Data Protection Regulation, a French digital rights group is making similar charges against the two companies, as well as Apple, Amazon and LinkedIn, ZDNet reports.
More
The European Data Protection Board has released a statement calling for the timely adoption of the ePrivacy Regulation.
More
Following the European Parliament’s meeting with Facebook CEO Mark Zuckerberg, the Committee on Civil Liberties, Justice and Home Affairs released a draft agenda for a June 4 hearing that will focus on the background of the Facebook-Cambridge Analytica case.
More
The European Data Protection Supervisor has published a preliminary opinion on the principle of privacy by design. According to the release, the opinion aims to raise awareness of "data protection by design and by default" as outlined by Article 25 of the EU General Data Protection Regulation.
More
During his speech in front of the International Federation for European Law, the European Union’s chief Brexit negotiator, Michel Barnier, said the U.K. will not be able to have a part in dictating regulation once it leaves the EU, TechCrunch reports.
More
Russian politicians have expressed a desire to have Mark Zuckerberg come speak to lawmakers and address questions. Federation Council Speaker Valentina Matviyenko said, "I'll issue an order. We'll try to organize his arrival."
More