China and Japan have seen major changes to their privacy and security regimes in the past week with China’s new Cybersecurity Law and amendments to Japan’s Act on the Protection of Personal Information going into effect. U.K. and Belgian data protection authorities have both released annual reports showing an uptick in activities. In the U.S., Montana has a new statute limiting government access to electronic communications stored by service providers, Oregon’s unlawful trade practices now include liability for companies misrepresenting how they handle customer information; and Washington is the third state to pass a law regulating the commercial use of biometric identifiers. Read about these developments and more in this week’s Privacy Tracker weekly roundup.
LATEST NEWS
The Colorado Division of Securities has published new cybersecurity regulations for broker-dealers and investment advisors under their puriew, reports Hunton & Williams’ Privacy and Information Security Law Blog.
More
The Massachusetts legislature’s Joint Committee on Public Safety and Homeland Security heard testimony on proposals to regulate government use of surveillance drones, reports Privacy SOS.
More
Montana has a new statute limiting government access to electronic communications stored by service providers; it also allows the government to stop providers from notifying consumers when it requests records, EFF reports.
More
The New York State Department of Health has issued a new guidance statement on privacy protections and data sharing under HIPAA and other applicable federal and state laws, reports JD Supra.
More
Oregon Gov. Kate Brown has signed into law a bill amending the state’s unlawful trade practices by including liability for misrepresentations of how they handle customer information, reports Hunton & Williams’ Privacy and Information Security Law Blog.
More
Washington Gov. Jay Inslee has signed into law a bill regulating the commercial use of biometric identifiers, making it the third state in the country with such a law, reports Hunton & Williams’ Privacy and Information Security Law Blog.
More
ICYMI
In this installment of Privacy Tracker GDPR Matchup series, Alex Wall, CIPP/E, CIPP/US, compares the principles of the Asia-Pacific Economic Cooperation's Privacy Framework and Cross-Border Privacy Rules with the principles expressed by the GDPR.
More
Marju Lauristin has been appointed rapporteur for the ePrivacy Regulation, Angelique Carson, CIPP/US, offers this introduction in The Privacy Advisor.
More
Some lawyers, scholars and regulators are wondering how the GDPR will affect machine learning in the enterprise. Immuta Chief Privacy Officer and Legal Engineer Andrew Burt navigates text in the GDPR and points out what privacy pros should be thinking about and operationalizing as they prepare in the coming year.
More
The IAPP Resource Center has a roundup of its coverage on China’s new Cybersecurity Law.
More
US
U.S. Rep. Tom Graves, R-Ga., has drafted a bill designed to exempt from prosecution individuals who hack into malicious actors' machines for defensive measures, The Daily Beast reports.
More
Sens. Maggie Hassan, D-N.H., and Rob Portman, R-Ohio, have introduced a bill to establish a federal bug bounty program within the U.S. Department of Homeland Security, CNNMoney reports.
More
Massachusetts Gov. Charlie Baker announced new legislation to create a secretariat to oversee information technology services and security, State House News Service reports.
More
ASIA PACIFIC
A new cybersecurity law in China took effect Thursday, June 1. Lawfare offers an indepth analysis of the law, noting, "Certainly the language of the law is broad and ambiguous, and that vagueness creates problematic uncertainties."
More
On 30 May, amendments to Japan's Act on the Protection of Personal Information went into full effect. Kate Chan offers an overview of changes to the Japanese and Chinese privacy and cybersecurity regimes for KrolLDiscovery's Ediscovery blog.
More
CANADA
In an op-ed for The Globe and Mail, Michael Geist explains why industry lobbying against the private right of action in Canada’s anti-spam legislation should not succeed in delaying the provision.
More
EUROPE
European Parliament's Policy Department for Citizens' Rights and Constitutional Affairs released a study of the proposed ePrivacy Regulation assessing “whether the proposal would ensure that the right to the protection of personal data, the right to respect for private life and communications, and related rights enjoy a high standard of protection."
More
PwC research found the U.K. Information Commissioner’s Office handed out twice the amount of enforcement fines in 2016 compared to the previous year, SC Media UK reports
More
The Belgian Privacy Commission released its Annual Activity Report for 2016, Hunton & Williams' Privacy & Information Security Law Blog reports
More