In this week’s global legislative roundup, the IAPP covered aspects of the proposed American Data Privacy and Protection Act introduced by a bipartisan group of U.S. lawmakers. Canadian federal and provincial privacy authorities determined fast-food restaurant Tim Hortons' application tracked and recorded users’ movements every few minutes daily. And, the California Privacy Rights Agency is set to begin its rulemaking process.

The latest

IAPP Staff Writer Joseph Duball spoke with leading U.S. privacy professionals following reports of progress toward federal, bipartisan privacy legislation.
More

IAPP Senior Westin Research Fellow Müge Fazlioglu, CIPP/E, CIPP/US, discussed the path forward for the potential American Data Privacy and Protection Act to become law.
More

The California Privacy Protection Agency released an initial statement of reasons detailing its authority to issue draft California Privacy Rights Act regulations.
More

U.S. Federal Trade Commission staff is seeking public input as it updates guidance for businesses on preventing deception in digital advertising and marketing.
More

ICYMI

IAPP Staff Writer Joe Duball gathered industry reaction to the surprise release of California Privacy Rights Act draft regulations.
More

IAPP Staff Writer Joe Duball discussed a new draft privacy bill being circulated by U.S. Congress, that, for the first time, includes versions of preemption and a private right of action.
More

IAPP Staff Writer Jennifer Bryant reported on the outcome of the Tim Hortons' mobile application investigation by federal and provincial Canadian privacy authorities.
More

Enforcement

Authorities from France, Lithuania, the Netherlands and Poland, with support from the European Data Protection Board, are jointly investigating potential EU General Data Protection Regulation violations by Vinted, the parent company of Lithuanian clothing website Vinted.com.
More

Meta is facing a "potentially large fine" from Ireland's Data Protection Commission over children’s data processing violations on its Instagram platform, The Irish Times reports.
More

Asia-Pacific

India’s Ministry of Electronics and Information Technology is seeking public input on the draft National Data Governance Framework Policy.
More

Enforcement of Thailand’s Personal Data Protection Act began June 1, the Bangkok Post reports.
More

EU

Euractiv reported the EU's proposed Artificial Intelligence Act has amassed thousands of potential amendments from each political group within European Parliament.
More

France's data protection authority, the Commission nationale de l'informatique et des libertés, put 22 municipalities on notice that they must appoint a data protection officer within four months to be in compliance with the EU General Data Protection Regulation.
More

US

The California State Assembly voted 72-0 to pass Assembly Bill 2273, the California Age-Appropriate Design Code Act, and move it to Senate consideration.
More

Maryland Senate Bill 325, an act concerning student data privacy, took effect June 1.
More

Privacy operations management

France’s data protection authority, the Commission nationale de l'informatique et des libertés, published guidance on the identification of a “controller,” “subcontractor” and “joint principal” under the EU General Data Protection Regulation.
More

Mexico’s National Institute for Transparency, Access to Information and Personal Data Protection released its “Recommendations for the Processing of Personal Data” related to the use of artificial intelligence.
More