In this week’s global legislative roundup, China’s National People’s Congress Standing Committee released the second draft of the Personal Information Protection Law for public comment, Thailand postponed enforcement of its Personal Data Protection Act to May 31, 2022, and lawmakers in Canada are debating which legislative committee should be next to consider the country's framework for federal privacy law reform. In the U.S., Sen. Rick Scott, R-Fla., introduced legislation that would require organizations with more than 30 million subscribers to obtain consent before using data or tracking users' preferences.
LATEST NEWS
China’s National People’s Congress Standing Committee released the second draft of the Personal Information Protection Law for public comment, according to Stanford University's DigiChina Cyber Policy Center.
More
The U.S. Department of Labor's Employee Benefits Security Administration issued cybersecurity-focused guidance on benefit plans regulated by the Employee Retirement Income Security Act that emphasizes steps to mitigate risks, according to Hogan Lovells.
More
ICYMI
For The Privacy Advisor, University of São Paulo Law School’s Beatriz de Sousa and LGBTeses Founder Bernardo Fico explored the children’s privacy provisions under Article 14 of Brazil’s General Data Protection Law, the importance placed on consent and what can be done to protect kids under the law.
More
IAPP Westin Fellow Nicole Sakin broke down the Indian Ministry of Electronics and Information Technology’s Information Technology (Guidelines for Intermediaries and Digital Media Ethics Code) Rules, 2021, for The Privacy Advisor.
More
The IAPP created a chart for the Resource Center comparing the data privacy laws in Virginia and California in the U.S. The chart looks at the scope of Virginia’s Consumer Data Protection Act, the California Consumer Privacy Act and the California Privacy Rights Act and how each approaches data subject rights and the roles of processors and third parties.
More
ENFORCEMENT
The Cyberspace Administration of China found 33 mobile phone applications violated data privacy rules by gathering data without consent, Reuters reports.
More
France's data protection authority, the Commission nationale de l’informatique et des libertés, announced it closed its injunction against Google.
More
According to DLA Piper's blog, "Privacy Matters," the German Federal Labor Court dismissed a claim that Article 15 of the EU General Data Protection Regulation grants a right to receive copies of emails as inadmissible.
More
Iceland's DPA, Persónuvernd, fined InfoMentor ISK 3.5 million over a security breach that took place during February 2019.
More
Norway’s DPA, Datatilsynet, issued a notification of an infringement fee of NOK 5 million to toll company Ferde for allegedly transferring motorists’ personal data to China.
More
Norway’s Datatilsynet also plans to fine Disqus NOK 25 million for violations of the GDPR.
More
Spain’s DPA, the Agencia Española de Protección de Datos, fined Equifax approximately $1.1 million for allegedly scraping individuals’ publicly available data and using it in credit reports, the Wall Street Journal reports.
More
Spain’s AEPD also issued a 1.5 million euro fine against EDP Comercializadora for GDPR violations.
More
ASIA-PACIFIC
The Cabinet of Thailand signed a royal decree postponing the enforcement of the Personal Data Protection Act to May 31, 2022, the Bangkok Post reports.
More
CANADA
Canadian lawmakers are debating which legislative committee should be next to consider Bill C-11, the country's framework for federal privacy law reform, The Hill Times reports.
More
EUROPE
A leaked document shows EU lawmakers may soon come to an agreement on a temporary derogation from the ePrivacy Directive to combat online child sexual abuse, Euractiv reports.
More
LATIN AMERICA
Mexican Sen. José Alberto Galarza Villaseñor introduced amendments concerning the territorial scope of the Federal Law on Protection of Personal Data Held by Private Parties.
More
US
U.S. Sen. Rick Scott, R-Fla., introduced the Data and Algorithm Transparency Agreement Act, which would require organizations with more than 30 million subscribers to obtain consent before using data or tracking users' preferences, Florida Politics reports.
More
GUIDANCE
Denmark's DPA, Datatilsynet, announced updates to its guidance on consent under the GDPR. Notable updates include clarifications on consent for processing by public authorities and how swiping or scrolling through a site "is not considered an unequivocal expression of will."
More
The Dutch DPA, Autoriteit Persoonsgegeven, published a blog post explaining processes for "hashed and cut" anonymization techniques, which commonly do not anonymize data fully unless done properly.
More
The Committee of Ministers of the Council of Europe adopted a Declaration urging member states to bolster protections for children's privacy and personal data.
More
