In this week’s Privacy Tracker global privacy legislative roundup, read about Indonesia’s proposed comprehensive data privacy law, and get the latest on privacy-related legislation circulating in the U.S., including a proposed mental health reform bill, as well as a bill offered to set minimum data security and breach notification standards. Canada’s Privacy Commissioner Daniel Therrien is calling for drone regulations, and the Australian government will soon present a draft of its breach notification bill. Meanwhile, the U.S. and EU countries are working out new data-transfer mechanisms, with guidance coming out of the European Commission and Spain and a meeting of officials from the White House, U.S. State Department and House of Representatives.
Latest News
Indonesia could see its first comprehensive data privacy law “as soon as mid-February 2016,” according to the Ministry of Communications and Information, Lexology reports.
The U.S. House Energy and Commerce Health Subcommittee has advanced a mental health reform bill that would alter HIPAA to allow “caregivers and family members to have more information about a mentally ill person’s care,” The Hill reports.
U.S. Rep. Jan Schakowsky (D-IL) has submitted a bill to create federal data security standardsin hopes that the recent U.S.-EU Safe Harbor invalidation “will spur Congress to action,” The Hill reports.
Florida lawmakers have submitted a new batch of privacy legislation that would create exemptions to public records law, “ranging from topics involving substance abuse to cell-phone tracking,” Florida Politics reports.
Bangor Daily News reports on Maine’s drone privacy law now that it’s been in effect for a month.
ICYMI
In this post for Privacy Perspectives, Hogan Lovells Partner Eduardo Ustarn, CIPP/E, delves into the new guidance from the European Commission on “the Safe Harbor Roller Coaster" and shares some practical conclusions. Also, The Privacy Advisor has published a series of three Q&As to help you navigate the Safe Harbor ruling.
In The Privacy Advisor, Sam Pfeifle summarizes the European Commission’s 15-page document outlining its interpretation of the Schrems ruling and the data-transfer options that remain on the table: binding corporate rules (BCRs), standard contractual clauses and the derogations of the Directive.
Last week, U.S. government officials in the White House, State Department and U.S. House of Representatives discussed the future of transatlantic data transfers, Jedidiah Bracy, CIPP/E, CIPP/US, sums up the discussion for The Privacy Advisor.
U.S.
The Federal Communications Commission's (FCC) Enforcement Bureau entered into a $595,000 settlement with Cox Communications for failing to adequately protect the personal data of its subscribers when the company's system was breached in 2014, according to an FCC press release.
Sen. Al Franken (D-MN) has said he will reintroduce a bill that would ban stalking apps, reports Broadcasting & Cable.
ASIA-PACIFIC
The Trans-Pacific Partnership's full contents have been revealed, and advocacy groups like the Electronic Frontier Foundation are not impressed, RT reports.
The Attorney-General’s Department has announced that the Australian government will soon issue an exposure draft of its data breach notification legislation, reports ComputerWorld.
CANADA
Health Minister Sharon Blady has promised to review health-record access laws after providers refused to give family members access to a missing mental health patient’s records citing Manitoba's Personal Health Information Act, reports CBC News.
Federal Privacy Commissioner Daniel Therrien says regulations to restrict the use of camera-equipped drones in certain "sensitive" areas is needed, reports the Canadian Press. Transport Canada has said it will issue new guidelines for small drones at some point in 2016.
The Liquor Control Board of Ontario is now complying with a privacy commission ruling that it must destroy the records of beer, wine and spirit club members, reports CBC News.
EUROPE
The Daily Telegraph reports that the proposed UK Investigatory Powers Bill would strip organizations’ ability to provide end-to-end encryption. Meanwhile, Conservative MP Theresa May has promised that the Investigatory Powers bill will not be a repeat of its 2012 iteration, touting the removal of its “contentious” bits, the BBC reports.
The Spanish data protection authority has sent letters to Safe Harbor-certified companies operating in Spain outlining necessary steps that companies must take, Hogan Lovells’ Chronicle of Data Protection reports.
Digital Rights Ireland is accusing Ireland of failing to guarantee the independence of the data protection commissioner, the Irish Times reports.
The UK Information Commissioner’s Office has fined the Crown Prosecution Service 200,000 GBPs for not ensuring adequate data security of laptops containing sensitive law enforcement interviews with victims and witnesses, ABC News reports.