![Default Article Featured Image_laptop-newspaper-global-article-090623[95].jpg](https://images.contentstack.io/v3/assets/bltd4dd5b2d705252bc/blt61f52659e86e1227/64ff207a8606a815d1c86182/laptop-newspaper-global-article-090623[95].jpg?width=3840&quality=75&format=pjpg&auto=webp)
This week’s Privacy Tracker roundup includes news about Thailand’s draft data protection bill, a breach notification bill in Australia and continued debate over the UK Investigatory Powers Bill. Plus, France is considering legislation to ban Tor and lock down public WiFi in times of emergency, and the final look of the EU General Data Protection Regulation is becoming clearer, with new documents offering insight into notification, the DPO requirement and sanction amounts—on which member states have agreed to an increase. In the U.S., the PATRIOT Act is in the rear view mirror and one senator has proposed a bill to allow the NSA to keep the records it’s collected over the past five years. Meanwhile, Congress is looking at student privacy and the frequency of financial privacy notices.
LATEST NEWS
In Australia, the Turnbull government has proposed new laws that would inform citizens “of certain breaches of their personal information … but only if the company or organization breached turns over $3 million in revenue a year,” reports The Age.
Thailand’s National Legislative Assembly is expected to debate a draft data protection bill within the next four months, reports Bangkok Post.
The UK’s draft Investigatory Powers Bill is set to be scrutinized by a UK parliamentary committee, reports Out-Law.com. The bill would “give UK law enforcement and intelligence agencies the power to require telecommunication service providers to retain and hand over communications data.”
The U.S. Congress has passed a new transportation authorization bill that “provides relief to financial institutions by changing the frequency in which consumers receive privacy notices,” reports the Credit Union Times.
Rep. Tom Marino (R-PA) has issued a statement regarding the House Judiciary’s “pledge to conduct more hearings at the full committee level” on issues key digital privacy issues, such as “the occurrence of warrants served upon U.S. companies for data stored overseas.”
ICYMI
Sam Pfeifle examines for Privacy Tracker new documents released from the Luxembourg presidency that may be the best indication yet of where three hot-button issues in the General Data Protection Regulation may resolve.
Just days after the largest reform to U.S. surveillance law in years took effect, lawmakers on held a long-awaited hearing on reforming the Electronic Communications Privacy Act, Jedidiah Bracy, CIPP/E, CIPP/US, reports for Privacy Tracker.
Hogan Lovells Partner Eduardo Ustaran, CIPP/E, argues in this post for Privacy Perspectives why tech companies should pay attention to the UK Investigatory Powers Bill.
In a keynote speech at the Federal Privacy Summit, Office of Management and Budget Director Shaun Donovan announced the government is establishing a Federal Privacy Council in an effort to coordinate the privacy policies, strategies and strategic thinking across government agencies.
U.S.
Reauthorization of the Elementary and Secondary Education Act is on the Congressional table, but many find that the changes made to the legislation failed to handle student privacy adequately, Benjamin Herold argues in an op-ed for Education Weekly.
As the government said goodbye to the NSA bulk phone record surveillance program, Sen. Tom Cotton (R-AR) introduced the Liberty Through Strength Act II, a bill that aims to "let the government keep the phone records it has already collected for five years," SC Magazine reports.
Federal Trade Commission Administrative Law Judge D. Michael Chappell's landmark ruling in favor of LabMD may make the Federal Trade Commission's ability to win data-loss cases increasingly thorny, Data Breach Legal reports.
The National Security Agency's bulk phone record surveillance program breathed its last breath Monday as stipulated by the USA Freedom Act, and its demise was met with celebration from privacy advocates, Tech Crunch reports.
ASIA-PACIFIC
The Monetary Authority of Singapore now requires potential data centers to pass its threat vulnerability and risk assessment, a test that requires the takers to "weather severe natural disasters and even attacks from rocket-propelled grenades" in order to receive a passing score, The South China Morning Post reports.
CANADA
A BC Information and Privacy Commissioner adjudicator said government bureaucrats have the right to refuse to disclose email logs and also that it's unreasonable to release the data with personal information redacted, reports ITWorldCanada.
EUROPE
PressTV reports that negotiators in the trilogue process have reached a deal on the long-debated Passenger Name Record Directive.
Reuters reports that EU member states have agreed to raise potential fines for businesses for data protection violations to as much as four percent of global turnover as part of the General Data Protection Regulation negotiations.