In this week’s Privacy Tracker global privacy legislative roundup, a proposed law in Florida could provide recourse for victims of drone accidents, the Centers for Medicare and Medicaid were asked some tough questions, and a federal judge ruled the National Security Agency’s bulk collection program to be illegal. Also, a Serbian commissioner has criticized a new draft Law on Personal Data Protection, Brazil seeks comprehensive data protection regulation, and data-sharing agreements are being amended in the EU. Meanwhile, experts in Canada believe that a recent decision by the Supreme Court to not hear an appeal could potentially open the floodgates to future privacy litigation. And, don’t forget to check out our new Safe Harbor Alternatives toolkit.
LATEST NEWS
In Serbia, the Commissioner for Information of Public Importance and Personal Data Protection has issued a press release that strongly criticizes a new draft Law on Personal Data Protection prepared by the Ministry of Justice, seeking “a greater degree of detail,” DataGuidance reports.
A Florida legislator has proposed a new law that would provide recourse for victims of drone accidents, allowing them “to recover costs from the owner and operator of a drone if the device ‘was a substantial contributing factor’ in causing the damage,” The Miami Herald reports.
ICYMI
Taking into consideration thousands of comments on its past two drafts, Brazil’s Ministry of Justice has released a third draft of a law aiming to comprehensively regulate personal data protection. Renato Monteiro of Opice Blum and University of São Paulo Researcher Bruno Bioni offer an analysis for Privacy Tracker.
There has been no shortage of articles written in the wake of the European Court of Justice ruling invalidating Safe Harbor. The IAPP’s Westin Research Center is here to help you decide which data transfer mechanism is best for your organization.
Last Friday, the FCC denied a petition urging the agency to require edge providers to honor Do-Not-Track (DNT) requests from consumers. In this post for Privacy Perspectives, Digital Content Next Executive Director Jason Kint contends that there "is an escalating technology war between consumers and companies that want to track them across" the Internet, and that now's the time for industry to answer these DNT calls.
In Schrems,the Court of Justice of the European Union held that the EU Commission's Safe Harbor decision was invalid because U.S. law does not protect the personal data of Europeans to an extent equal to EU law because of law enforcement's access to it. But the U.S. "is far from being the only country which requires that personal data be retained so it may be accessed by the state," writes Denis Kelleher in this exclusive for The Privacy Advisor.
U.S.
Google’s recent victory in the 3rd U.S. Circuit Court of Appeals regarding how it used data and its relation to the Wiretap Act was won with a cautionary admonition from the court: “Merely tracking the URLs someone visits can constitute collecting the contents of their communications, and that doing so without a warrant can violate the Wiretap Act,” Wired reports.
In a bipartisan letter to the Centers for Medicare and Medicaid Services, senators ask tough healthcare privacy questions, expounding on their frustrations regarding the numerous healthcare data breaches of late and outlining questions they have for the future, Nextgov reports.
Prosecutors say they know who hacked JPMorgan Chase last year, CNN Money reports. The three men responsible were indicted for separate crimes in July but are also responsible for the hack affecting 83 million customers’ personal data.
An amicus brief on the Lewis v. Superior Court of Los Angeles County case indicates that the ruling could have significant privacy implications, AMA Wire reports. The legal proceedings aim to decide if the California Medical Board “infringed upon patients’ constitutional right to privacy when it obtained prescription data without a showing of good cause.”
A federal judge has ruled that the National Security Agency’s (NSA) bulk collection of U.S. citizens’ phone records is illegal, The Wall Street Journal reports. The impact of the ruling, however, will be limited because the USA FREEDOM Act, which mandates a change to the NSA program, takes effect on November 29.
The U.S. Supreme Court has declined to hear a case on whether the government needs a warrant to collect cellphone location information, reports IDG News Service. The case involves a man convicted of a string of robberies whose location was tracked via his phone.
ASIA-PACIFIC
The current opt-out-as-cybersecurity tack taken by the Senate regarding health records is “dangerously naïve” according to the Australian Privacy Foundation, ZDNet reports. It further alleges that the Senate “ignored expert advice by changing the e-health records to be opt-out,” the report states.
At the Chemical Watch Enforcement Summit, Dr. Knoell Consult’s Deirdre Lawler disclosed that select EU “data-sharing agreements … are being amended to allow companies in South Korea to use EU data to register chemicals,” Chemical Watch reports.
CANADA
The Supreme Court of Canada will not hear an appeal to a case in which hundreds of patients’ medical records were accessed inappropriately by Peterborough Regional Health Centre staffers, Financial Post reports. The Supreme Court’s decision means the case will proceed to trial, which may “open the way to privacy class-action lawsuits,” said DDO Health Law’s Mary Jane Dykeman.
The Vancouver Sun reports that British Columbia (BC) Information and Privacy Commissioner Elizabeth Denham is looking into the access-to-information requests and privacy practices of the City of Vancouver to ensure the city is in compliance with the provincial Freedom of Information and Protection of Privacy Act.
Toronto Danforth MPP Peter Tabuns is concerned Ontario’s smart meters are vulnerable to hacking and privacy breaches, the National Post reports. In response, he plans to table a private members bill to shore up the security gaps.
WorkSafeNB “violated its own rules” when it shared some of its workers’ data without their consent, says New Brunswick Privacy Commissioner Anne Bertrand. After an injured worker complained that her information had been shared with a polling firm, Bertrand’s office investigated, CBC reports.
While the deal aims to make e-commerce easier, some critics say the Trans-Pacific Partnership trade agreement’s verbiage may override some provincial laws that require data be stored on local servers to keep Canadians’ personal information safe, CBC reports.
EUROPE
At the ISSE 2015 conference, Assistant European Data Protection Supervisor Wojciech Wiewiorowski argued that even though the ECJ ruled against the legitimacy of the Safe Harbor framework, “the ruling did not say the Safe Harbor processes themselves were invalid, but that they were simply not enough,” Computer Weekly reports.
Radio Free Europe reports that Russian authorities have allegedly told Twitter that it must store Russian users’ data in the country or face the potential of being blocked and fined. Russian Internet regulator Roskomnadzor issued the warning, even though in July it had said Twitter would not have to comply with Russia’s new data localization law.
The draft Investigatory Powers Bill continues to rile up privacy advocates and tech giants alike, The Daily Dot reports. "The snoopers' charter in the UK is just a bit worse than scary, isn't it," said United Nations Special Rapporteur on Privacy Joseph Cannataci.