In this week's Privacy Tracker global legislative roundup, Australia released draft legislation that would increase penalties and require parental consent for children under 16. Brazil's Senate Plenary approved a proposed constitutional amendment making personal data protection a fundamental right. The European Data Protection Board adopted a final version of its guidelines on restrictions of data subject rights under the EU General Data Protection Regulation’s Article 23. And, the "IAPP-EY Annual Privacy Governance Report 2021" was released, which takes a look at the progress of organizations in adapting to new laws, including the California Privacy Rights Act and other U.S. state laws, and Brazil’s General Data Protection Law.
The latest
Australia’s draft Online Privacy Bill would impose higher penalties for privacy violations, create a new Online Privacy Code, and require social media companies to obtain parental consent for users under 16.
More
The Washington Post reports European Union Justice Commissioner Didier Reynders said he wants to work with U.S. regulators to better protect consumers online.
More
Norway's data protection authority, Datatilsynet issued a 4 million NOK fine to the Østre Toten municipality for inadequate personal data security and associated internal control that resulted in an ransomware attack.
More
ICYMI
The IAPP-EY issued its annual “Privacy Governance Report.” The report takes an in-depth look at the ongoing effects of privacy leadership, budgets, staff and reporting structures, and the workflow around data subjects and processing vendors over the past year.
More
Enforcement
The European Data Protection Board launched its first action under the Coordinated Enforcement Framework on the use of cloud-based services by the public sector.
More
The Irish Data Protection Commission’s 450,000 euro fine against Twitter has been confirmed in the Dublin Circuit Court.
More
Luxembourg’s National Commission for Data Protection released its 2020 Activity Report. The CNPD said there were 655 written requests for information, compared to 708 in 2019, with a large number of requests concerning data subjects’ right to access and erase personal data.
More
Peru’s National Data Protection Authority launched an investigation into alleged violations of the Personal Data Protection Law by personnel from the National Superintendency of Migrations.
More
Asia-Pacific
The Hindustan Times reports sources say a draft report by the Joint Parliamentary Committee reviewing India’s proposed Personal Data Protection Bill is likely to be circulated among members by Nov. 6 and is expected to be presented during the winter session.
More
Europe
The European Data Protection Board adopted a final version of its guidelines on restrictions of data subject rights under the EU General Data Protection Regulation’s Article 23.
More
The European Parliament voted to allow Europol to process any data voluntarily handed over from organizations, process large amounts of data and develop AI technology for enforcement purposes, Computer Weekly reported.
More
The Ukrainian Parliament proposed a draft law on the creation of a National Commission for Personal Data Protection and Access to Public Information, with the intent of creating a commission to monitor compliance with the country's data protection law.
More
Latin America
Brazil’s Senate Plenary approved a proposed constitutional amendment making personal data protection a fundamental right for all citizens. The amendment will be promulgated in an upcoming session of the National Congress.
More
U.S.
Legislation proposed in Massachusetts would establish protections for personal biometric data, including fingerprints, facial images and retina, iris and hand scans, Government Technology reports.
More
In Massachusetts, the Boston City Council passed a law requiring all surveillance technology funds, acquisitions or use to be approved by the council, including any new or updated use by law enforcement, The Boston Globe reports.
More
A report by the U.S. Federal Trade Commission on the data collection and use practices of internet service providers found many collect and share more data than consumers expect.
More
In the U.S., the Consumer Financial Protection Bureau ordered six large technology platforms offering payment services to provide information about the business plans and practices of their systems.
More
Privacy operations management
France’s data protection authority, the Commission nationale de l’informatique et des libertés, opened a public consultation on its updated recommendations on secure password management in the context of increasing threats to data security.
More