The European Commission drafted rules that will force Big Tech companies to disclose how political groups execute targeted advertising. In India, the Joint Parliamentary committee reviewing the country’s draft Personal Data Protection bill is expected to reconvene and consider amendments. And in the U.S., the Senate Committee on Commerce, Science, and Transportation discussed a potential data security law, and the California Privacy Protection Agency released the agenda for its upcoming Oct. 18 meeting, the first for newly appointed executive director Ashkan Soltani.
LATEST NEWS
The California Privacy Protection Agency released the agenda for its next public meeting Oct. 18. The meeting will include potential revisions to existing California Consumer Privacy Act rules.
More
European Parliament's Committee on Civil Liberties, Justice and Home Affairs voted in favor of a proposal to increase Europol's ability to process large datasets and share data with private companies, Politico reports.
More
Politico also reports the European Commission drafted rules that will force Big Tech companies to disclose how political groups execute targeted advertising.
More
ICYMI
The U.S. Senate Committee on Commerce, Science, and Transportation discussed a potential data security law during its second privacy hearing in two weeks. IAPP Staff Writer Jennifer Bryant has the details.
More
California’s CPPA announced Ashkan Soltani, former chief technologist for the U.S. Federal Trade Commission, will be its first executive director, overseeing the agency’s day-to-day operations along with California privacy law enforcement activities, rulemaking and public awareness. IAPP Staff Writer Joe Duball reports on Soltani’s selection.
More
On Jan. 1, 2023, California will become the first state to have a comprehensive data privacy law covering human resources data when the California Privacy Rights Act becomes operational. Perkins Coie’s Data Privacy Counsel Arsen Kourinian, CIPP/A, CIPP/C, CIPP/E, CIPP/US, CIPM, FIP, Partner Dominique Shelton Leipzig, CIPP/US, and Ida Knox discuss steps the CPPA can take to align employment and privacy rights within the CPRA regulations.
More
ENFORCEMENT
The Office of the Information and Privacy Commissioner of Alberta, Canada, published a review of data processing activities by Alcanna, focusing on the liquor store’s ID-scanning technology, which OIPC found to be mostly legal under data collection provisions in the Gaming, Liquor and Cannabis Act.
More
France’s data protection authority, the Commission nationale de l’informatique et des libertés, issued a series of injunctions against the Ministry of the Interior over the data protection and privacy compliance of its Automated Fingerprint File, Euractiv reports.
More
Norway’s data protection authority, Datatilsynet, issued a fine of NOK 125,000 against Ultra-Technology AS for assessing an individual’s credit without a legal basis.
More
The U.S. Federal Trade Commission finalized a settlement with the operators of MoviePass over allegations of deceptive marketing and failure to secure subscribers' personal data.
More
ASIA-PACIFIC
According to The Indian Express, the Joint Parliamentary Committee reviewing India's draft Personal Data Protection Bill will likely reconvene Oct. 20 and consider amendments, including expanding provisions to cover non-personal data.
More
CANADA
The OPC opened the draft guidance on facial recognition for police agencies to public consultation, IT World Canada reports.
More
EUROPE
Members of European Parliament voted 377-248 in favor of adopting a resolution that calls for proper safeguards around law enforcement's use of artificial intelligence surveillance and an outright ban on its public use of facial recognition.
More
The Council of the European Union agreed on a negotiating mandate on the proposed Data Governance Act, which creates a framework to help companies or individuals share data securely.
More
The Dutch government published its thoughts on the upcoming Data Act to be proposed by the European Commission, saying individuals and smaller companies should “be able to benefit from the use of data and trust that their rights and interests are protected,” Euractiv reports.
More
The U.K. Information Commissioner's Office announced its submission to the public consultation on the Department for Digital, Culture, Media and Sport's proposed data reforms. Information Commissioner Elizabeth Denham wrote she mostly supports DCMS's review, but "the devil will be in the detail" as the proposals evolve.
More
US
U.S. President Joe Biden signed the "K-12 Cybersecurity Act of 2021," requiring the Cybersecurity and Infrastructure Agency to study cybersecurity risks facing students and develop recommendations to assist schools.
More
Members of the U.S. Senate Committee on Commerce, Science, and Transportation's Subcommittee on Consumer Protection, Product Safety, and Data Security used a hearing with Facebook whistleblower Frances Haugen to lament the need for Congress to act on federal privacy legislation, The Wall Street Journal reports.
More
U.S. Sens. Ed Markey, D-Mass., and Richard Blumenthal, D-Conn., with U.S. Rep. Kathy Castor, D-Fla., reintroduced the Kids Internet Design and Safety Act to address online practices that pose harm to children online.
More
Gov. Gavin Newsom, D-Calif., signed a pair of bills into law that amend the CCPA and the CPRA.
More
The Massachusetts Legislature's Joint Committee on Advanced Information Technology, the Internet and Cybersecurity will hold a virtual hearing Oct. 13 to consider data privacy-related bills.
More
GUIDANCE
Brazil's data protection authority, the Autoridade Nacional de Proteção de Dados, published an information security guide for small-scale data processors.
More
The Baden-Württemberg Commissioner for Data Protection and Freedom of Information in Germany published a revised frequently-asked-questions document on international data transfers.
More
Hong Kong’s Office of the Privacy Commissioner for Personal Data published a guidance note and accompanying frequently-asked-questions document on the use of the EU's updated standard contractual clauses.
More
South Korea's Personal Information Protection Commission published guidance on preparations for the launch of a specialized binding agency dedicated to pseudonymized data.
More
Spain's data protection authority, the Agencia Española de Protección de Datos, wrote a blog post discussing how anonymization and pseudonymization techniques differ.
More
