In this week's Privacy Tracker global legislative roundup, a group of U.S. senators introduced a federal privacy law that outlines a new set of data rights, prohibits businesses from processing and sharing data without consent, and includes a data protection officer provision. Brazil's General Data Protection Law went into effect and the European Union is developing legislation to increase enforcement action over Big Tech. A group of data protection officers in Germany said the use of Microsoft 365 in German authorities and public institutions does not meet data protection requirements. And in Australia, a proposed new law would allow data sharing between government agencies.
THE LATEST
In this piece for Privacy Tracker, IAPP Senior Westin Research Fellow Müge Fazlioglu, CIPP/E, CIPP/US, breaks down the latest proposed U.S. privacy legislation, the Setting an American Framework to Ensure Data Access, Transparency, and Accountability Act. She writes that proposed legislation is "actually a conglomeration of three previously introduced legislative proposals: the discussion draft of the U.S. Consumer Data Protection Act, Filter Bubble Transparency Act and Deceptive Experiences To Online Users Reduction Act."
More
The Irish Council for Civil Liberties filed a claim to the Irish Data Protection Commission focusing on the privacy concerns with real-time bidding, the Irish Examiner reports.
More
The Financial Times reports the European Union is working on legislation to give it increased enforcement authority over large technology companies.
More
ICYMI
After a year of uncertainty, Brazil's General Data Protection Law went into effect Sept. 18. Campos Mello Advogados Partner Paula Mena Barreto Pinheiro, CIPP/E, looks at what this latest news means for companies in this piece for Privacy Tracker.
More
With Brazil's LGPD now in effect, IAPP Westin Research Fellow Sarah Rippy provides an overview of the law, including a look at who it covers, the type of data that is protected, and information regarding compliance and data protection officers, in this piece for Privacy Tracker.
More
ENFORCEMENT
In Canada, Yukon Information and Privacy Commissioner Diane McLeod-McKay sided with a Yukon News journalist in keeping an access-to-information inquiry before the Department of Justice open, the Yukon News reports.
More
France's data protection authority, Commission nationale de l'informatique et des libertés, and Régions de France signed a partnership agreement to support communities in their efforts to comply with general data protection regulations.
More
In Germany, a working group of data protection officers of federal and state governments said the use of Microsoft 365 in German authorities and public institutions does not meet data protection requirements, Netzpolitik.org reports.
More
Norway's data protection authority, Datatilsynet, is investigating the use of location-based SMS notifications to inform travelers of COVID-19-related information, seeking to clarify how they process personal data.
More
Spain's DPA, Agencia Española de Protección de Datos, issued a sanctioning procedure resolution in a complaint filed against Vox Spain after the complainant said their data was retained despite a request for deletion.
More
The U.S. Department of Health and Human Services' Office for Civil Rights settled five more investigations in its Health Insurance Portability and Accountability Act Right of Access Initiative.
More
California Attorney General Xavier Becerra announced fertility-tracking mobile application Glow will pay $250,000 to settle allegations it failed to properly protect user information.
More
ASIA-PACIFIC
Legislation drafted in Australia would allow personal data sharing between government agencies, ABC News reports.
More
Singapore's Personal Data Protection Commission issued fines of $20,000 and $10,000 to the Civil Service Club and Grabcar, respectively, for violations of the Personal Data Protection Act 2012.
More
US
U.S. Sens. Roger Wicker, R-Miss., John Thune, R-S.D., Marsha Blackburn, R-Tenn., and Deb Fischer, R-Neb., introduced a new proposed federal privacy law that offers a new set of data rights and includes a data protection officer provision.
More
The U.S. Senate Committee on Commerce, Science, and Transportation will hold a hearing Sept. 23 titled "Revisiting the Need for Federal Data Privacy Legislation."
More
The U.S. House of Representatives passed a bill calling for the National Institute of Standards and Technology and the Office of Management and Budget to devise guidance on how to properly increase cybersecurity for Internet-of-Things devices.
More
Federal Trade Commissioner Noah Phillips said the U.S. needs a federal privacy law, Axios reports.
More
District Judge Charles Kocoras in Chicago threw out a motion to dismiss IBM's case over Illinois' Biometric Information Privacy Act violations regarding the use of facial images from Flickr, Reuters reports.
More
New York Attorney General Letitia James announced her office reached a settlement with Dunkin' Donuts over the handling of its 2015 data breach of approximately 20,000 customers.
More
GUIDANCE
New resources are available from the Office of the Privacy Commissioner of Canada to help businesses manage breaches and follow requirements regarding the storage of personal data.
More
Ireland’s Data Protection Commission released a guide to help businesses with maintaining customer records for COVID-19 contact-tracing purposes, keeping personal data safe and navigating data protection obligations.
More
U.K. Information Commissioner's Office Director of Regulatory Assurance Ian Hulme introduced the ICO's Accountability Framework in a blog post.
More
