In this week’s Privacy Tracker global legislative roundup, a U.S. Senate committee discussed the need for a federal privacy law, while in Washington, a third version of the Washington Privacy Act has been introduced. In the U.K., YouTube faces a $3 billion lawsuit alleging it violates the EU General Data Protection Regulation by sending “addictive” programming to children under 13. And in Brazil, the Public Ministry of the Federal District and Territories filed the first lawsuit for alleged violations of the country’s General Data Protection Law.
LATEST NEWS
The U.S. Department of Health and Human Services’ Office for Civil Rights fined Premera Blue Cross $6.85 million over Health Insurance Portability and Accountability Act violations that led to a 2015 breach involving 10.4 million individuals.
More
The California Attorney General’s Office sent letters July 1 warning businesses of alleged California Consumer Privacy Act violations, targeting mainly businesses missing key privacy disclosures from their websites. AdExchanger reports on where enforcement currently stands.
More
Also in California, Gov. Gavin Newsom, D-Calif., signed a law that will force the Economic Development Department to stop mailing full Social Security numbers, putting people at risk of identity theft, CBS13 reports.
More
ICYMI
For Privacy Tracker, IAPP Senior Westin Research Fellow Müge Fazlioglu, CIPP/E, CIPP/US, analyzed the proposed U.S. Setting an American Framework to Ensure Data Access, Transparency, and Accountability Act and where the bill stands on some of the more divisive elements surrounding the federal privacy law debate.
More
Also, Fazlioglu and Sara Collins of Public Knowledge discussed with host Angelique Carson, CIPP/US, the U.S. SAFE DATA Act’s provisions and the Senate Committee’s hearing in this episode of The Privacy Advisor Podcast.
More
EUROPE
A $3 billion lawsuit against YouTube, filed on behalf of 5 million British children, alleges the company illegally sends “addictive” programming to children under the age of 13, a violation of the EU General Data Protection Regulation, Business Insider reports.
More
Switzerland’s Parliament voted to adopt revisions to the country’s Federal Act on Data Protection that will modernize the 28-year-old law to be more closely aligned with laws in the European Union.
More
US
A safe harbor rule is proposed in Indiana to help protect residents from cyberattacks.
More
LATIN AMERICA
Brazil’s Public Ministry of the Federal District and Territories filed the first lawsuit for alleged violations of the country’s General Data Protection Law against a computer company it alleges sold the personal information of 500,000 people.
More
A bill introduced in Brazil seeks to protect students’ privacy on remote-learning platforms by requiring the platforms to abide by provisions of the General Data Protection Law.
More
ENFORCEMENT
Colombia’s data protection authority, the Superintendencia de Industria y Comercio, fined Banco Popular 269,046,492 pesos for violating the right to deletion under the Personal Data Protection Law.
More
France’s data protection authority, the Commission nationale de l’informatique et des libertés, published guidance on the principles employers should follow when potentially collecting employee data to monitor COVID-19 symptoms or for contact-tracing purposes.
More
Lithuania’s data protection authority, the State Data Protection Inspectorate, released an FAQ on binding corporate rules, stating they can be used as a basis for companies to transfer personal data to third countries in accordance with the GDPR.
More
The U.K. Information Commissioner’s Office fined Digital Growth Experts Limited 60,000 GBP for sending more than 16,000 text messages touting products it claimed are “effective against coronavirus” without recipients’ consent, a violation of the Privacy and Electronic Communications Regulations 2003.
More
The U.S. Department of Health and Human Services’ Office for Civil Rights announced a $2.3 million fine against management company CHSPSC for violations stemming from a 2014 data breach that affected 6.1 million individuals.
More
The U.S. DHHS also announced Athens Orthopedic Clinic agreed to pay $1.5 million to settle violations of HIPAA Privacy and Security Rules.
More