In this week's Privacy Tracker global legislative roundup, the U.S. Federal Trade Commission held a public forum on its Advance Notice of Proposed Rulemaking on commercial surveillance and lax data security. The European Commission will introduce the Cyber Resilience Act soon. Indonesia is a step closer to passing its privacy bill. And Hong Kong companies were reminded to comply with China’s cross-border security assessment measures.

The latest

Privacy authorities from the G-7 countries recently held a two-day summit in Bonn, Germany, that focused on streamlining international data flows between member nations, The Wall Street Journal reports.

More

The Los Angeles Times Editorial Board wrote a piece opposing preemption in the proposed American Data Privacy and Protection Act.

More

Argentina's Data Protection Authority, the Agency of Access to Public Information, opened a public consultation on the draft bill to amend Law No. 25.326 on the Protection of Personal Data.

More

Enforcement

New Zealand’s Independent Police Conduct Authority and Office of the Privacy Commissioner published a joint report examining police photographing the public illegally. 

More

On a recent edition of Euractiv’s “The Tech Brief” podcast, journalist Luca Bertuzzi explored the topic of European data protection regulators stepping up their enforcement actions.

More

The Dutch Ministry of Justice and Security's Scientific Research and Documentation Center published a review of the implementation of the EU General Data Protection Regulation in the Netherlands.

More

The U.K. Information Commissioner’s Office issued an enforcement notice to the Department for International Trade and a practice recommendation to the Department for Business, Energy and Industrial Strategy for failing to comply with information requests.

More

Asia-Pacific

Salinger Privacy detailed how a loophole in Australia’s Privacy Act allowed for the collection of public school students’ fingerprints in New South Wales. 

More

Hong Kong’s DPA, the Office of the Privacy Commissioner for Personal Data, reminded covered entities to begin complying with the Cyberspace Administration of China's Security Assessment Measures on Cross-border Transfers of Data, which took effect Sept. 1.

More

Along with crafting an updated Personal Data Protection Bill, amending India’s IT Act 2000 may also be on the table, Money Control reports.

More

The Indonesian House of Representatives announced an agreement between the House Commission on Defense, Foreign and Information Affairs and the Ministry of Communication and Information to elevate the Personal Data Protection Bill to plenary meeting for immediate ratification into law. 

More

Europe

The European Consumer Organisation released an opinion paper on the EU-New Zealand Trade Agreement, highlighting strong safeguards for personal data under the deal.

More

Euractiv reports the European Commission will soon introduce the Cyber Resilience Act, which lays out cybersecurity requirements for connected devices.

More

Guidance

France’s DPA, the Commission nationale de l'informatique et des libertés, published guidance and best practices for use of authentication by digital token. 

More

The U.K. Information Commissioner’s Office published draft guidance for anonymization, pseudonymization and privacy-enhancing technologies.

More

ICYMI

The U.S. Federal Trade Commission's comment period for its Advance Notice of Proposed Rulemaking on commercial surveillance and lax data security practices is still more than a month away. IAPP Staff Writer Joe Duball recapped the highlights from a recent public forum ahead of the formal process beginning.

More

The California Legislature's 2022 session adjourned without extensions to exemptions for human resources and business-to-business data under the California Consumer Privacy Act. Baker McKenzie's Chair of Global Data Privacy and Security Business Unit Brian Hengesbaugh, CIPP/US, and Senior Associate Cristina Messerschmidt offer big-picture thoughts on the impacts of the provisions while providing a checklist of core tasks that require attention ahead of the CPRA effective date.

More