The Philippines is one step closer to getting a national ID system. In Chile, a rights group released a decree signed by the president that would require telecommunication companies to retain communications data for two years. Canada’s Ministry of Innovation, Science and Economic Development has released a draft data breach law. And in the U.S., the House of Representatives unanimously approved the SELF-DRIVE Act, Illinois’ Geolocation Privacy Act is awaiting the governor’s signature, and the Federal Trade Commission has settled with three companies for violating the EU-U.S. Privacy Shield. Read about all this and more in this week’s Privacy Tracker global legislative roundup. 

Editor's Note: This post has been updated to remove inaccurate information on a Finnish law.

LATEST NEWS

Last week, a Chilean rights group Derechos Digitales released a decree signed by President Michelle Bachelet that would require telecommunication companies to retain communications data for two years, the Huffington Post reports. In order to go into effect, the decree needs to gain the approval of the Comptroller General’s Office.
More

The Philippines House of Representatives has passed the National Identification System, issuing all citizens official ID cards, the Philippines Canadian Inquirer reports.
More

California’s Supreme Court has ruled that law enforcement agencies must make public license plate information acquired from automated license plate readers, Pasadena Weekly reports.
More

A California bill requiring telecommunications companies to get opt-in consent for sharing consumers’ personal data is running out of time, the Los Angeles Times reports.
More

ICYMI

Dentons' Timothy Banks, CIPP/C, CIPM, writes for Privacy Tracker about new draft Breach of Security Safeguard Regulations published by the Ministry of Innovation, Science and Economic Development Canada.
More

Ernst-Oliver Wilhelm, CIPP/E, CIPM, CIPT, FIP, writes for Privacy Tracker about the European Court of Human Rights’ Bărbulescu judgment on privacy and monitoring in the workplace.
More

In this installment of Privacy Tracker’s GDPR matchup series, Russell Nel, CIPP/US, CIPT, principal consultant at Privacy Consulting, compares South Africa’s Protection of Personal Information Act with the GDPR. 
More

In this white paper, IAPP Legal Extern Carissa Hanratty, CIPP/US, explores some of the jurisdictions in which personal liability exists for DPOs, with an appendix linking to the various legal texts.
More

As the privacy world eagerly awaits the Irish High Court's findings in what's known as Schrems 2.0, the IAPP has collected the testimony of the experts in the case. In this piece for Privacy Perspectives, IAPP VP of Research and Education Omer Tene introduces the gravity of the case and provides context for the hundreds of pages of testimony the IAPP has collected. 
More

US

The Federal Trade Commission announced three companies have agreed to settle charges related to misleading consumers about their participation in the EU-U.S. Privacy Shield agreement.
More

The Federal Trade Commission has announced computer manufacturer Lenovo agreed to settle charges it harmed consumers by pre-loading its devices with ad tech software that compromised users' privacy and security.
More

The U.S. House of Representatives unanimously approved the SELF-DRIVE Act to streamline rules governing self-driving cars, ArsTechnica reports. 
More

The Geolocation Privacy Protection Act has reached the desk of Illinois Governor Bruce Rauner, NBC Chicago reports. The bill would require internet companies to inform consumers what geolocation data they are collecting, the reasons for gathering the data, and the entities receiving the information.
More

EUROPE

At a meeting Thursday of the European Parliament's Civil Liberties Committee, MEPs discussed the current status of the agreement between the EU and Canada on the sharing of airline passenger name records.
More