(Jul 31, 2015) Erick Iriarte of Iriarte & Asociados writes for Privacy Tracker about a new law decreed by Peru’s executive branch under delegated powers. The law requires telecommunications companies to collect and retain consumer geolocation data and make it available to law enforcement without a warrant. According to the decree, its purpose is to “regulate the access of the specialized unit of the National Police of Peru, in cases of flagrante delicto, to the location and geolocation of mobile phones or electronic devices of similar nature.” Iriarte outlines the main provisions of the law, noting its “worthy” intentions; however, he goes on to call it a law “with a dramatic effect but not effective” and asks how it will improve “the delayed coordination between the police, prosecutors and judges.” Read More

Privacy Tracker

EDPS Weighs In on Trilogue Negotiations

(Jul 27, 2015) Not long after the Article 29 Working Party (WP29) let their feelings be known on the trilogue negotiations about the future of the EU’s proposed General Data Protection Regulation (GDPR), the European Data Protection Supervisor (EDPS), itself a full member of the WP29, has done them one better. Not only has the EDPS weighed in with its opinion on how the final draft of the GDPR should read, it has also released a downloadable app that expresses its opinion alongside redlined drafts of the GDPR ... Read More

Privacy Tracker

Global News Roundup—July 20-27, 2015

(Jul 27, 2015) This week’s Privacy Tracker roundup highlights a controversial new antiterrorism law in Kuwait that would see mandatory DNA collection from all citizens, residents and visitors to the country. Also, Russia has passed a right-to-be-forgotten law, and Ireland is expected to pass a new law giving adopted individuals access to their birth certificates. In the U.S., another student privacy bill has been introduced while senators that have already proposed student privacy bills hope to work together to push a single bill forward. Also, there’s a new bill aiming to reform FISMA. The courts have also been busy deciding on Neiman Marcus, butt-dialing, a Florida healthcare privacy law and Facebook denying search warrants. Read More

Privacy Tracker

Neiman Marcus May Open the Floodgates for Breach Lawsuits

(Jul 24, 2015) Known for its leadership in law and economic analysis, with Chicago School giants Richard Posner and Frank Easterbrook as acting judges, the U.S. Court of Appeals for the Seventh Circuit is hardly known as sympathetic to class-action plaintiffs seeking compensation from business. That’s why Monday’s decision by a three-judge panel headed by Chief Judge Diane Wood should reverberate loudly and potentially for years to come. Overturning a decision by a federal district court, the Seventh Circuit h... Read More

Privacy Tracker

Canada’s Federal Breach Reporting Law—What we know and what we can expect

(Jul 21, 2015) While many of the recent amendments to Canada’s Personal Information Protection and Electronic Documents Act are in force, the new breach reporting and notification provisions are not yet. Timothy Banks, CIPP/C, writes for Privacy Tracker about what we know and what we can expect in terms of requirements for breach logs, reports and notifications under the new law. The information required to be included in reports to the Office of the Privacy Commissioner and individual notifications is expected to “be at least as comprehensive” as similar reporting obligations in Alberta, Banks notes. “What remains to be seen, however, is whether the government will ensure that the content of notifications remains harmonized to avoid the fractured approach in the United States,” he writes. Read More

Privacy Tracker

Global News Roundup—July 13-20, 2015

(Jul 20, 2015) In this week’s Privacy Tracker legislative roundup, read about Indonesia’s draft regulation on personal data protection; Malaysia’s consultation paper on draft standards for data security, retention and integrity, and a draft bill in Brazil that would require the retention of Internet users’ data for three years. In the U.S., a state lawmaker is seeking the expansion of Pennsylvania’s DNA-collection law, and a California bill that seeks to modernize state privacy laws as cleared a hurdle in the ... Read More

Privacy Tracker

Unravelling the Mysteries of the GDPR Trilogues

(Jul 14, 2015) In recent days, "trilogue" seems to be the buzz word on everyone's lips, following the adoption by the Council of Ministers of the European Union of the General Data Protection Regulation (GDPR) in a first reading on 11 June. But what exactly is a "trilogue"? What is the meaning of this obscure concept that only exists under European Union law? Following my previous article on the EU's ordinary legislative procedure, I will try through this article to unravel the mysteries of the trilogue by exp... Read More

Privacy Tracker

Global News Roundup—July 6-13, 2015

(Jul 13, 2015) This week’s Privacy Tracker roundup includes an announcement on Bermuda’s Personal Information Protection Act Draft Model as well as legislative developments in the U.S., including Delaware’s new Student Data Privacy Protection Act, continued discussion in New Mexico on drone legislation and a Pennsylvania judge’s opinion that the state’s wiretap law is not keeping up with technology. Plus, read about the requirements of complying with Canada’s Digital Privacy Act, one privacy commissioner’s cri... Read More

Privacy Tracker

Global News Roundup—June 29-July 6, 2015

(Jul 6, 2015) This week’s Privacy Tracker weekly legislative roundup includes a recent report on the Email Privacy Act in the U.S., which aims to update the Electronic Communications Privacy Act. Read about recent privacy law actions in the EU, including news from Bulgaria, Austria and France, and in the Asia-Pacific region, read about the Harmful Digital Communications Act in New Zealand and about a new inquiry from a parliamentary committee in New South Wales that is considering “the long-debated need for l... Read More

Privacy Tracker

Keeping Promises: Corporate Control Transactions Do Not Nullify Data Obligations

(Jul 1, 2015) The New York Times (NYT) sounded an alarm this week with respect to wholesale transfers of consumer data in the context of corporate mergers, acquisitions and bankruptcy transactions. The NYT's research demonstrates that regardless of the promises in a company’s privacy policy, when the company is up for sale all bets are off. The article looks at 100 of the most popular websites, finding that “of the 99 sites with English-language terms of service or privacy policies, 85 said they might transfe... Read More

Privacy Tracker, Westin Research Center