In this Privacy Tracker weekly legislative roundup, read about the prospects of German advocacy groups getting the right to sue businesses, the status of the Philippines’ cybercrime law and proposals in the U.S. pushing for less data collection and more consumer protections. The Utah attorney general has stopped using administrative subpoenas for cellphone and Internet data, saying “writing yourself a note to go after that stuff without any check is too dangerous,” while the Senate looks at a bill that would mean law enforcement needs a judge’s order as well. Also, Orin Kerr has published an article supposing what a communication privacy act might look like if the U.S. scrapped ECPA and started from scratch, and there’s a handy interactive map outlining the status of social media privacy laws throughout the U.S.
Earlier this month, San Francisco City Attorney Dennis Herrera filed a complaint in California state court against MeetMe, Inc., the maker of a social networking app that, as the complaint puts it, is designed “to introduce users to new people and enable them to interact with strangers online and in person.” The complaint takes issue with one of the ways MeetMe encourages users to interact—by...
Nigeria and Turkey are both considering government-proposed legislation that would require service providers to turn over to law enforcement customers’ data upon request—with fines, and possible jail time for executives, for noncompliance in Nigeria. In the U.S., senators are addressing breach response and online privacy concerns with bills of their own as the fallout continues from the Target and Neiman Marcus breaches as well as the Snowden revelations. And in Australia, the deadline for the Australian Privacy Principles looms large. The Privacy Tracker’s weekly legislative roundup covers all this and more.
In the U.S., eight states have been in the news for movement on drone legislation. While most are fairly similar, bills in California and Utah put restrictions on use and retention of the data, and one of the two drone bills in front of the Georgia House focuses on a 100-foot “protected zone.” In Montana, a suicide review board has been given authorization to begin looking into the healthcare records of suicide victims in an attempt to lower the incidents in the state, causing some privacy concerns. And Maine has opted for a study instead of furthering a social media privacy bill. Read about these developments and more in this week’s Privacy Tracker legislative roundup.
This Privacy Tracker post from the Hogan Lovells privacy team explores the impact two proposed privacy laws would have on organizations that provide digital products and services to Brazilian consumers. The Marco Civil da Internet would establish data protection requirements and preserve net neutrality, and the Data Protection Bill would establish an EU-style framework for the processing of personal data. These laws have been in limbo for the past few years, but will the fallout from U.S. government surveillance practices be the inspiration Brazilian lawmakers need to pass provisions, including some that would restrict cross-border data transfers?
While industry leaders at the World Economic Forum in Davos, Switzerland, called for new rules surrounding data protection, the U.S. Supreme Court announced it will hear two cases involving warrantless searches by law enforcement of suspects’ cellphones. And, the U.S. Federal Trade Commission announced settlements with 12 companies over false claims of alignment with Safe Harbor rules. In this Privacy Tracker roundup, learn about these as well as bills being considered by U.S. state legislatures, how Obama’s NSA plans may affect EU law and more.
Looking at the federal and state bills being introduced in the U.S., this Privacy Tracker weekly roundup reports on lawmakers’ efforts to get privacy-protecting laws on the books; however, FTC Commissioner Maureen Ohlhausen has called for legislators to look to existing laws, saying “We simply do not need new talk, new laws or new regulations.” Also take a look at new compliance hurdles for organizations in Canada and Australia as new laws are set to roll out in those countries. Also, in the EU, the LIBE has published amendments it would like to see in the Network and Information Security Directive.
Shaun Brown of nNovation offers a detailed breakdown of the newly published regulations under Canada’s Anti-Spam Legislation (CASL) in this Privacy Tracker blog post. Implementation of CASL will come in three waves, the first of which, rules that apply to computer programs, is already in force. While many of the regulations mirror those pre-published in the draft released at this time last year, there are some changes, including new exceptions for closed platforms, limited-access accounts where organizations communicate directly with recipients, messages targeted at foreign persons and fundraising by charities and political parties.
While states don’t have the authority to shut down National Security Agency surveillance, many state lawmakers are doing their best to enact legislation that will put limits on state and local law enforcement’s abilities. From cellphone location data to drones, online browsing to license-plate scanning, coast to coast and left to right, state lawmakers are proposing anti-surveillance laws. This Privacy Tracker roundup offers a glimpse of what’s coming down the pike.
In the past year, legislative trends in workplace privacy have steadily been moving in “a direction that favors employee privacy,” writes Philip Gordon of Littler Mendelson in this Privacy Tracker blog post, and indications are that this shift will continue. Gordon sums up laws that went into effect as of January 1, including “ban-the-box” laws, employee social media laws and laws that limit the use of credit information for employment purposes and offers recommendations for employers on how to navigate these laws and the challenges of BYOD.