“With cloud computing, many fear losing control. True, supply chains may be complex … However, users can retain control in cloud computing—depending,” writes cloud computing expert Kuan Hon in this Privacy Tracker post. Using examples of the evolution of the EU Data Protection Directive and cases from the EU Court of Justice and the Danish Data Protection Agency, Hon outlines reasons the data export restriction and the “transfer to a third country” provisions are antiquated in today’s technological environment. “Nowadays, physically confining data to the EEA does not equate to or guarantee data protection. Yet vast amounts of time and resources are poured into compliance with the restriction, which could be better spent on improving information security,” Hon writes.
In the U.S., Kentucky has become the 47th state to pass a breach notification bill and Wisconsin has passed a social media law and expanded the collection of DNA from arrested individuals. The U.S. House passed bipartisan legislation aiming to protect information held in vehicle event data recorders; the Canadian Senate is considering the Digital Privacy Act, offering new protection for consumers and increased powers for the federal privacy commissioner, and the Court of Justice of the EU invalidated the EU Data Retention Directive. In this week’s Privacy Tracker legislative roundup, read more about all these developments and also what the FTC v. Wyndham decision may, or may not, mean for the future of U.S. privacy regulation.
Privacy laws are being considered in nations across the globe, and this week’s Privacy Tracker legislative roundup has updates on many of them. Brazil’s Chamber of Deputies has passed the Internet bill of rights—without its controversial local data storage provision; India has exempted government intelligence agencies from its draft law; Australia’s Senate is looking at a mandatory breach notification bill, and in Ireland, a bill intending to give adopted children identity rights is raising questions over parental privacy rights. In the U.S., Sen. Al Franken (D-MN) has proposed an updated version of his location privacy bill, and states continue to discuss issues surrounding student privacy and breach notification, among others.
With the Australian Privacy Principles in effect, the data protection regulation vote in the European Parliament and the announcement of the announcement of the G29 and APEC announcing a joint agreement aiming to aid companies in achieving compliance with global data transfers, it’s been a busy couple of weeks. Privacy Tracker has the information you need on the latest action, plus updates to U.S. state and federal initiatives and some opinions on where privacy law is headed. Looking forward to March Madness? U.S. Rep. Jared Polis (D-CO) is hoping that Congress is, too, and that his latest plea will help get support for the E-mail Privacy Act.
EU Justice Commissioner Viviane Reding says the vote makes EU data protection reform “irreversible”
The European Parliament voted Wednesday with overwhelming support for the proposed European General Data Protection Regulation. The procedural move ensures that the regulation, which has been in legislative process for more than two years, stays on the table, even after this May’s parliamentary...
With an uptick in inspections, 43 formal compliance notices and a record fine against Google for noncompliance with the French Data Protection Act, the French data protection authority, the CNIL, is asserting itself in the international data protection scene. In this Privacy Tracker post, Olivier Proust of Field Fisher Waterhouse offers concrete examples of the CNIL’s growth, resourcefulness and experience, noting, “companies should pay close attention to the actions of the CNIL as it becomes a more powerful authority in France and within the European Union.”
In the U.S., eight states have been in the news for movement on drone legislation. While most are fairly similar, bills in California and Utah put restrictions on use and retention of the data, and one of the two drone bills in front of the Georgia House focuses on a 100-foot “protected zone.” In Montana, a suicide review board has been given authorization to begin looking into the healthcare records of suicide victims in an attempt to lower the incidents in the state, causing some privacy concerns. And Maine has opted for a study instead of furthering a social media privacy bill. Read about these developments and more in this week’s Privacy Tracker legislative roundup.
While industry leaders at the World Economic Forum in Davos, Switzerland, called for new rules surrounding data protection, the U.S. Supreme Court announced it will hear two cases involving warrantless searches by law enforcement of suspects’ cellphones. And, the U.S. Federal Trade Commission announced settlements with 12 companies over false claims of alignment with Safe Harbor rules. In this Privacy Tracker roundup, learn about these as well as bills being considered by U.S. state legislatures, how Obama’s NSA plans may affect EU law and more.
Looking at the federal and state bills being introduced in the U.S., this Privacy Tracker weekly roundup reports on lawmakers’ efforts to get privacy-protecting laws on the books; however, FTC Commissioner Maureen Ohlhausen has called for legislators to look to existing laws, saying “We simply do not need new talk, new laws or new regulations.” Also take a look at new compliance hurdles for organizations in Canada and Australia as new laws are set to roll out in those countries. Also, in the EU, the LIBE has published amendments it would like to see in the Network and Information Security Directive.
While much happened this week in privacy news; the NSA’s surveillance was deemed likely unconstitutional, consent was declared dead, the data broker industry was put on notice by a U.S. senator and the EDPS released its 2014 inventory, the news that hit home for us was that Peter Fleischer and two other Google executives were acquitted in Italy’s Supreme Court after an eight-year battle over whether they were legally responsible for content that users uploaded to Italy’s version of YouTube. Back in the day, the implications of this case were a little scary for privacy pros around the globe, and it seems now it’s finally over. Take a look at this and all the week’s developments in privacy law in this Privacy Tracker weekly roundup.