French data protection authority the CNIL has received remote inspection abilities under a law passed last week, adding to the growth the agency has seen recently. In the U.S., the New Jersey Supreme Court has unanimously ruled that police wiretap warrants apply to phones in other states, and the Illinois Supreme Court has deemed its stringent eavesdropping law unconstitutional. In Hawaii and Kentucky, privacy bills have stalled out, and in Delaware, a lawmaker has proposed legislation that mimics California’s “eraser law.” Meanwhile, the Australian Privacy Principles continue to make headlines, and questions remain over the Philippines’ new cybercrime law. Read about these developments and more in this week’s Privacy Tracker roundup.
On Wednesday, the new Australian Privacy Principles (APPs), amendments to the Privacy Act of 1988(Cth), went into effect. The new rules apply to both government agencies and businesses, replacing the Information Privacy Principles (IPPs) that governed public agencies and the National Privacy Principles (NPPs) that governed businesses. In case this overhaul caught you off guard, we have a brief overview of the APPs’ major provisions and exceptions to help you navigate this new privacy regime.
While U.S. federal lawmakers struggle to find the right balance on data breach notification, state legislators are offering up bills to protect consumers from tracking through cellphones, smart meters and license plates, and one company is pushing back against Utah’s license-plate privacy law, saying it infringes on First Amendment rights. This Privacy Tracker weekly roundup covers all this and more, including the FTC, G29 and APEC announcement of a cross-border data transfer tool at the IAPP’s Global Privacy Summit last week and the Mexican DPA’s warning of an “abundance” of fines to come.
Senators in Florida and Illinois are proposing bills to limit surveillance and police access to data; the Texas Court of Appeals has expanded cellphone privacy rights, and the Washington State Supreme Court has ruled citizens have the right to privacy in the text messages sent from their mobile devices. Meanwhile, the U.S. government has entered an agreement with Japan allowing the countries to share fingerprints of suspected terrorists to be matched against each other’s databases, and the U.S. Department of Justice is asking the Foreign Intelligence Surveillance Court for longer retention periods for certain data. Read about these developments and more in this week’s Privacy Tracker legislative roundup.
In this Privacy Tracker weekly legislative roundup, read about the prospects of German advocacy groups getting the right to sue businesses, the status of the Philippines’ cybercrime law and proposals in the U.S. pushing for less data collection and more consumer protections. The Utah attorney general has stopped using administrative subpoenas for cellphone and Internet data, saying “writing yourself a note to go after that stuff without any check is too dangerous,” while the Senate looks at a bill that would mean law enforcement needs a judge’s order as well. Also, Orin Kerr has published an article supposing what a communication privacy act might look like if the U.S. scrapped ECPA and started from scratch, and there’s a handy interactive map outlining the status of social media privacy laws throughout the U.S.
Last year, U.S. Senate Commerce Committee Chairman Jay Rockefeller asked the Government Accountability Office (GAO) to investigate privacy issues pertaining to companies that collect, aggregate and sell personal information about consumers. In late November, the GAO publicly released the resulting report, “Information Resellers: Consumer Privacy Framework Needs to Reflect Changes in Technology and the Marketplace.” What did the GAO examine, and, in the short term, how might Congress respond to the GAO’s findings and, when they are published, Senator Rockefeller’s own scheduled report?
Last month, California passed a new amendment to the California Online Privacy Protection Act (CalOPPA) that requires companies that collect personal information from Californians to address how they respond to Do-Not-Track (DNT) signals from browsers in their online privacy policies.According to Stephanie Sharron and Emily Tabatabai, CIPP/US, the legislation “may raise as many questions as it answers,” because due to the lack of consensus from the W3C, “companies are required to disclose how they respond to a browser’s DNT signals, when there is no consensus on what the DNT signal means in the first place.” So what are companies to do? Find out about the options in this Privacy Tracker blog post.
This week’s Privacy Tracker legislative roundup highlights changing privacy laws from the U.S. to Bahrain. Revisions to the U.S. Telephone Consumer Protection Act went into effect last week; the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs will vote today on amendments to the proposed regulation and directive—including one that would see U.S. companies seeking permission from EU officials before complying with government access requests to EU data, and the Bahrain cabinet has preliminarily approved a data protection law. Meanwhile, the UK Information Commissioner’s Office is considering jail time for breaches at the same time as justifying its fining practices.
While U.S. regulators mull over the need for rules surrounding drone use by law enforcement, Montana’s new gun owner healthcare privacy law went into effect and California continues to shape privacy law moving toward a “presumption of harm” in breach cases, but one op-ed claims its “revenge porn” law doesn’t do enough. A Zimbabwean law established a central SIM card database, and Australia’s information commissioner has released a best practice guide for app developers. This weekly roundup offers information on all these issues and more, including what regulators had to say at both the IAPP Privacy Academy and the 35th International Conference of Data Protection and Privacy Commissioners.
Westin Fellow Kelsey Finch analyses U.S. District Judge Lucy Koh’s decision that Google’s practice of intercepting e-mails to and from Gmail users may violate federal and California wiretap laws. Using a “narrow reading” of the federal wiretap law and a “broad reading” of the California law, Koh sent the majority of the case on to trial, “inviting close scrutiny of both … statutes in light of the latest technologies and business practices.” Finch writes, “As the tension between consumer protection and business innovation continues to loom large in the privacy world, decisions that attempt to bridge new technologies and old laws become more and more important.”