In this Privacy Tracker weekly legislative roundup, read about the prospects of German advocacy groups getting the right to sue businesses, the status of the Philippines’ cybercrime law and proposals in the U.S. pushing for less data collection and more consumer protections. The Utah attorney general has stopped using administrative subpoenas for cellphone and Internet data, saying “writing yourself a note to go after that stuff without any check is too dangerous,” while the Senate looks at a bill that would mean law enforcement needs a judge’s order as well. Also, Orin Kerr has published an article supposing what a communication privacy act might look like if the U.S. scrapped ECPA and started from scratch, and there’s a handy interactive map outlining the status of social media privacy laws throughout the U.S.
While much of the news was focused on the EU Data Protection Regulation this week, a few other things of note happened in the legal realm as well. For example, the EU Parliament adopted a resolution to suspend SWIFT based on allegations that the U.S. NSA had access to EU citizen’s bank data; the FTC reached a settlement with Aaron’s, Inc., over the company’s consumer spying regime, and in Ecuador there are concerns that a new penal code could violate citizens’ online privacy. These are just a few of the stories—in addition to information on the LIBE vote and the future of Safe Harbor and the EU regulation—in this week’s Privacy Tracker legislative roundup.
Since the revelation of the NSA’s mass e-surveillance program in June, and in conjunction with the progress of the new General Data Protection Regulation (GDPR) in Brussels, European institutions have been actively reconsidering the terms on which personal data is permitted to cross European borders. One proposal, which has raised a ripple effect of concern through the industry, includes...
New challenges to a Utah surveillance law; an interesting turn of events in a case deciding whether government authorities can extract historical location data directly from telecommunications carriers without a search warrant; legislative initiatives related to FISA and the USA PATRIOT Act; questions about the future of Safe Harbor, and information on developments in Italy, France and Australia.
Safe Harbor is in danger. Organizations that have certified under Safe Harbor should closely monitor the EU’s legislative process and the TTIP for indications about Safe Harbor’s future. And they should give careful thought to contingency plans for handling the personal data of EU data subjects.
Europe and Brazil are looking at possible changes to their data protection enforcement regimes. In the U.S., the Senate hearing discussing NSA surveillance practices indicated possible changes to the USA PATRIOT Act, California is considering a digital license plate bill, the New Jersey Supreme Court ruled warrants are needed for cell phone data and one report suggests the landscape for privacy class-actions may be changing.
In an apparent effort to encourage consumer engagement in the e-commerce market and establish baseline security standards, the Chinese government has in the past several months released laws, regulations and guidelines focused on privacy and security issues. In this post, we briefly summarize some of the notable takeaways from these initiatives.