In this Privacy Tracker weekly legislative roundup, read about the prospects of German advocacy groups getting the right to sue businesses, the status of the Philippines’ cybercrime law and proposals in the U.S. pushing for less data collection and more consumer protections. The Utah attorney general has stopped using administrative subpoenas for cellphone and Internet data, saying “writing yourself a note to go after that stuff without any check is too dangerous,” while the Senate looks at a bill that would mean law enforcement needs a judge’s order as well. Also, Orin Kerr has published an article supposing what a communication privacy act might look like if the U.S. scrapped ECPA and started from scratch, and there’s a handy interactive map outlining the status of social media privacy laws throughout the U.S.
Looking at the federal and state bills being introduced in the U.S., this Privacy Tracker weekly roundup reports on lawmakers’ efforts to get privacy-protecting laws on the books; however, FTC Commissioner Maureen Ohlhausen has called for legislators to look to existing laws, saying “We simply do not need new talk, new laws or new regulations.” Also take a look at new compliance hurdles for organizations in Canada and Australia as new laws are set to roll out in those countries. Also, in the EU, the LIBE has published amendments it would like to see in the Network and Information Security Directive.
In this week’s Privacy Tracker legislative roundup, see BakerHostetler’s year-in-review on international privacy laws and read about cases you may have missed while enjoying the holiday season. For example, a U.S. District Court has deemed a Florida drug-screening law unconstitutional; U.S. Magistrate Judge Laurel Beeler ruled in the Hulu privacy lawsuit that no proof of injury is needed for viewers to recover damages, and the U.S. Federal Trade Commission settled with Accretive Health over the company’s failure to protect consumer data. Also, read about the contradicting rulings over the NSA’s data collection practices.
Last year, U.S. Senate Commerce Committee Chairman Jay Rockefeller asked the Government Accountability Office (GAO) to investigate privacy issues pertaining to companies that collect, aggregate and sell personal information about consumers. In late November, the GAO publicly released the resulting report, “Information Resellers: Consumer Privacy Framework Needs to Reflect Changes in Technology and the Marketplace.” What did the GAO examine, and, in the short term, how might Congress respond to the GAO’s findings and, when they are published, Senator Rockefeller’s own scheduled report?
In the U.S., FTC v. Wyndham will decide whether the company’s “failure to safeguard personal information caused substantial consumer injury” and whether the FTC even has the authority to regulate data security; the GAO is pushing for comprehensive federal law governing the collection, use and sale of personal data by businesses, and Sen. Franken is calling for regulation over biometric data before the horse leaves the barn. In the EU, the debate over Safe Harbor continues, with Albrecht and Reding saying EU residents need to be able take data privacy complaints to U.S. courts. The Office of the Australian Information Commissioner (OAIC) has released the final set of Australian Privacy Principles that cover access to and correction of personal information, and in Canada learn about Alberta’s need to create a new Privacy Act and why Bill C-30 is back in the news. All this and more, in this week’s Privacy Tracker legislative roundup.
While much of the news was focused on the EU Data Protection Regulation this week, a few other things of note happened in the legal realm as well. For example, the EU Parliament adopted a resolution to suspend SWIFT based on allegations that the U.S. NSA had access to EU citizen’s bank data; the FTC reached a settlement with Aaron’s, Inc., over the company’s consumer spying regime, and in Ecuador there are concerns that a new penal code could violate citizens’ online privacy. These are just a few of the stories—in addition to information on the LIBE vote and the future of Safe Harbor and the EU regulation—in this week’s Privacy Tracker legislative roundup.
This week’s Privacy Tracker legislative roundup highlights changing privacy laws from the U.S. to Bahrain. Revisions to the U.S. Telephone Consumer Protection Act went into effect last week; the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs will vote today on amendments to the proposed regulation and directive—including one that would see U.S. companies seeking permission from EU officials before complying with government access requests to EU data, and the Bahrain cabinet has preliminarily approved a data protection law. Meanwhile, the UK Information Commissioner’s Office is considering jail time for breaches at the same time as justifying its fining practices.
Find out about Google’s push to get its e-mail scanning case dismissed, changes to the HIPAA final rule, the latest FTC settlement, updates on proposals in California and new laws in New Jersey and Illinois—and those are just the U.S. developments. In Europe, one MEP has expressed “major concern” regarding two data breach notification schemes proposed under the draft Network and Information Security Directive and the planned General Data Protection Regulation.
New challenges to a Utah surveillance law; an interesting turn of events in a case deciding whether government authorities can extract historical location data directly from telecommunications carriers without a search warrant; legislative initiatives related to FISA and the USA PATRIOT Act; questions about the future of Safe Harbor, and information on developments in Italy, France and Australia.