In the U.S., Kentucky has become the 47th state to pass a breach notification bill and Wisconsin has passed a social media law and expanded the collection of DNA from arrested individuals. The U.S. House passed bipartisan legislation aiming to protect information held in vehicle event data recorders; the Canadian Senate is considering the Digital Privacy Act, offering new protection for consumers and increased powers for the federal privacy commissioner, and the Court of Justice of the EU invalidated the EU Data Retention Directive. In this week’s Privacy Tracker legislative roundup, read more about all these developments and also what the FTC v. Wyndham decision may, or may not, mean for the future of U.S. privacy regulation.
The Dutch Parliament has approved the use of drones for video surveillance, giving mayors the right to determine when the use is appropriate; meanwhile, in the U.S., Washington state’s governor vetoed a drone bill there, saying it doesn’t go far enough to protect privacy. This week’s Privacy Tracker legislative roundup offers information on Idaho’s new DNA privacy law, Utah’s new mobile device privacy law and clarification on TCPA issued by the Federal Communications Commission. Also learn about the one-million Euro fine Google will pay to Italian regulators and a suit in Canada seeking class-action status that claims the Communications Security Establishment Canada “has been violating the constitutional rights of millions of Canadians.”
With the Australian Privacy Principles in effect, the data protection regulation vote in the European Parliament and the announcement of the announcement of the G29 and APEC announcing a joint agreement aiming to aid companies in achieving compliance with global data transfers, it’s been a busy couple of weeks. Privacy Tracker has the information you need on the latest action, plus updates to U.S. state and federal initiatives and some opinions on where privacy law is headed. Looking forward to March Madness? U.S. Rep. Jared Polis (D-CO) is hoping that Congress is, too, and that his latest plea will help get support for the E-mail Privacy Act.
The Supreme Court of Canada, in a unanimous ruling, has determined that the Alberta privacy law is unconstitutional and has given the province one year to amend it; A federal judge in Vermont has ruled there can be no expectation of privacy when it comes to data exposed online via a peer-to-peer file-sharing network, and the New Zealand Parliament has voted down a bill that would have given the privacy commissioner increased powers. Meanwhile, the FTC has asserted its power over parental-consent methods, Brazil is calling for a crackdown on government surveillance and Italy’s data protection authority and intelligence department have entered into a cooperation protocol. This week’s Privacy Tracker roundup has these stories and more.
In the U.S., guidelines and court rulings have offered insight on everything from drone use to workplace audio recordings, while, internationally, questions still loom about the future of Safe Harbor and national leaders have presented an Internet privacy resolution to the UN. Kazakhstan’s privacy law is scheduled to come into effect this month, and Indonesia is looking into consolidating its sectoral coverage into an overarching law. Also in this week’s roundup is analysis of India’s privacy bill, California’s spate of privacy laws and insight from the FTC and the New Jersey Attorney General’s Office on how to avoid the wrath of regulators.
This week’s Privacy Tracker legislative roundup highlights changing privacy laws from the U.S. to Bahrain. Revisions to the U.S. Telephone Consumer Protection Act went into effect last week; the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs will vote today on amendments to the proposed regulation and directive—including one that would see U.S. companies seeking permission from EU officials before complying with government access requests to EU data, and the Bahrain cabinet has preliminarily approved a data protection law. Meanwhile, the UK Information Commissioner’s Office is considering jail time for breaches at the same time as justifying its fining practices.
The California state Senate passed a bill that would require require certain website operators and online service providers to disclose whether they honor users’ “do not track” requests; a bill proposed to the Michigan Assembly could mean fines and jail time for law enforcement officers who track suspects using GPS without a warrant; Wisconsin is poised to be the ninth state this year to pass an employee social media privacy law, and, in Brazil, work is ongoing towards the nation’s first set of data protection and Internet governance laws—including a new amendment requiring data to be stored locally, which is raising concerns among U.S. tech companies.
The privacy news seems to have stirred up more legal questions than answers this week. With effective dates coming up for HIPAA in the U.S. and FOIA reforms in the UK, privacy pros are figuring out the new lay of the land. Court cases in the U.S. and France bring up e-mail privacy questions, both in and out of the workplace, and in the UK one court ruling may reveal a need for stronger data destruction policies. Lastly, an article from The New York Times questions the new trend of class-actions leaving plaintiffs empty-handed.
Europe and Brazil are looking at possible changes to their data protection enforcement regimes. In the U.S., the Senate hearing discussing NSA surveillance practices indicated possible changes to the USA PATRIOT Act, California is considering a digital license plate bill, the New Jersey Supreme Court ruled warrants are needed for cell phone data and one report suggests the landscape for privacy class-actions may be changing.