While much of the news was focused on the EU Data Protection Regulation this week, a few other things of note happened in the legal realm as well. For example, the EU Parliament adopted a resolution to suspend SWIFT based on allegations that the U.S. NSA had access to EU citizen’s bank data; the FTC reached a settlement with Aaron’s, Inc., over the company’s consumer spying regime, and in Ecuador there are concerns that a new penal code could violate citizens’ online privacy. These are just a few of the stories—in addition to information on the LIBE vote and the future of Safe Harbor and the EU regulation—in this week’s Privacy Tracker legislative roundup.
This week, read about California’s continued push towards privacy protections including Gov. Jerry Brown signing into law an amendment to the California Online Privacy Protection Act that requires websites to disclose in privacy policies how they react to Do-Not-Track signals, the passing of the “eraser law” and movement on a bill that would extend the employee social media law to public agencies. Meanwhile, a Minnesota court has determined the state is not responsible for an employee’s alleged inappropriate accessing of driver’s license records, and the Fourth U.S. Circuit Court of Appeals has ruled in favor of a former Virginia deputy sheriff saying his Facebook “Like” is protected by the First Amendment. Plus, read about legislative activity in the EU, Singapore, Australia and South Africa.
Westin Fellow Kelsey Finch analyses U.S. District Judge Lucy Koh’s decision that Google’s practice of intercepting e-mails to and from Gmail users may violate federal and California wiretap laws. Using a “narrow reading” of the federal wiretap law and a “broad reading” of the California law, Koh sent the majority of the case on to trial, “inviting close scrutiny of both … statutes in light of the latest technologies and business practices.” Finch writes, “As the tension between consumer protection and business innovation continues to loom large in the privacy world, decisions that attempt to bridge new technologies and old laws become more and more important.”
U.S. Courts and states have been taking things into their own hands in terms of privacy law these days, and this week is no exception. While recent cases have mainly tackled the Stored Communications Act, this week’s news highlights a court decision upending the way the Telephone Consumer Protection Act has been interpreted. California continues to push forward privacy bills, with the “eraser law” that would allow youths to erase misguided posts, and while industry and regulators clash on the EU data protection law’s timeline, France is pushing the EU to adopt a plan that would see non-EU tech firms regulated and taxed based on where their websites are used.
The California state Senate passed a bill that would require require certain website operators and online service providers to disclose whether they honor users’ “do not track” requests; a bill proposed to the Michigan Assembly could mean fines and jail time for law enforcement officers who track suspects using GPS without a warrant; Wisconsin is poised to be the ninth state this year to pass an employee social media privacy law, and, in Brazil, work is ongoing towards the nation’s first set of data protection and Internet governance laws—including a new amendment requiring data to be stored locally, which is raising concerns among U.S. tech companies.
In this week’s Privacy Tracker Global News Roundup, read about court decisions, hearings and proposals that may affect the future of privacy legislation in the U.S.; the declaration by the UK Information Commissioner’s Office that one town violated privacy law with its use of traffic cameras; China’s latest privacy rule, and a United Arab Emirates law that forbids photographing or videoing another individual without their permission.
Europe and Brazil are looking at possible changes to their data protection enforcement regimes. In the U.S., the Senate hearing discussing NSA surveillance practices indicated possible changes to the USA PATRIOT Act, California is considering a digital license plate bill, the New Jersey Supreme Court ruled warrants are needed for cell phone data and one report suggests the landscape for privacy class-actions may be changing.
TechNewsDaily says that, as part of the fallout from the NSA leak, there has been a “surge in proposed privacy legislation concerning devices and their growing monitoring capabilities.” In addition to the Texas e-mail law and action in Maine to restrict drone use; federal lawmakers are working toward vehicle and TV consumer privacy bills, and others are working to restrict government collection of data. Whether due to the NSA revelations or not, anti-surveillance does seem to be the latest trend in privacy law.
California has a heavy privacy legislative season on tap. Items on the agenda include a children’s privacy bill similar to COPPA; the Social Networking Privacy Act; the Right to Know Act—an update to the Shine the Light Act, and amendments to CalOPPA and the Song-Beverly Credit Card Act.
After unanimously passing both houses of the Texas state legislature, HB 2268 has landed on Gov. Rick Perry’s desk for enactment, Ars Technica reports. If signed, Texas would host the nation’s strongest e-mail privacy bill.