While U.S. federal lawmakers struggle to find the right balance on data breach notification, state legislators are offering up bills to protect consumers from tracking through cellphones, smart meters and license plates, and one company is pushing back against Utah’s license-plate privacy law, saying it infringes on First Amendment rights. This Privacy Tracker weekly roundup covers all this and more, including the FTC, G29 and APEC announcement of a cross-border data transfer tool at the IAPP’s Global Privacy Summit last week and the Mexican DPA’s warning of an “abundance” of fines to come.
In this Privacy Tracker weekly legislative roundup, read about the prospects of German advocacy groups getting the right to sue businesses, the status of the Philippines’ cybercrime law and proposals in the U.S. pushing for less data collection and more consumer protections. The Utah attorney general has stopped using administrative subpoenas for cellphone and Internet data, saying “writing yourself a note to go after that stuff without any check is too dangerous,” while the Senate looks at a bill that would mean law enforcement needs a judge’s order as well. Also, Orin Kerr has published an article supposing what a communication privacy act might look like if the U.S. scrapped ECPA and started from scratch, and there’s a handy interactive map outlining the status of social media privacy laws throughout the U.S.
While much of the news was focused on the EU Data Protection Regulation this week, a few other things of note happened in the legal realm as well. For example, the EU Parliament adopted a resolution to suspend SWIFT based on allegations that the U.S. NSA had access to EU citizen’s bank data; the FTC reached a settlement with Aaron’s, Inc., over the company’s consumer spying regime, and in Ecuador there are concerns that a new penal code could violate citizens’ online privacy. These are just a few of the stories—in addition to information on the LIBE vote and the future of Safe Harbor and the EU regulation—in this week’s Privacy Tracker legislative roundup.
The European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE) has scheduled votes on the reports on the revised data protection regulation and directive for Monday in Strasbourg. This post notes outlines the steps that come after Monday’s vote in order to create a new data protection law in the EU and offers insight into what EU privacy pros are saying about the likely outcome.
Last year, Fairfax County, Virginia, Public Schools discovered that the names, ID numbers, grades and other information for students in grades nine through 11 had been posted online. The school district was forced to go to federal court to get the website posting the information to remove it from the site. In the meantime, the private information of more than 2,000 students was available online...
While U.S. regulators mull over the need for rules surrounding drone use by law enforcement, Montana’s new gun owner healthcare privacy law went into effect and California continues to shape privacy law moving toward a “presumption of harm” in breach cases, but one op-ed claims its “revenge porn” law doesn’t do enough. A Zimbabwean law established a central SIM card database, and Australia’s information commissioner has released a best practice guide for app developers. This weekly roundup offers information on all these issues and more, including what regulators had to say at both the IAPP Privacy Academy and the 35th International Conference of Data Protection and Privacy Commissioners.
A U.S. District Court cited the Stored Communications Act as protecting “friend-only” posts on Facebook; one expert questions whether the False Light Tort is still relevant, and Apple’s new fingerprint authentication could bring up interesting questions about invoking the Fifth Amendment when it comes to accessing biometrically protected data and devices. Plus, more on HIPAA, California’s leading role in privacy legislation, breach notification in the EU and Brazil’s struggle to pass a privacy law.
Having first been tabled in August 2009, the Protection of Personal Information Bill (POPI) has taken just over four years to get to the point where it was passed by the South African National Assembly on 20 August. All that stands in the way of POPI becoming law is its translation into Afrikaans and the signature of South African President Jacob Zuma.
The lasting legacy of California’s SB 1386, more about the court case that has some questioning BYOD policies and congressional delays to reforming the Electronic Communications Privacy Act. Plus, read about key changes included in amendments to the Ukrainian privacy law and a contentious New Jersey bill that would allow warrantless cellphone searches.
New challenges to a Utah surveillance law; an interesting turn of events in a case deciding whether government authorities can extract historical location data directly from telecommunications carriers without a search warrant; legislative initiatives related to FISA and the USA PATRIOT Act; questions about the future of Safe Harbor, and information on developments in Italy, France and Australia.