In this week’s Privacy Tracker Global News Roundup, read about court decisions, hearings and proposals that may affect the future of privacy legislation in the U.S.; the declaration by the UK Information Commissioner’s Office that one town violated privacy law with its use of traffic cameras; China’s latest privacy rule, and a United Arab Emirates law that forbids photographing or videoing another individual without their permission.
Europe and Brazil are looking at possible changes to their data protection enforcement regimes. In the U.S., the Senate hearing discussing NSA surveillance practices indicated possible changes to the USA PATRIOT Act, California is considering a digital license plate bill, the New Jersey Supreme Court ruled warrants are needed for cell phone data and one report suggests the landscape for privacy class-actions may be changing.
Lawmakers recently released a draft of proposed legislation that would enact as law much of the Cybersecurity Framework from the National Institute of Standards and Technology.
A British Columbia, Canada, court has sided with patient privacy over the right to access, EU ministers are considering allowing states to determine their own fining regimes and Croatia has joined the EU meaning it will need to implement the directive.
The spate of state privacy laws—proposed and passed—continues in Louisiana, Massachusetts, New Jersey and Oregon. The Privacy Tracker reports on Louisiana’s new law to protect the identities of concealed-weapons permit holders, paralleling a number of other states in response to a map indicating the homes of gun owners published in NY last year. Massachusetts lawmakers are considering a bill that would protect student data in the cloud from third parties as it mulls participation in a Gates Foundation pilot program that aims to help schools simplify computer systems. And New Jersey and Oregon have seen movement on drone bills—with Oregon’s on its way to passage.
TechNewsDaily says that, as part of the fallout from the NSA leak, there has been a “surge in proposed privacy legislation concerning devices and their growing monitoring capabilities.” In addition to the Texas e-mail law and action in Maine to restrict drone use; federal lawmakers are working toward vehicle and TV consumer privacy bills, and others are working to restrict government collection of data. Whether due to the NSA revelations or not, anti-surveillance does seem to be the latest trend in privacy law.
Here’s something a bit unnerving: Life-saving and life-enhancing medical devices—pacemakers, patient monitors, and imaging scanners, for example—are vulnerable to hackers and malicious intrusions. Those vulnerabilities can, of course, have catastrophic impacts on patients who rely on those devices, but even patient fear of these vulnerabilities can have adverse repercussions.
The Council of the European Union has released a draft compromise text in response to the EC’s proposed data protection regulation, and EU Justice Ministers are considering granting EU institutions “a sweeping exemption” from the requirement that institutions employ a data protection officer and consult the EDPS.
The U.S. Supreme Court has ruled police can take DNA swabs from individuals upon arrest without warrant; an IAPP web conference indicates that while Latin American privacy laws have largely been based on European frameworks in order to facilitate business, their prescriptive nature on data breach disclosures and cross-border transfers may keep businesses away, and a look through headlines from the past week highlights concerns over the future of the proposed EU data protection regulation.
Privacy Commissioner Timothy Pilgrim has voiced support for mandatory breach legislation, CSO reports. Attorney-General Mark Dreyfus has announced the government will introduce legislation to take effect in March that will require companies to disclose data breaches.