In the U.S., Kentucky has become the 47th state to pass a breach notification bill and Wisconsin has passed a social media law and expanded the collection of DNA from arrested individuals. The U.S. House passed bipartisan legislation aiming to protect information held in vehicle event data recorders; the Canadian Senate is considering the Digital Privacy Act, offering new protection for consumers and increased powers for the federal privacy commissioner, and the Court of Justice of the EU invalidated the EU Data Retention Directive. In this week’s Privacy Tracker legislative roundup, read more about all these developments and also what the FTC v. Wyndham decision may, or may not, mean for the future of U.S. privacy regulation.
The Dutch Parliament has approved the use of drones for video surveillance, giving mayors the right to determine when the use is appropriate; meanwhile, in the U.S., Washington state’s governor vetoed a drone bill there, saying it doesn’t go far enough to protect privacy. This week’s Privacy Tracker legislative roundup offers information on Idaho’s new DNA privacy law, Utah’s new mobile device privacy law and clarification on TCPA issued by the Federal Communications Commission. Also learn about the one-million Euro fine Google will pay to Italian regulators and a suit in Canada seeking class-action status that claims the Communications Security Establishment Canada “has been violating the constitutional rights of millions of Canadians.”
Senators in Florida and Illinois are proposing bills to limit surveillance and police access to data; the Texas Court of Appeals has expanded cellphone privacy rights, and the Washington State Supreme Court has ruled citizens have the right to privacy in the text messages sent from their mobile devices. Meanwhile, the U.S. government has entered an agreement with Japan allowing the countries to share fingerprints of suspected terrorists to be matched against each other’s databases, and the U.S. Department of Justice is asking the Foreign Intelligence Surveillance Court for longer retention periods for certain data. Read about these developments and more in this week’s Privacy Tracker legislative roundup.
This week’s Privacy Tracker legislative roundup includes legislation introduced in both Missouri and Kansas aiming to protect electronic communications and data from government intrusion. This comes after an Arizona representative announced she will propose legislation to effectively ban the National Security Agency from that state. The roundup also includes news of Pennsylvania considering an expansion of its DNA collection to those arrested for felonies and misdemeanors that require registration as sex offenders and the release of a new draft of the Data Protection Bill in the Cayman Islands.
The Genetic Information Non-Discrimination Act of 2008 (GINA) regulates employers’ collection, use, safeguarding and disclosure of “genetic information,” making it a privacy statute—and one with which it is becoming increasingly difficult to comply, writes Philip Gordon. Social media posts celebrating a family member’s cancer remission or a son’s trip to the ER for asthma contain “genetic information” in the eyes of GINA, Gordon writes, adding, “Recent (Equal Employment Opportunity Commission) enforcement actions and private class-action filings as well as the increasing prevalence of personal social media in the workplace highlight the need for organizations to address, or revisit, their compliance with GINA.” Find out more about the EEOC’s implementing regulations and how to mitigate risk in your organization.
This week’s Privacy Tracker legislative roundup includes the IAPP’s coverage of the European Commission’s report critiquing the EU-U.S. Safe Harbor agreement and offering the U.S. 13 ways to save it, and insight from Eduardo Ustaran, CIPP/E, on the report. You’ll also find information on the United Nation’s approval of an unlawful surveillance resolution, why India may have to wait a little longer for a privacy law and South Africa’s new law. In the U.S., more regions are considering social media laws and DNA databases, and courts have decided cases relating to COPPA and consumer privacy.
The U.S. Supreme Court has ruled police can take DNA swabs from individuals upon arrest without warrant; an IAPP web conference indicates that while Latin American privacy laws have largely been based on European frameworks in order to facilitate business, their prescriptive nature on data breach disclosures and cross-border transfers may keep businesses away, and a look through headlines from the past week highlights concerns over the future of the proposed EU data protection regulation.