Nigeria and Turkey are both considering government-proposed legislation that would require service providers to turn over to law enforcement customers’ data upon request—with fines, and possible jail time for executives, for noncompliance in Nigeria. In the U.S., senators are addressing breach response and online privacy concerns with bills of their own as the fallout continues from the Target and Neiman Marcus breaches as well as the Snowden revelations. And in Australia, the deadline for the Australian Privacy Principles looms large. The Privacy Tracker’s weekly legislative roundup covers all this and more.
This week’s Privacy Tracker legislative roundup includes the IAPP’s coverage of the European Commission’s report critiquing the EU-U.S. Safe Harbor agreement and offering the U.S. 13 ways to save it, and insight from Eduardo Ustaran, CIPP/E, on the report. You’ll also find information on the United Nation’s approval of an unlawful surveillance resolution, why India may have to wait a little longer for a privacy law and South Africa’s new law. In the U.S., more regions are considering social media laws and DNA databases, and courts have decided cases relating to COPPA and consumer privacy.
In the U.S., FTC v. Wyndham will decide whether the company’s “failure to safeguard personal information caused substantial consumer injury” and whether the FTC even has the authority to regulate data security; the GAO is pushing for comprehensive federal law governing the collection, use and sale of personal data by businesses, and Sen. Franken is calling for regulation over biometric data before the horse leaves the barn. In the EU, the debate over Safe Harbor continues, with Albrecht and Reding saying EU residents need to be able take data privacy complaints to U.S. courts. The Office of the Australian Information Commissioner (OAIC) has released the final set of Australian Privacy Principles that cover access to and correction of personal information, and in Canada learn about Alberta’s need to create a new Privacy Act and why Bill C-30 is back in the news. All this and more, in this week’s Privacy Tracker legislative roundup.
This week’s Privacy Tracker legislative roundup highlights changing privacy laws from the U.S. to Bahrain. Revisions to the U.S. Telephone Consumer Protection Act went into effect last week; the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs will vote today on amendments to the proposed regulation and directive—including one that would see U.S. companies seeking permission from EU officials before complying with government access requests to EU data, and the Bahrain cabinet has preliminarily approved a data protection law. Meanwhile, the UK Information Commissioner’s Office is considering jail time for breaches at the same time as justifying its fining practices.
A U.S. District Court cited the Stored Communications Act as protecting “friend-only” posts on Facebook; one expert questions whether the False Light Tort is still relevant, and Apple’s new fingerprint authentication could bring up interesting questions about invoking the Fifth Amendment when it comes to accessing biometrically protected data and devices. Plus, more on HIPAA, California’s leading role in privacy legislation, breach notification in the EU and Brazil’s struggle to pass a privacy law.
The U.S. Supreme Court has ruled police can take DNA swabs from individuals upon arrest without warrant; an IAPP web conference indicates that while Latin American privacy laws have largely been based on European frameworks in order to facilitate business, their prescriptive nature on data breach disclosures and cross-border transfers may keep businesses away, and a look through headlines from the past week highlights concerns over the future of the proposed EU data protection regulation.