“With cloud computing, many fear losing control. True, supply chains may be complex … However, users can retain control in cloud computing—depending,” writes cloud computing expert Kuan Hon in this Privacy Tracker post. Using examples of the evolution of the EU Data Protection Directive and cases from the EU Court of Justice and the Danish Data Protection Agency, Hon outlines reasons the data export restriction and the “transfer to a third country” provisions are antiquated in today’s technological environment. “Nowadays, physically confining data to the EEA does not equate to or guarantee data protection. Yet vast amounts of time and resources are poured into compliance with the restriction, which could be better spent on improving information security,” Hon writes.
While much happened this week in privacy news; the NSA’s surveillance was deemed likely unconstitutional, consent was declared dead, the data broker industry was put on notice by a U.S. senator and the EDPS released its 2014 inventory, the news that hit home for us was that Peter Fleischer and two other Google executives were acquitted in Italy’s Supreme Court after an eight-year battle over whether they were legally responsible for content that users uploaded to Italy’s version of YouTube. Back in the day, the implications of this case were a little scary for privacy pros around the globe, and it seems now it’s finally over. Take a look at this and all the week’s developments in privacy law in this Privacy Tracker weekly roundup.
While U.S. regulators mull over the need for rules surrounding drone use by law enforcement, Montana’s new gun owner healthcare privacy law went into effect and California continues to shape privacy law moving toward a “presumption of harm” in breach cases, but one op-ed claims its “revenge porn” law doesn’t do enough. A Zimbabwean law established a central SIM card database, and Australia’s information commissioner has released a best practice guide for app developers. This weekly roundup offers information on all these issues and more, including what regulators had to say at both the IAPP Privacy Academy and the 35th International Conference of Data Protection and Privacy Commissioners.
The spate of state privacy laws—proposed and passed—continues in Louisiana, Massachusetts, New Jersey and Oregon. The Privacy Tracker reports on Louisiana’s new law to protect the identities of concealed-weapons permit holders, paralleling a number of other states in response to a map indicating the homes of gun owners published in NY last year. Massachusetts lawmakers are considering a bill that would protect student data in the cloud from third parties as it mulls participation in a Gates Foundation pilot program that aims to help schools simplify computer systems. And New Jersey and Oregon have seen movement on drone bills—with Oregon’s on its way to passage.
The U.S. Department of Justice and the FBI have said they don’t believe they need search warrants for access to Americans’ electronic communications, CNET reports. That’s according to internal documents obtained by the American Civil Liberties Union.