While many organizations within Australia work to implement the newly enacted Australian Privacy Principles (APPs), organizations outside the country may wonder in what way the new law affects their business practices. In this Privacy Tracker post, IAPP Westin Fellow Dennis Holmes outlines aspects of the APPs that non-Australian businesses, particularly service providers, may want to pay attention to, including the privacy commissioner’s interpretation of “carrying on business” that “departs from the traditional notion of that standard in Australian law.” Holmes notes that the newness of the APPs makes it unclear how they will be applied, but “companies must understand whether they are subject to liability under the new rules and take meaningful steps toward full compliance if so.”
French data protection authority the CNIL has received remote inspection abilities under a law passed last week, adding to the growth the agency has seen recently. In the U.S., the New Jersey Supreme Court has unanimously ruled that police wiretap warrants apply to phones in other states, and the Illinois Supreme Court has deemed its stringent eavesdropping law unconstitutional. In Hawaii and Kentucky, privacy bills have stalled out, and in Delaware, a lawmaker has proposed legislation that mimics California’s “eraser law.” Meanwhile, the Australian Privacy Principles continue to make headlines, and questions remain over the Philippines’ new cybercrime law. Read about these developments and more in this week’s Privacy Tracker roundup.
With the Australian Privacy Principles in effect, the data protection regulation vote in the European Parliament and the announcement of the announcement of the G29 and APEC announcing a joint agreement aiming to aid companies in achieving compliance with global data transfers, it’s been a busy couple of weeks. Privacy Tracker has the information you need on the latest action, plus updates to U.S. state and federal initiatives and some opinions on where privacy law is headed. Looking forward to March Madness? U.S. Rep. Jared Polis (D-CO) is hoping that Congress is, too, and that his latest plea will help get support for the E-mail Privacy Act.
On Wednesday, the new Australian Privacy Principles (APPs), amendments to the Privacy Act of 1988(Cth), went into effect. The new rules apply to both government agencies and businesses, replacing the Information Privacy Principles (IPPs) that governed public agencies and the National Privacy Principles (NPPs) that governed businesses. In case this overhaul caught you off guard, we have a brief overview of the APPs’ major provisions and exceptions to help you navigate this new privacy regime.
EU Justice Commissioner Viviane Reding says the vote makes EU data protection reform “irreversible”
The European Parliament voted Wednesday with overwhelming support for the proposed European General Data Protection Regulation. The procedural move ensures that the regulation, which has been in legislative process for more than two years, stays on the table, even after this May’s parliamentary...
Should telecommunications providers be able to use their subscribers’ behavioral information to sell advertising? And are rules stricter than the Personal Information Protection and Electronic Documents Act (PIPEDA) needed for telecoms? A complaint over Bell Canada’s practices brought before the Canadian Radio-television Telecommunications Commission (CRTC) may end up determining the answers to these questions. Timothy Banks of Dentons Canada LLP writes in this Privacy Tracker post that if the CRTC agrees with the Public Interest Advocacy Centre and the Consumers’ Association of Canada that “more detailed privacy rules are needed for telecommunications carriers … this could represent one of the most important developments in the evolution of privacy law in Canada since the enactment of PIPEDA.”
While U.S. federal lawmakers struggle to find the right balance on data breach notification, state legislators are offering up bills to protect consumers from tracking through cellphones, smart meters and license plates, and one company is pushing back against Utah’s license-plate privacy law, saying it infringes on First Amendment rights. This Privacy Tracker weekly roundup covers all this and more, including the FTC, G29 and APEC announcement of a cross-border data transfer tool at the IAPP’s Global Privacy Summit last week and the Mexican DPA’s warning of an “abundance” of fines to come.
With an uptick in inspections, 43 formal compliance notices and a record fine against Google for noncompliance with the French Data Protection Act, the French data protection authority, the CNIL, is asserting itself in the international data protection scene. In this Privacy Tracker post, Olivier Proust of Field Fisher Waterhouse offers concrete examples of the CNIL’s growth, resourcefulness and experience, noting, “companies should pay close attention to the actions of the CNIL as it becomes a more powerful authority in France and within the European Union.”
In this Privacy Tracker legislative roundup, read about privacy concerns related to Brazil’s proposed Internet privacy law and one Turkey’s president recently signed into law, and get some insight on complying with South Africa’s new law. In the U.S., states are moving along bills to prevent revenge porn in Illinois and protect readers’ privacy in New Jersey and student privacy in Wyoming and Kansas, among others. Also, the Massachusetts Supreme Court has determined that police need to get a warrant in order to collect cellphone location data over a period of time.
In this Privacy Tracker weekly legislative roundup, read about the prospects of German advocacy groups getting the right to sue businesses, the status of the Philippines’ cybercrime law and proposals in the U.S. pushing for less data collection and more consumer protections. The Utah attorney general has stopped using administrative subpoenas for cellphone and Internet data, saying “writing yourself a note to go after that stuff without any check is too dangerous,” while the Senate looks at a bill that would mean law enforcement needs a judge’s order as well. Also, Orin Kerr has published an article supposing what a communication privacy act might look like if the U.S. scrapped ECPA and started from scratch, and there’s a handy interactive map outlining the status of social media privacy laws throughout the U.S.