fbpx

Download free GDPR compliance checklist!

Tag Archives for " law "

Health experts call for the GDPR revision for cross-border health data sharing

Health experts are urging EU policymakers and legislators to review the EU’s legal data protection framework, the GDPR, which is hampering the sharing of pseudonymised health data outside the EU and the European Economic Area (EEA).

The report calls for adapting or expanding the existing legal framework to overcome challenges imposed by data protection regulations.

These guidelines by the European Data Protection Board recognise that, in the context of the current pandemic, the “public interest derogation” may be available for international data exchanges for research purposes. However, as health is a national competence, the multiple and conflicting national rules make health data sharing, both within and outside the EU/EEA, challenging.

Source: Health experts call for the GDPR revision for cross-border health data sharing – EURACTIV.com

Wyden proposes banning sale of personal data to ‘unfriendly’ governments

The proposal would treat Americans’ personal data with the same caution as powerful weaponry, using export-control laws to block its sale to countries marked as potential security threats.

The draft bill, which Wyden began circulating to lawmakers for discussion Thursday, would join a set of federal privacy proposals that would also restrict the sale of Americans’ personal information to U.S. companies, intelligence agencies and the police.

The move could disrupt the multibillion-dollar data-broker economy that seeks to monetize the digital footprints Americans leave behind every day — cellphone locations, browsing histories and credit card purchases that are gathered, bundled and sold for marketing and intelligence purposes without government regulation or oversight and without most people being aware of what information is being shared.

Source: Wyden proposes banning sale of personal data to ‘unfriendly’ governments – The Washington Post

EDPB Gives the Green Light to the Commission’s Draft UK Adequacy Decisions

On 13 April 2021, the European Data Protection Board (EDPB) adopted two Opinions on the draft UK adequacy decisions: (i) Opinion 14/2021 for transfers of personal data under the EU General Data Protection Regulation (GDPR); and (ii) Opinion 15/2021 for transfers of personal data under the Law Enforcement Directive (LED).

Whilst the Opinions have not yet been published, the EDPB has confirmed in a press release that it has identified “many aspects [of the UK data protection framework] to be essentially equivalent ” to the EU data protection framework.

Source: EDPB Gives the Green Light to the Commission’s Draft UK Adequacy Decisions

House fails to pass WPA but bill ‘remains alive’

The Washington state House of Representatives failed to advance the Washington Privacy Act Sunday, its last day to pass the bill this session, but its fate is not yet set in stone.

The chamber is still negotiating a compromise, and a representative of sponsor State Sen. Reuven Carlyle, D-Wash., said he believes “the bill remains alive through the end of the legislative session.”

If the WPA does not pass the House, this would be the third year in a row a version of the legislation — which aims to give consumers data rights, including the right to access, correct or delete data — has failed.

Source: House fails to pass WPA, bill sponsor says it ‘remains alive’

Surveillance exposes limits of transatlantic AI collaboration

The European Commission will propose legislation on artificial intelligence this month, and it has taken pains to emphasize that its priority is to strictly regulate what it deems “high-risk” uses. One example is the use of facial recognition technology in public places, which digital rights groups argue could enable widespread biometric surveillance. Commission President Ursula von der Leyen even hinted at banning such uses, saying the Commission “may need to go further” in regulating AI technologies “incompatible” with European human rights.

But Europe’s drive to put privacy front and center of its AI strategy could limit the scope of its collaboration with the U.S., which appears to be less concerned about surveillance. “The illegal use of personal data for facial recognition is not compatible with European fundamental rights and poses an issue for transatlantic cooperation on AI,” said Green MEP Alexandra Geese, who’s a member of the Parliament’s artificial intelligence committee.

Source: Clearview scandal exposes limits of transatlantic AI collaboration – POLITICO

Your ‘smart home’ is watching – and possibly sharing your data with the police

Smart-home devices like thermostats and fridges may be too smart for comfort – especially in a country with few laws preventing the sale of digital data to third parties.

This problem stems from the US government buying data from private companies, a practice increasingly unearthed in media investigations though still quite shrouded in secrecy. It’s relatively simple in a country like the United States without strong privacy laws: approach a third-party firm that sells databases of information on citizens, pay them for it and then use the data however deemed fit.

Full article: Your ‘smart home’ is watching – and possibly sharing your data with the police | Technology | The Guardian

From California to Brazil: GDPR has created recipe for the world

As Europe’s sweeping GDPR laws approach their third anniversary, other jurisdictions around the world are taking cues from it to develop their own frameworks.

The EU regulation (the General Data Protection Regulation) has helped put data protection front of mind for policymakers and businesses, especially with the specter of large fines.

Other jurisdictions can look at the GDPR for inspiration on what does and doesn’t work, though there are many nuances and European traits to consider that may not necessarily translate.

Full article: From California to Brazil: GDPR has created recipe for the world

Platforms, not regulators, are driving data privacy enforcement

Unlike GDPR or CCPA, the moves Google and Apple are about to make will cause immediate shockwaves the day they are implemented.

The intent of GDPR — to give users back more control over their personal data and ensure it’s not misused by hidden players in the digital advertising ecosystem — has resulted in a horribly confusing, annoying user experience in Europe.

Privacy activists believe regulators have failed to properly enforce the law at scale. In the U.S. the lack of federal privacy law has left the door wide open for Google and Apple to call the shots.

The privacy-led changes driven by platforms Apple and Google are all bite. Plus, they are binary — not open to interpretation. Naturally, that results in people questioning whether this biting behavior is fair and the underlying reasons are honest or have a double agenda

Full article: Platforms, not regulators, are driving data privacy enforcement

Software vendors would have to disclose breaches to U.S. government users under new order

A planned Biden administration executive order will require many software vendors to notify their federal government customers when the companies have a cybersecurity breach, according to a draft seen by Reuters.

A National Security Council spokeswoman said no decision has been made on the final content of the executive order. The order could be released as early as next week.

The proposed order would adopt measures long sought by security experts, including requiring multi-factor authentication and encryption of data inside federal agencies.

Source: Exclusive: Software vendors would have to disclose breaches to U.S. government users under new order: draft | Reuters

EU concludes the adequacy talks with South Korea

European Union and the Republic of Korea have successfully concluded the adequacy talks, finding that Korea’s data protection level is adequate to one of EU’s. Adequacy decision will mean free data flow between EU and Korea.

The European Commission will now proceed with launching the decision-making procedure with a view to having the adequacy decision adopted as soon as possible in the coming months.

This involves obtaining an opinion from the European Data Protection Board (EDPB) and the green light from a committee composed of representatives of the EU Member States.

Source: Personal Information Protection

1 2 3 140
>