fbpx

Download free GDPR compliance checklist!

Tag Archives for " law "

UK-Japan deal dismantles UK’s privacy protections

UK quietly commits to weakening restrictions on data transfers by accepting lower privacy standards in new trade deal.

The recent UK-Japan deal negotiated by Elizabeth Truss commits the UK to weakening restrictions on data transfers by accepting lower privacy standards. These commitments are aligned with those in other trade agreements the government wishes to sign. Yet this strategy has never been voted on, analysed or even explained to parliament.

Source: UK-Japan deal dismantles UK’s privacy protections

Defining data protection standards could be a hot topic in state legislation in 2021

Some states could follow the New York Shield Act’s lead and set clearer regulatory expectations for reasonable cybersecurity. Election security legislation likely not on the agenda.

According to the National Conference of State Legislatures, at least 38 states, along with Washington, DC, and Puerto Rico introduced or considered more than 280 bills or resolutions that deal significantly with cybersecurity as of September 2020. Setting aside privacy and some grid security funding issues, there are two categories of cybersecurity legislative issues at the state level to watch during 2021. The first and most important is spelling out more clearly what organizations need to meet security and privacy regulations. The second is whether states will pick up election security legislation left over from the 2020 sessions.

Source: Defining data protection standards could be a hot topic in state legislation in 2021 | CSO Online

Australian government opens public consultation on changes to its Privacy Act

The Australian government has opened a consultation on potential changes to privacy legislation.

Following the Attorney-General’s announcement in December last year of a review of the Privacy Act 1988, the government is seeking feedback from the public on the “potential issues relevant to reform” outlined in a 68-question Issues Paper.

The Australian government adds that it will meet with stakeholders on specific issues and consider research and reports on privacy issues.

Source: Australian government opens public consultation on changes to its Privacy Act

California ballot initiative passes, significantly altering the California Consumer Privacy Act

The California Privacy Rights Act (CPRA) makes significant changes to the California Consumer Privacy Act (CCPA), which was originally passed by the California legislature in 2018. However, the CPRA does not take effect until January 1, 2023, giving businesses a bit more than two years to prepare.

The CPRA adds new obligations on both businesses and service providers, adds some important new definitions, and creates new liability risks, while clarifying some operationally difficult aspects of the CCPA. Importantly, it also mandates the creation of a new agency to enforce privacy violations, which should increase enforcement. Finally, the CPRA limits the ability of the legislature to amend the law.

Source: US: As expected, California ballot initiative passes, significantly altering the California Consumer Privacy Act

Rights Activists Slam EU Plan for Access to Encrypted Chats

Digital rights campaigners on Monday criticized a proposal by European Union governments that calls for communications companies to provide authorities with access to encrypted messages.

“Anyone who finds an open back door into my house can enter it, the same is true for back doors in software,” German Left party lawmaker Domscheit-Berg said. “The proposed EU regulation is an attack on the integrity of digital infrastructure and therefore very dangerous.”

Source: Rights Activists Slam EU Plan for Access to Encrypted Chats | SecurityWeek.Com

EU inches closer to ban on end-to-end encryption

The Council of the European Union appears to have a near-completed resolution that would propose a ban on the use of end-to-end encryption on off-the-shelf apps such as WhatsApp and Signal, according to a leaked document.

The memo, dated 6 November and addressed to representatives from EU member states, reveals that strong encryption remains a priority for lawmakers but that the availability of end-to-end encryption has made it overly difficult for law enforcement to conduct investigations.

Source: EU inches closer to ban on end-to-end encryption | IT PRO

Industry groups urge Europe to reject privacy proposal

Industry associations GSMA and ETNO called on European Union member states to reject a proposal for tightening rules on communication services metadata processing, warning the approach would impede innovation and development of Europe’s data economy.

The two organisations issued a joint statement after Germany proposed a change in EU’s ePrivacy Regulation to restrict the use of pseudonymised metadata in communication services.

Source: Industry groups urge Europe to reject privacy proposal – Mobile World Live

Zoom lied to users about end-to-end encryption for years, FTC says

Zoom has agreed to upgrade its security practices in a tentative settlement with the Federal Trade Commission, which alleges that Zoom lied to users for years by claiming it offered end-to-end encryption.

The FTC complaint says that Zoom claimed it offers end-to-end encryption in its June 2016 and July 2017 HIPAA compliance guides, which were intended for health-care industry users of the video conferencing service. Zoom also claimed it offered end-to-end encryption in a January 2019 white paper, in an April 2017 blog post, and in direct responses to inquiries from customers and potential customers, the complaint said.

Source: Zoom lied to users about end-to-end encryption for years, FTC says | Ars Technica

Canada crawling toward AI regulatory regime, but experts say reform is urgent

Alberta and B.C. privacy commissioners has no authority to levy fines against the any companies that violate Canadians’ personal information, an “incredible shortcoming of Canadian law that should really change,” B.C. information and privacy commissioner Michael McEvoy said in an email.

The revelation shines a light on the legal void around algorithmic technology. Despite its status as an artificial-intelligence hub, Canada has yet to develop a regulatory regime to deal with problems of privacy, discrimination and accountability to which AI systems are prone, prompting renewed calls for regulation from experts and businesses.

Source: Canada crawling toward AI regulatory regime, but experts say reform is urgent | The Star

Singapore updates 2012 Personal Data Protection Act

Singapore passed amendments to its Personal Data Protection Act (PDPA) on Tuesday, in the first comprehensive review of the Act since its 2012 enactment.

The updated Act aims to strengthen consumer trust through organisational accountability as well as enhance effectiveness of enforcement, consumer autonomy and data use for innovation. Ministers believe it will allow organisations to keep pace with technological changes, and position Singapore as a key player in the digital economy.

Source: Singapore updates 2012 Personal Data Protection Act – PrivSec Report

>