fbpx

Download free GDPR compliance checklist!

Tag Archives for " regulation "

UK-Japan deal dismantles UK’s privacy protections

UK quietly commits to weakening restrictions on data transfers by accepting lower privacy standards in new trade deal.

The recent UK-Japan deal negotiated by Elizabeth Truss commits the UK to weakening restrictions on data transfers by accepting lower privacy standards. These commitments are aligned with those in other trade agreements the government wishes to sign. Yet this strategy has never been voted on, analysed or even explained to parliament.

Source: UK-Japan deal dismantles UK’s privacy protections

Defining data protection standards could be a hot topic in state legislation in 2021

Some states could follow the New York Shield Act’s lead and set clearer regulatory expectations for reasonable cybersecurity. Election security legislation likely not on the agenda.

According to the National Conference of State Legislatures, at least 38 states, along with Washington, DC, and Puerto Rico introduced or considered more than 280 bills or resolutions that deal significantly with cybersecurity as of September 2020. Setting aside privacy and some grid security funding issues, there are two categories of cybersecurity legislative issues at the state level to watch during 2021. The first and most important is spelling out more clearly what organizations need to meet security and privacy regulations. The second is whether states will pick up election security legislation left over from the 2020 sessions.

Source: Defining data protection standards could be a hot topic in state legislation in 2021 | CSO Online

Australian government opens public consultation on changes to its Privacy Act

The Australian government has opened a consultation on potential changes to privacy legislation.

Following the Attorney-General’s announcement in December last year of a review of the Privacy Act 1988, the government is seeking feedback from the public on the “potential issues relevant to reform” outlined in a 68-question Issues Paper.

The Australian government adds that it will meet with stakeholders on specific issues and consider research and reports on privacy issues.

Source: Australian government opens public consultation on changes to its Privacy Act

Canadian privacy watchdog publishes recommendations on regulating use of AI

The Office of the Privacy Commissioner of Canada (the OPC) yesterday outlined recommendations for regulating the use of artificial intelligence, including a rights-based approach.

The recommendations include creating a right for a meaningful explanation of automated decisions, and a right of subjects to contest these decisions. It also wants to require organisations to design AI systems from their conception in a way that protects privacy. The OPC is also suggesting it receives powers to issue binding orders and financial penalties to ensure compliance.

Source: Canadian privacy watchdog publishes recommendations on regulating use of AI

California ballot initiative passes, significantly altering the California Consumer Privacy Act

The California Privacy Rights Act (CPRA) makes significant changes to the California Consumer Privacy Act (CCPA), which was originally passed by the California legislature in 2018. However, the CPRA does not take effect until January 1, 2023, giving businesses a bit more than two years to prepare.

The CPRA adds new obligations on both businesses and service providers, adds some important new definitions, and creates new liability risks, while clarifying some operationally difficult aspects of the CCPA. Importantly, it also mandates the creation of a new agency to enforce privacy violations, which should increase enforcement. Finally, the CPRA limits the ability of the legislature to amend the law.

Source: US: As expected, California ballot initiative passes, significantly altering the California Consumer Privacy Act

European Commission Publishes Draft of New Standard Contractual Clauses

On November 12, 2020, the European Commission published a draft implementing decision on standard contractual clauses for the transfer of personal data to third countries pursuant to the EU General Data Protection Regulation (GDPR), along with its draft set of new standard contractual clauses (SCC).

The SCCs are open for public consultation until December 10, 2020, and feedback may be submitted here. The adoption process for the SCCs requires an opinion of the European Data Protection Board and the European Data Protection Supervisor, and the positive vote of EU Member States through the comitology procedure. The final SCCs are expected to be adopted in early 2021.

Source: European Commission Publishes Draft of New Standard Contractual Clauses

Rights Activists Slam EU Plan for Access to Encrypted Chats

Digital rights campaigners on Monday criticized a proposal by European Union governments that calls for communications companies to provide authorities with access to encrypted messages.

“Anyone who finds an open back door into my house can enter it, the same is true for back doors in software,” German Left party lawmaker Domscheit-Berg said. “The proposed EU regulation is an attack on the integrity of digital infrastructure and therefore very dangerous.”

Source: Rights Activists Slam EU Plan for Access to Encrypted Chats | SecurityWeek.Com

EU inches closer to ban on end-to-end encryption

The Council of the European Union appears to have a near-completed resolution that would propose a ban on the use of end-to-end encryption on off-the-shelf apps such as WhatsApp and Signal, according to a leaked document.

The memo, dated 6 November and addressed to representatives from EU member states, reveals that strong encryption remains a priority for lawmakers but that the availability of end-to-end encryption has made it overly difficult for law enforcement to conduct investigations.

Source: EU inches closer to ban on end-to-end encryption | IT PRO

Industry groups urge Europe to reject privacy proposal

Industry associations GSMA and ETNO called on European Union member states to reject a proposal for tightening rules on communication services metadata processing, warning the approach would impede innovation and development of Europe’s data economy.

The two organisations issued a joint statement after Germany proposed a change in EU’s ePrivacy Regulation to restrict the use of pseudonymised metadata in communication services.

Source: Industry groups urge Europe to reject privacy proposal – Mobile World Live

Zoom lied to users about end-to-end encryption for years, FTC says

Zoom has agreed to upgrade its security practices in a tentative settlement with the Federal Trade Commission, which alleges that Zoom lied to users for years by claiming it offered end-to-end encryption.

The FTC complaint says that Zoom claimed it offers end-to-end encryption in its June 2016 and July 2017 HIPAA compliance guides, which were intended for health-care industry users of the video conferencing service. Zoom also claimed it offered end-to-end encryption in a January 2019 white paper, in an April 2017 blog post, and in direct responses to inquiries from customers and potential customers, the complaint said.

Source: Zoom lied to users about end-to-end encryption for years, FTC says | Ars Technica

1 2 3 149
>