fbpx

Download free GDPR compliance checklist!

Tag Archives for " regulation "

More US states are on track to pass data privacy laws in 2021

U.S. states are slowly embracing policies to ensure that digital companies protect their users—or at least introduce more transparency.

llinois led the way in 2008 with the Biometric Information Privacy Act, a law that lets Illinois residents sue companies that collect their biometric data (face scans, fingerprints, etc.) without their consent. After Europe passed the General Data Protection Regulation in 2016, which entitles people to obtain any data collected on them and have their records deleted, California decided to use it as a framework for its own law.

The original CCPA has now inspired several look-alike laws in other states, as momentum builds for state-level privacy legislation. 2021 could be the year that privacy laws become more pervasive across the country, helping Americans wrest back some of the aspects of their digital lives.

Source: These states are on track to pass data privacy laws in 2021

Russia to restrict processing of public data

Beginning March 1, 2021, Russia will impose restrictions on the processing of personal data publicly available on the internet and offline. The legislative changes are aimed at fighting the uncontrolled dissemination of personal information.

Under current law “On Personal Data” any data operator (the Russian equivalent of the term controller) may process personal data if the data subject made it publicly accessible or instructed another person to do so. There is no need to ground the processing on legitimate interests, the performance of a contract, data subject’s consent or other common lawful bases. When “Amendments to the Federal Law on Personal Data” No.519-ФЗ dated Dec. 30, 2020, goes into effect, this rule and the term publicly accessible data will disappear.

Source: Look but don’t touch — Russia to restrict processing of public data

Federal Constitutional Court: CJEU must clarify whether GDPR provides materiality threshold

The German Federal Constitutional Court has ruled the Court of Justice of the European Union needs to clarify if the EU General Data Protection Regulation provides for a materiality threshold for GDPR damage claims.

The Federal Constitutional Court’s decision overturns a judgment of the Goslar Local Court of Sept. 27, 2019, regarding the unlawful sending of an advertising email. The Local Court had held that the plaintiff had not suffered any compensable damage under Article 82 of the GDPR. The damage suffered by the plaintiff had not exceeded the materiality threshold in this matter.

The plaintiff subsequently filed a constitutional complaint with the Federal Constitutional Court, arguing the Local Court should have made a submission to the CJEU for a preliminary ruling under Article 267 of the Treaty of the European Union.

Source: Federal Constitutional Court: CJEU must clarify whether GDPR provides materiality threshold

European Commission Publishes Draft UK Data Transfer Adequacy Determination

On February 19, 2021, the European Commission published a draft data protection adequacy decision relating to the UK. If the draft decision is adopted, organizations in the EU will be able to continue to transfer personal data to organizations in the UK without restriction, and will not need to rely upon data transfer mechanisms, such as the EU Standard Contractual Clauses, to ensure an adequate level of protection.

Before the decision is formally adopted, the European Data Protection Board will issue a non-binding (although likely persuasive) opinion in relation to the decision. The European Parliament’s Committee on Civil Liberties also will issue a non-binding opinion in relation to the decision. The decision will be formally adopted after it has been approved by the EU Member States acting through the European Council.

Source: European Commission Publishes Draft UK Data Transfer Adequacy Determination | Privacy & Information Security Law Blog

Big Data Is Booming in the U.S., but Other Countries Are Making the Rules

Lawmakers and regulators in some of the world’s largest countries are ramping up enforcement of privacy laws, revising statutes or debating new rules. The upshot, executives and privacy experts say, is a vast expansion of protections for personal data and a fast-changing, potentially expensive landscape for companies that use such information to power the digital economy.

The frameworks aim to give consumers more control over their data as the coronavirus pandemic pushes more daily life online. Companies that break the rules could face fines or penalties—risks that may be difficult to anticipate. Privacy experts say such debates hinge on governments’ ability to protect citizens’ data from other governments—including the U.S.—or access data for security reasons.

Full article: Big Data Is Booming in the U.S., but Other Countries Are Making the Rules

Aiming to Cash In on Data, European Firms Grapple With Privacy Laws

Companies in Europe want to share the personal data of consumers with other firms or turn it into business applications without violating privacy rules, but there is no consensus on how to avoid revealing such potentially sensitive information.

Privacy restrictions in the European Union’s 2018 General Data Protection Regulation initially caused companies to reconsider whether they could cash in on personal data collected on consumers. Now, some companies are finding ways to avoid revealing that data, including consumers’ identities.

Full article: Aiming to Cash In on Data, European Firms Grapple With Privacy Laws

EU ePrivacy Regulation takes a big leap forward to adoption

The Council of the EU has made a surprise announcement that it has approved its negotiating position on the ePrivacy Regulation (i.e. the successor to the ePrivacy Directive), which will further reform EU cookie consent and communications content and metadata rules in the EU.

The process now is that the ePrivacy Regulation will be negotiated in trilogue negotiations between the Council of the EU and the European Parliament, with the European Commission facilitating / brokering those negotiations.

Source: EU ePrivacy Regulation takes a big leap forward to adoption | Fieldfisher

Portugal proposes new text of ePrivacy Regulation

The Portuguese presidency of the EU has pitched a new text on the controversial ePrivacy regulation, focusing on the processing of communications metadata and data stored on end-user equipment.

The most important change the Portuguese Presidency has proposed is the re-introduction of the possibility to process electronic communications metadata and to use the processing and storage capabilities of the end-users’ terminal equipment, including collection of information for further compatible processing.

Source: Revealed: Portugal’s plans to conclude ePrivacy saga – EURACTIV.com

Virginia Set to Become Second US State to Pass a Comprehensive Privacy Law

The long wait to see if any state would join California in passing a comprehensive privacy law is finally coming to an end, as the Virginia Senate passed the Virginia Consumer Data Protection Act on February 3.

An identical version of the bill had already passed the Virginia House of Delegates on January 29, which means that reconciling the two versions of the bill before the February 11 deadline will likely be a mere formality. The bill will then be sent to the governor of Virginia for his signature. Should it be signed into law, the Virginia CDPA will go into effect on January 1, 2023, the same day as the California Privacy Rights Act (CPRA).

The CDPA borrows principles from the CPRA, the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR) but also differs from all three in key respects.

Source: Virginia Set to Become Second State to Pass a Comprehensive Privacy Law | WilmerHale

Washington State Introduces New Data Privacy Bill: The People’s Privacy Act

Washington state Rep. Shelley Kloba introduced a new data privacy bill, the People’s Privacy Act (HB 1433), to provide a people-focused, community-supported solution to the growing need to protect individual personal data both online and offline.

The bill covers corporations, government agencies, and organizations that meet a specific threshold for the number of individual records collected or the amount of their annual revenue.

Source: Washington State Rep. Shelley Kloba Introduces New Data Privacy Bill: The People’s Privacy Act | ACLU of Washington

1 2 3 153
>