fbpx

Download free GDPR compliance checklist!

Tag Archives for " regulation "

EU Plans New Rules Giving Europeans More Control of Data

The European Union is laying out new standards for data giving Europeans more control over their personal information as it seeks to counter the power of U.S. and Chinese tech companies.

The EU’s executive Commission on Wednesday proposed new rules on the handling of data that would aim to give people, businesses and government bodies the confidence to share their information in a European data market.

The proposed legislation would would spell out how industrial and government data – normally off limits because of intellectual property rights, commercial confidentiality or privacy rights – could be shared to help society or boost the economy. The bloc’s strict privacy rules would still apply, with mechanisms in place to preserve confidentiality or anonymity.

Source: EU Plans New Rules Giving Europeans More Control of Data | SecurityWeek.Com

EU Parliament Approves Collective Redress Directive

On November 24, 2020, the European Parliament endorsed the new directive on representative actions for the protection of the collective interests of consumers.

The Collective Redress Directive requires all EU Member States to put in place at least one effective procedural mechanism allowing qualified entities to bring representative actions to court for the purpose of injunction or redress.

Source: EU Parliament Approves Collective Redress Directive

Congress Passes IoT Cybersecurity Improvement Act of 2020

The bipartisan Internet of Things (IoT) Cybersecurity Improvement Act of 2020 has passed the House and the Senate and is headed to the President’s desk for signature.

The bill would “harness the purchasing power of the federal government and incentivize companies to finally secure the [internet-connected] devices they create and sell.”

The IoT Cybersecurity Improvement Act will require the National Institute of Standards and Technology (“NIST”) to develop minimum cybersecurity standards for internet-connected devices purchased or used by the federal government.

Source: IoT Update: Congress Passes IoT Cybersecurity Improvement Act of 2020

Congress Is Eyeing Face Recognition, and Companies Want a Say

The lobbying surge coincides with the spread of local and state bans and restrictions on face recognition across the US, from Portland, Oregon, to Portland, Maine. Despite the sharp divisions and low productivity of Congress during the past four years, there’s bipartisan interest in restricting the technology in some way.

Several bills were introduced in both the Senate and House by lawmakers from both sides of the aisle in the past two years, including a recent Democratic proposal to halt federal use of the technology. Lobbying filings don’t reveal companies’ specific policy desires, but Amazon, Microsoft, and IBM have spoken in favor of restricting rather than banning the technology.

Source: Congress Is Eyeing Face Recognition, and Companies Want a Say | WIRED

UK-Japan deal dismantles UK’s privacy protections

UK quietly commits to weakening restrictions on data transfers by accepting lower privacy standards in new trade deal.

The recent UK-Japan deal negotiated by Elizabeth Truss commits the UK to weakening restrictions on data transfers by accepting lower privacy standards. These commitments are aligned with those in other trade agreements the government wishes to sign. Yet this strategy has never been voted on, analysed or even explained to parliament.

Source: UK-Japan deal dismantles UK’s privacy protections

Defining data protection standards could be a hot topic in state legislation in 2021

Some states could follow the New York Shield Act’s lead and set clearer regulatory expectations for reasonable cybersecurity. Election security legislation likely not on the agenda.

According to the National Conference of State Legislatures, at least 38 states, along with Washington, DC, and Puerto Rico introduced or considered more than 280 bills or resolutions that deal significantly with cybersecurity as of September 2020. Setting aside privacy and some grid security funding issues, there are two categories of cybersecurity legislative issues at the state level to watch during 2021. The first and most important is spelling out more clearly what organizations need to meet security and privacy regulations. The second is whether states will pick up election security legislation left over from the 2020 sessions.

Source: Defining data protection standards could be a hot topic in state legislation in 2021 | CSO Online

Australian government opens public consultation on changes to its Privacy Act

The Australian government has opened a consultation on potential changes to privacy legislation.

Following the Attorney-General’s announcement in December last year of a review of the Privacy Act 1988, the government is seeking feedback from the public on the “potential issues relevant to reform” outlined in a 68-question Issues Paper.

The Australian government adds that it will meet with stakeholders on specific issues and consider research and reports on privacy issues.

Source: Australian government opens public consultation on changes to its Privacy Act

Canadian privacy watchdog publishes recommendations on regulating use of AI

The Office of the Privacy Commissioner of Canada (the OPC) yesterday outlined recommendations for regulating the use of artificial intelligence, including a rights-based approach.

The recommendations include creating a right for a meaningful explanation of automated decisions, and a right of subjects to contest these decisions. It also wants to require organisations to design AI systems from their conception in a way that protects privacy. The OPC is also suggesting it receives powers to issue binding orders and financial penalties to ensure compliance.

Source: Canadian privacy watchdog publishes recommendations on regulating use of AI

California ballot initiative passes, significantly altering the California Consumer Privacy Act

The California Privacy Rights Act (CPRA) makes significant changes to the California Consumer Privacy Act (CCPA), which was originally passed by the California legislature in 2018. However, the CPRA does not take effect until January 1, 2023, giving businesses a bit more than two years to prepare.

The CPRA adds new obligations on both businesses and service providers, adds some important new definitions, and creates new liability risks, while clarifying some operationally difficult aspects of the CCPA. Importantly, it also mandates the creation of a new agency to enforce privacy violations, which should increase enforcement. Finally, the CPRA limits the ability of the legislature to amend the law.

Source: US: As expected, California ballot initiative passes, significantly altering the California Consumer Privacy Act

European Commission Publishes Draft of New Standard Contractual Clauses

On November 12, 2020, the European Commission published a draft implementing decision on standard contractual clauses for the transfer of personal data to third countries pursuant to the EU General Data Protection Regulation (GDPR), along with its draft set of new standard contractual clauses (SCC).

The SCCs are open for public consultation until December 10, 2020, and feedback may be submitted here. The adoption process for the SCCs requires an opinion of the European Data Protection Board and the European Data Protection Supervisor, and the positive vote of EU Member States through the comitology procedure. The final SCCs are expected to be adopted in early 2021.

Source: European Commission Publishes Draft of New Standard Contractual Clauses

>