Free tools and resources for Data Protection Officers!

Tag Archives for " US "

California governor wants users to profit from online data

California Gov. Gavin Newsom says the state’s consumers should get a piece of the billions of dollars that technology companies make off the personal data they collect.

The new governor has asked aides to develop a proposal for a “data dividend” for California residents but provided no hints about whether he might be suggesting a tax on tech companies, an individual refund to their customers or something else.

Source: California governor wants users to profit from online data | The Sacramento Bee

FTC Decides Not to Modify CAN-SPAM Rule

On February 12, the Federal Trade Commission (“FTC”) announced that, after a review of the Controlling the Assault of Non-Solicited Pornography and Marketing Act (“CAN-SPAM”) Rule as part of its periodic review of its regulations, it has determined that the Rule does not need to be modified at this time.

Source: FTC Decides Not to Modify CAN-SPAM Rule

How to comply with both the GDPR and the CLOUD Act

U.S. CLOUD Act’s compatibility with the EU General Data Protection Regulation is still an open question.

With regard to data transfer to third countries for which such transfer is subject to the GDPR, Articles 44 to 50 of the GDPR apply. In particular, Article 48 of the GDPR comes into play when EU data is being requested by a U.S. law enforcement agency.

Full article: How to comply with both the GDPR and the CLOUD Act

“Copycat CCPA” Bills Introduced in States Across Country

Privacy has been a hot topic for state legislatures in the first month of the year. Legislators in nine states have introduced draft bills that would impose broad obligations on businesses to provide consumers with transparency and control of personal data.

Source: “Copycat CCPA” Bills Introduced in States Across Country

USA Big Tech encouraged to adopt GDPR-style rules

The multinational tech conglomerate, Cisco Systems has urged tech companies in the US to embrace more regulation and to follow the example of the EU’s General Data Protection Regulation (GDPR).

The group’s chief legal and compliance officer, Mark Chandler, has said regulation is now due; his calls add volume to the demands being made on US politicians to increase scrutiny and power over tech companies, against a backdrop of increasing global awareness of the importance of data security.

Source: USA Big Tech encouraged to adopt GDPR-style rules

President Trump Signs Executive Order on Artificial Intelligence

President Trump signed an Executive Order (“EO”), “Maintaining American Leadership in Artificial Intelligence,” that launches a coordinated federal government strategy for Artificial Intelligence (the “AI Initiative”).

Among other things, the AI Initiative aims to solidify American leadership in AI by empowering federal agencies to drive breakthroughs in AI research and development (“R&D”) (including by making data computing resources available to the AI research community), to establish technological standards to support reliable and trustworthy systems that use AI, to provide guidance with respect to regulatory approaches, and to address issues related to the AI workforce.

Source: President Trump Signs Executive Order on Artificial Intelligence

How should we regulate facial-recognition technology?

The privacy concerns with facial-recognition technology are obvious: Nothing is more “personal” than one’s face.

So how is the processing of facial data regulated, whether such data is collected by a government agency as in China, or by a private entity like Apple or Facebook? And as facial-recognition technology use becomes more pervasive (as widely predicted), what restrictions are appropriate in the future?

Full article: How should we regulate facial-recognition technology?

How to comply with both the GDPR and the Cloud Act

On March 23, 2018, U.S. Congress enacted the Clarifying Lawful Overseas Use of Data Act, which had the immediate effect of mooting the ongoing U.S. v. Microsoft litigation.

A central issue of the case was whether a web based or cloud based telecommunications or data service provider, subject to U.S. jurisdiction, could avoid being required to provide stored electronic communications for which a search and seizure warrant had been served, when such stored electronic communications were stored on servers outside of the U.S.

The U.S. CLOUD Act amended the Stored Communications Act (SCA) of 1986, which was enacted to create Fourth Amendment-like privacy protection for email and other digital communication stored or held by internet service providers.

Full article: How to comply with both the GDPR and the Cloud Act

EU Data Protection Board not happy with EU-US Privacy Shield second review

On December 19, the EU Commission released its report on the second review of the EU-US Privacy Shield arrangement, the mechanism that allows for the transfer of data between the EU and the US. Overall, the Commission fins that the US authorities has taken steps to improve the functioning of the framework.

On January 24, the EU Data Protection Board gathering all EU data protection authorities announced that due to substantial shortcomings, the EU-US Privacy Shield risk could be struck down by the European Court of Justice later this year.

Source: EU-US Privacy Shield second review: “it’s mostly fine” says the Commission, “not really” replies the EU Data Protection Board

1 2 3 37
>