Free tools and resources for Data Protection Officers!

Category Archives for "Legislation"

Parliament of Australia passes consumer data right bill

The Parliament of Australia passed, on 1 August 2019, the Treasury Laws Amendment (Consumer Data Right) Bill 2019 (‘the Bill’), which amends the Competition and Consumer Act 2010, the Australian Information Commissioner Act 2010, and the Privacy Act 1988 (‘the Privacy Act’), to introduce a data portability right for consumers in the form of a consumer data right (‘CDR’).

In particular, the Bill, which currently applies to the banking sector and will soon apply to the energy and telecommunication sectors, allows individuals and businesses to access specified data related to them and held by businesses, as well as authorises secure access to this data by accredited third parties.

Source: Australia: Parliament passes consumer data right bill

CoE launches public consultation on human rights impact of algorithmic systems

The Steering Committee on Media and Information Society (CDMSI) of the Council of Europe has published draft recommendation on the human rights impacts of algorithmic systems  and invites comments from the public.

Draft recommendation outlines that private sector actors should actively engage in participatory processes with consumer associations and data protection authorities for the design, implementation and evaluation of their complaint mechanisms, including collective redress mechanisms.

In addition, private sector actors must adequately train the staff involved in the review of algorithmic systems on, among other things, applicable personal data protection and privacy standards.

Source: Have your say on the draft recommendation on the human rights impacts of algorithmic systems! – Newsroom

The ICO Updates Its Data Sharing Code of Practice

On 9 July 2019 the UK data protection authority (ICO) updated its Data Sharing Code of Practice (first published in 2011).

The Code is publicly available for consultation until 9 September 2019. Once finalised, the Code will become a statutory code of practice under the DPA. Non-compliance with the code will likely be considered non-compliance with data protection laws.

Source: The ICO Updates Its Data Sharing Code of Practice

Democratic senator introduces bill limiting use of voter data by political campaigns

Sen. Diane Feinstein (D-Calif.) introduced a bill on Wednesday that would limit the use of voter data by political campaigns.

The legislation is being touted as the first bill “directly responding to Cambridge Analytica,” the 2018 scandal that saw a right-wing political consulting firm use data on millions of American to target pro-Trump messaging at swing voters.

Source: Democratic senator introduces bill limiting use of voter data by political campaigns | TheHill

EDPS issues note on data transfers following Brexit

On 16 July 2019, the European Data Protection Supervisor (EDPS) issued an information note on international data transfers after Brexit. 

The Note highlights that if the EU and the UK sign the withdrawal agreement before 1 November 2019, the data flows to the UK will not be immediately affected.  EU data protection laws (including the GDPR, the Law Enforcement Directive (EU)2016/680 and the ePrivacy Directive) will apply until 31 December 2020, with a maximum extension until 31 December 2022. 

However, in the case of a “no-deal” Brexit, EU data protection laws would not apply in the UK and starting from 1 November 2019 personal data transfers from EU institutions to companies in the UK must comply with the international data transfer requirements under Chapter V of GDPR.

Read the Note.

Right to delete is coming to Australia

Shadow Assistant Treasurer Stephen Jones said his party secured a “breakthrough commitment” from the government that would see the Consumer Data Right (CDR) gain the ability have consumer information deleted.

This new legislation will give Australian consumers an “off switch” when it comes to data sharing. Off switch would mean that a consumer will have the power to determine when a company should no longer hold their data.

Source: Labor thinks the right to delete is coming for Australia’s CDR after winter break | ZDNet

Changes in ePrivacy Regulation regarding electronic communications and digital marketing

On 26 July 2019, at the level of the Council, the Finnish government has issued a revised (Council) proposal for the e-Privacy Regulation with some amendments concerning electronic communication content, data & metadata, and further processing of metadata. This proposal will be discussed during a next Council meeting on 9 September 2019.

The Proposal has introduced a limited number of amendments. Most notable:

  1. Article 6 is divided into four distinct provisions, in order to clarify their respective scope by scope of data (all data, content, metadata).
  2. Data can only be processed (i) for the duration necessary for the permitted purposes and (ii) if those purposes cannot be fulfilled by processing information that is made anonymous.
  3. Targeted advertising might not constitute direct marketing communications.

Source: EUROPE: e-Privacy Regulation – changes regarding electronic communications and digital marketing

India to approach the EU seeking ‘adequacy’ status with the GDPR

India will approach the European Union seeking ‘adequacy’ status with the General Data Protection Regulation once the country finalizes and passes its own Personal Data Protection Bill, two people familiar with the matter said.

The reciprocal recognition of data protection equivalency is expected to reduce the compliance burden and give the outsourcing and technology industry a leg up in attracting clients from Europe.

Source: Data privacy: India to approach the EU seeking ‘adequacy’ status with the GDPR, Technology News, ETtech

Moran Tees Up Data Privacy Bill As Senate Effort Splinters

A bipartisan pair of senators has drafted a data privacy bill that would give the Federal Trade Commission more enforcement tools, while pre-empting state laws.

Sens. Jerry Moran (R-Kan.) and Richard Blumenthal (D-Conn.) had been working with a group of other Senate Commerce, Science and Transportation Committee members to draft a bill, but that effort stalled in recent months. Moran said he and Blumenthal are now writing their own bill in a bid to see if they can attract the support of other lawmakers, as the August recess looms.

Source: Moran Tees Up Data Privacy Bill As Senate Effort Splinters

ICO Launches Public Consultation on New Data Sharing Code of Practice

On July 16, 2019, the UK’s Information Commissioner’s Office (ICO) released a new draft Data sharing code of practice, which provides practical guidance for organizations on how to share personal data in a manner that complies with data protection laws.

The draft Code focuses on the sharing of personal data between controllers, with a section referring to other ICO guidance on engaging processors. The draft Code reiterates a number of legal requirements from the GDPR and DPA, while also including good practice recommendations to encourage compliance.

Source: ICO Launches Public Consultation on New Data Sharing Code of Practice

1 2 3 116