fbpx

Download free GDPR compliance checklist!

Category Archives for "Legislation"

More US states are on track to pass data privacy laws in 2021

U.S. states are slowly embracing policies to ensure that digital companies protect their users—or at least introduce more transparency.

llinois led the way in 2008 with the Biometric Information Privacy Act, a law that lets Illinois residents sue companies that collect their biometric data (face scans, fingerprints, etc.) without their consent. After Europe passed the General Data Protection Regulation in 2016, which entitles people to obtain any data collected on them and have their records deleted, California decided to use it as a framework for its own law.

The original CCPA has now inspired several look-alike laws in other states, as momentum builds for state-level privacy legislation. 2021 could be the year that privacy laws become more pervasive across the country, helping Americans wrest back some of the aspects of their digital lives.

Source: These states are on track to pass data privacy laws in 2021

Russia to restrict processing of public data

Beginning March 1, 2021, Russia will impose restrictions on the processing of personal data publicly available on the internet and offline. The legislative changes are aimed at fighting the uncontrolled dissemination of personal information.

Under current law “On Personal Data” any data operator (the Russian equivalent of the term controller) may process personal data if the data subject made it publicly accessible or instructed another person to do so. There is no need to ground the processing on legitimate interests, the performance of a contract, data subject’s consent or other common lawful bases. When “Amendments to the Federal Law on Personal Data” No.519-ФЗ dated Dec. 30, 2020, goes into effect, this rule and the term publicly accessible data will disappear.

Source: Look but don’t touch — Russia to restrict processing of public data

People file lawsuits to test boundaries of California’s privacy law

“It’s kind of like throwing spaghetti at the wall.” That’s how Jessica Lee, partner and co-chair of the privacy, security and data innovation practice group at law firm Loeb and Loeb, described the approach people have taken when filing lawsuits against companies under the California Consumer Privacy Act.

Many of the suits filed since the law went into effect Jan. 1, 2020, allege companies have failed to allow people to opt out from sale of their personal information or failed to disclose that the companies share people’s personal information with third parties, according to lawyers tracking CCPA lawsuits. Meanwhile, a spokesperson for California attorney general Xavier Becerra said the AG’s office has sent dozens of notices to companies demanding that they fix problems leading to noncompliance with the law.

Full article: People file lawsuits to test boundaries of California’s privacy law

European Commission Publishes Draft UK Data Transfer Adequacy Determination

On February 19, 2021, the European Commission published a draft data protection adequacy decision relating to the UK. If the draft decision is adopted, organizations in the EU will be able to continue to transfer personal data to organizations in the UK without restriction, and will not need to rely upon data transfer mechanisms, such as the EU Standard Contractual Clauses, to ensure an adequate level of protection.

Before the decision is formally adopted, the European Data Protection Board will issue a non-binding (although likely persuasive) opinion in relation to the decision. The European Parliament’s Committee on Civil Liberties also will issue a non-binding opinion in relation to the decision. The decision will be formally adopted after it has been approved by the EU Member States acting through the European Council.

Source: European Commission Publishes Draft UK Data Transfer Adequacy Determination | Privacy & Information Security Law Blog

EU Set to Publish UK Adequacy Decision

In a draft adequacy decision the European Commission is set to allow the continued free flow of data between the EU and UK, after confirming that the UK offers an adequate level of protection for personal data, pursuant to Article 45 of the General Data Protection Regulation (GDPR). The draft decision can be expected this week.

The decision, once adopted, will replace the current interim solution, agreed under the EU-UK Trade and Cooperation Agreement, which allows for companies and organisations to transfer personal data from the EU to the UK up until 30 June 2021.

Source: Brexit Updated: EU Set to Publish UK Adequacy Decision – Lexology

Big Data Is Booming in the U.S., but Other Countries Are Making the Rules

Lawmakers and regulators in some of the world’s largest countries are ramping up enforcement of privacy laws, revising statutes or debating new rules. The upshot, executives and privacy experts say, is a vast expansion of protections for personal data and a fast-changing, potentially expensive landscape for companies that use such information to power the digital economy.

The frameworks aim to give consumers more control over their data as the coronavirus pandemic pushes more daily life online. Companies that break the rules could face fines or penalties—risks that may be difficult to anticipate. Privacy experts say such debates hinge on governments’ ability to protect citizens’ data from other governments—including the U.S.—or access data for security reasons.

Full article: Big Data Is Booming in the U.S., but Other Countries Are Making the Rules

EU ePrivacy Regulation takes a big leap forward to adoption

The Council of the EU has made a surprise announcement that it has approved its negotiating position on the ePrivacy Regulation (i.e. the successor to the ePrivacy Directive), which will further reform EU cookie consent and communications content and metadata rules in the EU.

The process now is that the ePrivacy Regulation will be negotiated in trilogue negotiations between the Council of the EU and the European Parliament, with the European Commission facilitating / brokering those negotiations.

Source: EU ePrivacy Regulation takes a big leap forward to adoption | Fieldfisher

Portugal proposes new text of ePrivacy Regulation

The Portuguese presidency of the EU has pitched a new text on the controversial ePrivacy regulation, focusing on the processing of communications metadata and data stored on end-user equipment.

The most important change the Portuguese Presidency has proposed is the re-introduction of the possibility to process electronic communications metadata and to use the processing and storage capabilities of the end-users’ terminal equipment, including collection of information for further compatible processing.

Source: Revealed: Portugal’s plans to conclude ePrivacy saga – EURACTIV.com

Virginia Set to Become Second US State to Pass a Comprehensive Privacy Law

The long wait to see if any state would join California in passing a comprehensive privacy law is finally coming to an end, as the Virginia Senate passed the Virginia Consumer Data Protection Act on February 3.

An identical version of the bill had already passed the Virginia House of Delegates on January 29, which means that reconciling the two versions of the bill before the February 11 deadline will likely be a mere formality. The bill will then be sent to the governor of Virginia for his signature. Should it be signed into law, the Virginia CDPA will go into effect on January 1, 2023, the same day as the California Privacy Rights Act (CPRA).

The CDPA borrows principles from the CPRA, the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR) but also differs from all three in key respects.

Source: Virginia Set to Become Second State to Pass a Comprehensive Privacy Law | WilmerHale

Commission reveals details on future EU robotics policy

The European Commission aims to present a revision of the machinery directive in the second quarter this year, and it has recently been revealed that there are plans to tackle issues related to ‘human-robot’ collaboration, as well as improve the transparency of Artificial Intelligence algorithms in robots.

Moreover, the Commission will also look at the radio equipment directive, which covers communications transmitted by devices connected to the Internet of Things, in an attempt to bolster privacy protocols.

Source: Commission reveals details on future EU robotics policy  – EURACTIV.com

1 2 3 144
>