Download free GDPR compliance checklist!

Category Archives for "Legislation"

On data protection, the UK says it will go it alone. It probably won’t.

The Prime Minister listed data protection as an area that the UK could legislate on following Brexit – but diverging from European Union rules on privacy would only complicate things.

Currently, the UK’s data privacy legislation adheres closely to the General Data Protection Regulation (GDPR), the rules that were rolled out across all European Union member states in May 2018.

Not only would deciding to scrap GDPR go against what people are used to, it would also make it difficult for UK businesses to offer their services to Europe in future.

Source: On data protection, the UK says it will go it alone. It probably won’t. | ZDNet

2020 Global Legislative Predictions

This year’s report on privacy and data protection regulation includes contributions from IAPP members all over the world outlining their predictions and hopes for the upcoming year.

Almost all countries featured in this report are expecting increased regulation and enforcement this year and, as a result, are increasing their workforce accordingly. Facial recognition is a hot topic in a number of countries, with some calling for a ban, while others embrace the technology. And, in the U.S., there is still talk of a federal privacy law.

Access report: White Paper – 2020 Global Legislative Predictions

A New U.S. Model for Privacy? Comparing the Washington Privacy Act to GDPR, CCPA, and More

In Washington State, a new comprehensive privacy law is moving quickly. If approved, it will reach the House, which is currently considering (and amending) an almost identical companion bill. The deadline for the bill to be voted on by both Senate and House (including, if applicable, resolving any differences) is March 12, 2020.

FPF has created the following charts to compare key elements of the current California Consumer Privacy Act (CCPA); the upcoming 2020 California Ballot Initiative (CPRA); the EU General Data Protection Regulation (GDPR); the WPA of 2019 (Senate Bill 5376); and the WPA of 2020 (Substitute Senate Bill 6281).

The following charts take into account the following key features of all laws: (1) jurisdictional scope; (2) definitions and structure; (3) pseudonymous data; (4) individual rights; (5) obligations on companies; (6) facial recognition provisions; and (7) preemption and enforcement.

Read full article: A New U.S. Model for Privacy? Comparing the Washington Privacy Act to GDPR, CCPA, and More

California lawmaker introduces genetic privacy bill

A proposed California law would prohibit DNA testing companies like Ancestry and 23andMe from sharing customer DNA information with outside parties without their consent.

The California Consumer Privacy Act already protects consumer DNA information by requiring companies to disclose to the consumer what information is being collected and the purpose for which it will be used, as well as the right to opt out of the sale of that information to a third party.

Source: CA bill bars DNA test companies from secretly sharing data | The Sacramento Bee

Washington Privacy Act comes under review

The US now has the California Consumer Privacy Act (CCPA) in force and American citizens can expect to see other states take up similar laws through 2020.

In 2019, Washington State introduced the Washington Privacy Act (WPA), which passed in the US Senate, but did not pass in the House during the 2019 legislative session. This month, a bipartisan group of legislators introduced an updated version of the WPA.

If enacted, the WPA has the potential to surpass the CCPA to become the most comprehensive U.S. privacy law to date. Below is our summary of its key concepts.

Source: #Privacy: Washington Privacy Act comes under review

Ad Groups Want California To Hold Off Enforcing Privacy Law

The ad industry now says businesses need additional time to comply with the rules. A set of draft regulations was issued by Attorney General Xavier Becerra in October.

The groups add that the draft rules “presented significant new and unprecedented requirements” for businesses. That group says enforcement shouldn’t begin until 2022.

Source: Ad Groups Want California To Hold Off Enforcing Privacy Law 01/30/2020

EU seeks ‘clear criteria’ for use of biometric AI on mass scale

There should be “clear criteria” in the future mass-scale rollout of Biometric Identification Systems in the EU, a recently leaked draft of the EU’s Artificial Intelligence strategy reveals.

The document, an update on an earlier leaked version, has also scrapped the idea of a temporary ban on facial recognition technologies in public spaces.

The document notes that the lack of information about the use of biometric identification systems prohibits the Commission from making a broad analysis of the implications of this technology, which analyses a person’s physical features for computational purposes.

Source: EU seeks ‘clear criteria’ for use of biometric AI on mass scale – EURACTIV.com

Sen. Graham Draft Bill Would Ban Encryption, Undermine User Privacy, Security

Senator Lindsey Graham, a top Trump ally, is targeting giant internet platforms with a child protection measure that could threaten tech companies’ use of encryption and a liability exemption they prize.

Although the measure doesn’t directly mention encryption, it would require that companies work with law enforcement to identify, remove, report and preserve evidence related to child exploitation — which critics said would be impossible to do for services such as WhatsApp that are encrypted from end-to-end.

Source: Lindsey Graham Proposal Could Expose Apple, Facebook to Lawsuits – Bloomberg

GDPR compliance is the key to a smooth transition through Brexit

Brexit’s effect on data laws demands that data management remains a top business priority for UK organisations.

During the 11 month transition period, EU law will continue to apply to the UK. GDPR compliance will remain mandatory, with failure to comply continuing to result in fines. The UK Data Protection Act 2018 will sit alongside GDPR in the UK.

The UK also plans to seek an adequacy agreement once it leaves the EU, which would allow for the continued free flow of data between the two areas, although it’s unclear how long this negotiation may take, or even if the EU would grant the status.

Source: GDPR compliance is the key to a smooth transition through Brexit | IT PRO

US lawmakers claim progress on online privacy bill

Key lawmakers maintained Tuesday that they are making progress in their efforts to put together the country’s first comprehensive online privacy bill after hitting several bumps in Congress late last year.

At the tech-funded State of the Net conference in Washington, D.C., lawmakers on the relevant House and Senate committees signaled they are grappling with the same obstacles that resulted in Democrats and Republicans putting out separate versions of a privacy bill last year – but insisted they’re still dedicated to bipartisan negotiations.

Source: Lawmakers claim progress on online privacy bill | TheHill

1 2 3 124