fbpx

Download free GDPR compliance checklist!

Category Archives for "Legislation"

Washington State Introduces New Data Privacy Bill: The People’s Privacy Act

Washington state Rep. Shelley Kloba introduced a new data privacy bill, the People’s Privacy Act (HB 1433), to provide a people-focused, community-supported solution to the growing need to protect individual personal data both online and offline.

The bill covers corporations, government agencies, and organizations that meet a specific threshold for the number of individual records collected or the amount of their annual revenue.

Source: Washington State Rep. Shelley Kloba Introduces New Data Privacy Bill: The People’s Privacy Act | ACLU of Washington

Council of Europe calls for restrictions on the use of facial recognition technology

The Council of Europe has published guidelines to avoid what it terms significant risks to privacy and data protection posed by the increasing use of facial recognition technology.

The human rights organisation suggests prohibiting its use solely to determine a person’s skin colour, religious or other belief, gender, racial or ethnic origin, age, health or social status. A ban should also be applied to ‘affect recognition’ technologies, which can identify emotions and be used to detect personality traits, inner feelings, mental health condition or workers’ level of engagement.

Source: Council of Europe calls for restrictions on the use of facial recognition technology

Police Say They Can Use Facial Recognition, Despite Bans

The Markup examined 17 bans passed in the past couple of years, speaking with local officials and reading through official documents. In six of those cities, officials either told The Markup or otherwise publicly stated that loopholes in the bans effectively allow police to access information garnered through facial recognition.

The bans in Pittsburgh; Boston; Alameda, Calif.; Madison, Wis.; Northampton, Mass.; and Easthampton, Mass., all have language in their regulations that may allow local police to continue using facial recognition through state and federal agencies or the private sector.

Full article: Police Say They Can Use Facial Recognition, Despite Bans – The Markup

Germany Publishes New Draft Rules for Cookies and Similar Technologies

On January 12, 2021, the German Ministry for the Economy and Energy released a new draft Law on Data Protection and the Protection of Privacy in Telecommunications and Telemedia (TTDSG).

If enacted, the draft law will replace the existing data protection and privacy provisions of Germany’s Telemedia Act and Telecommunications Act (Telemedia Act), including provisions applicable to the use of cookies and similar technologies.

Among other things, the draft law clarifies that a website operator must obtain an end-user’s consent for deploying cookies and similar technologies on the end-user’s device(s), unless the cookies or similar technologies in question are “necessary to provide the service(s) requested by the end user” (Section 22). Moreover, the draft law expressly states that such consent must meet the standards of the GDPR.

Source: Germany Publishes New Draft Rules for Cookies and Similar Technologies | Inside Privacy

EU Parliament Guidelines Call for Moratorium on Facial Recognition

In a report released January 20, 2021 the European Parliament outlines the need for new legal frameworks for artificial intelligence and biometric surveillance.

The report raises concerns about both civilian and military uses of artificial intelligence, mass surveillance, and deepfakes. The European Parliament was particularly concerned with facial recognition technology, proposing a moratorium on its use in public and semi-public spaces.

Source: European Parliament Guidelines Call for Moratorium on Facial Recognition

New Proposed Rule Requires US Banks to Notify Regulators within 36 Hours

On January 12, 2021, the Office of the Comptroller of the Currency (OCC), the Board of Governors of the Federal Reserve System (Board), and the Federal Deposit Insurance Corporation (FDIC) published a Notice of Proposed Rulemaking (NPRM) titled Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers.

The Proposed Rule would require a “banking organization” to notify its primary regulator no later than 36 hours after reasonably determining that a qualifying incident has occurred, and it would require a “bank service provider” (both terms defined below) to notify a banking organization immediately upon detecting that an incident materially impacting such organization has occurred.

Source: New Proposed Rule Requires Banks to Notify Regulators within 36 Hours – Hogan Lovells Engage

Portland Becomes First Jurisdiction to Ban Certain Uses of Facial Recognition by Private Businesses

The ordinance, which went into effect on January 1, 2021, is the first in the country to prohibit certain uses of these technologies by private businesses. Another ordinance banning the use and acquisition of face recognition technologies by all City of Portland bureaus and offices went into effect last September.

The ban prohibits private entities from using facial recognition technologies in places of “public accommodation” within the city of Portland. Although the ban is broad, there are notable exceptions, even for use in places of public accommodation.

Source: Portland Becomes First Jurisdiction to Ban Certain Uses of Facial Recognition by Private Businesses | Privacy & Security Law Blog | Davis Wright Tremaine

New York State Lawmakers Reintroduce CCPA-Like Data Privacy Legislation

California Consumer Privacy Act-like regulations may be coming to a New York business near you. State lawmakers have reintroduced two key pieces of data.

New York state’s “do not sell my personal information” bill was reintroduced in the Senate and referred to the Senate Consumer Protection Committee.

At the same time, the New York Privacy Act was reintroduced in the New York State Assembly and referred to the Assembly Committee on Consumer Affairs and Protection.

Source: New York State Lawmakers Reintroduce CCPA-Like Data Privacy Legislation | Privacy Compliance & Data Security

EDPB Publishes Guidelines on Examples regarding Data Breach Notification

On January 18, 2021, the European Data Protection Board released draft Guidelines 01/2021 on Examples regarding Data Breach Notification.

The Guidelines aim to assist data controllers in deciding how to handle data breaches, including by identifying the factors that they must take into account when conducting risk assessments to determine whether a breach must be reported to relevant supervisory authorities and/or the affected data subjects.

Source: EDPB Publishes Guidelines on Examples regarding Data Breach Notification | Privacy & Information Security Law Blog

Irish DPC publishes draft Fundamentals for a Child-Oriented Approach to Data Processing

On December 18, 2020, the Irish Data Protection Commission (DPC) published its draft Fundamentals for a Child-Oriented Approach to Data Processing.

The Fundamentals introduce child-specific data protection principles and measures, which are designed to protect children against data processing risks when they access services, both online and off-line.

The DPC notes that all organizations collecting and processing children’s data should comply with the Fundamentals. The Fundamentals are open for public consultation until March 31, 2020.

Source: Irish DPC publishes draft Fundamentals for a Child-Oriented Approach to Data Processing

>