fbpx

Free tools and resources for Data Protection Officers!

Category Archives for "Legislation"

Department of Justice Releases White Paper on CLOUD Act

On Wednesday, the U.S. Department of Justice released a white paper and FAQ on the Clarifying Lawful Overseas Use of Data (“CLOUD”) Act, which was enacted in March 2018 and creates a new framework for government access to data held by technology companies worldwide.

The paper, titled “Promoting Public Safety, Privacy, and the Rule of Law Around the World: The Purpose and Impact of the CLOUD Act,” addresses the scope and purpose of the CLOUD Act and responds to 29 frequently asked questions about the Act.

Source: Department of Justice Releases White Paper on CLOUD Act

GDPR: 10 Months down the road

The European Data Protection Board (the “EDPB”) recently published an overview on GDPR’s implementation since its enforcement last May, and the roles of national supervisory authorities in this regard.

As of today, almost all Member States have implemented and enforced the GDPR in their national laws. The only remaining exceptions are Czech Republic, Greece, Slovenia and Portugal.

Priavcy Pervest have summarised and examined some of the items we consider key to the success of GDPR.

Full article: GDPR: 10 Months down the road | PrivacyPerfect blog

A new US bill would force companies to check their algorithms for bias

US lawmakers have introduced a bill that would require large companies to audit machine learning-powered systems — like facial recognition or ad targeting algorithms — for bias.

If passed, it would ask the Federal Trade Commission to create rules for evaluating “highly sensitive” automated systems. Companies would have to assess whether the algorithms powering these tools are biased or discriminatory, as well as whether they pose a privacy or security risk to consumers.

Source: A new bill would force companies to check their algorithms for bias – The Verge

Senators say US needs its own GDPR

An investigation into the Equifax data breach has condemned the company’s poor security standards and urged politicians in the States to look to the GDPR’s example to minimise chances of a similar breach taking place in future.

The 67-page report, which was put together by the US Senate, proposes that organisational mismanagement of personally identifiable data should be punished by law, as happens under the GDPR.

Source: Senators say US America needs its own GDPR

CNIL Publishes Binding Rules on Processing Biometric Data as Workplace Access Control

On March 28, 2019, the French data protection authority (“CNIL”) published a “Model Regulation” addressing the use of biometric systems to control access to premises, devices and apps at work.

The Model Regulation lays down binding rules for data controllers who are subject to French data protection law and process employee biometric data for such purposes.

Source: CNIL Publishes Binding Rules on Processing Biometric Data as Workplace Access Control

How to address new privacy issues raised by artificial intelligence and machine learning

Artificial intelligence and machine learning present unique challenges for protecting the privacy of personal data.

For this reason, policymakers need to craft new national privacy legislation that accounts for the numerous limitations that scholars have identified in the notice and consent model of privacy that has guided privacy thinking for decades. The exacerbation of privacy externalities created by machine learning techniques is just one more reason regarding the need for new privacy rules.

Full article: How to address new privacy issues raised by artificial intelligence and machine learning

Czech Republic adopts new Data Protection law

The Czech Republic adopted, on 12 March 2019, legislation that brings the GDPR’s provisions into national law.

The new Act now needs to be signed by the President. After that, it will enter into force on the day of its publication in the Legal Gazette.

Source: Czech Republic adopts new DP law to follow GDPR – Privacy Laws & Business

Zuckerberg says governments need to do more to support data privacy

Mark Zuckerberg has responded to privacy pressures by asking regulators and governments to do more to help control content that gets published online.

Writing in the Washington Post, the Facebook boss acknowledged the “major” role that tech plays in our everyday lives, as well as the “immense responsibilities” that lie on the shoulders of companies such as Facebook.

However, experts have questioned whether the Facebook chief’s message is little more than an acknowledgement of the fact that the social network has to comply with new data privacy laws.

Source: Zuckerberg says governments need to do more to support data privacy

Recap: EDPB’s first-year review of GDPR

Last month, the European Data Protection Board released its first overview of the implementation and enforcement of the General Data Protection Regulation and the roles and means of the national supervisory authorities.

The report indicates that the GDPR cooperation and consistency mechanisms are working quite well in practice due to the EDPB and national supervisory authorities’ ongoing efforts to facilitate collaboration and communication.

Full article: Recap: EDPB’s first-year review of GDPR

The state Senate version of the Washington Privacy Act: A summary

Washington is increasingly looking like it will become the second state in the U.S. to pass a comprehensive privacy statute, following California’s Consumer Privacy Act. Drafting the statute was a two-plus year process, during which the CCPA was passed and the EU General Data Protection Regulation went into effect.

Washington’s proposed privacy statute shares many foundational principles with these two privacy regimes, but it has notable distinctions. Importantly, it represents a new model for other states to consider as they draft their own comprehensive privacy laws.

Full article: The state Senate version of the Washington Privacy Act: A summary

>