Free tools and resources for Data Protection Officers!

Category Archives for "Legislation"

EBF publishes proposals on Cyber incident reporting

In order to ensure that financial institutions are able to quickly and effectively report cyber incidents without at the same time sacrificing a proper incident management and recovery process, The European Banking Federation (EBF) published its proposals on cyber incident reporting.

In particular EBF makes the following proposals for supervisors and regulators:

  • Establish a central reporting and coordination hub in each Member State;
  • Harmonise reporting thresholds and create a common taxonomy for cyber security incidents;
  • Foster public-private real-time collaboration between regulators, supervisors, law enforcement, financial institutions and other cross-sectoral infrastructure actors;
  • Further involve national CERTs in information sharing;
  • Introduce a regular bi-directional information flow between regulators/ supervisors and the industry.

Full report: EBF position on Cyber incident reporting

U.S. Using Trade Deals to Shield Tech Giants From Foreign Regulators

The Trump administration has begun inserting legal protections into recent trade agreements that shield online platforms like Facebook, Twitter and YouTube from lawsuits, a move that could help lock in America’s tech-friendly regulations around the world even as they are being newly questioned at home.

The administration’s push is the latest salvo in a global fight over who sets the rules for the internet. While the rules for trading goods have largely been written — often by the United States — the world has far fewer standards for digital products. Countries are rushing into this vacuum, and in most cases writing regulations that are far more restrictive than the tech industry would prefer.

Source: U.S. Using Trade Deals to Shield Tech Giants From Foreign Regulators – The New York Times

Centrist Democratic Lawmakers Back Pro-Business Privacy Law

A group of more than 100 centrist Democratic House lawmakers is throwing its weight behind a privacy bill that has been praised by alliances of software and internet giants.

The bill would allow consumers to opt out of the collection, storage and sharing of their data. It would require companies to get consumers to approve any use of sensitive data such as financial or health information and oblige companies to furnish “plain language” privacy policies.

Source: Centrist Democratic Lawmakers Back Pro-Business Privacy Law – Bloomberg

Amazon Calls for Government Regulation of Facial Recognition Tech

Amazon said it believes that governments should act to regulate the use of facial recognition technology to ensure it is used appropriately.

The company said it will back US federal privacy legislation “that requires transparency, access to personal information, ability to delete personal information, and that prohibits the sale of personal data without consent.”

Source: Amazon Calls for Government Regulation of Facial Recognition Tech | SecurityWeek.Com

Andrew Yang proposes that your digital data be considered personal property

The 2020 Democratic presidential candidate Andrew Yang published his latest policy proposal: to treat data as a property right. Announcing the proposal on his website, Yang lamented how our data is collected, used, and abused by companies, often with little awareness or consent from us.

“This needs to stop,” Yang says. “Data generated by each individual needs to be owned by them, with certain rights conveyed that will allow them to know how it’s used and protect it.”

Full article: Andrew Yang proposes that your digital data be considered personal pro

Amazon is writing facial recognition law

Amazon’s Chief Executive Jeff Bezos said the company’s public policy team is working on proposed regulations around facial recognition, a fledgling technology that has drawn criticism of the technology giant’s cloud computing unit.

Critics have pointed to technology from Amazon and others that struggled to identify the gender of individuals with darker skin in recent studies. That has prompted fears of unjust arrests if the technology is used by more law enforcement agencies to identify suspects.

Source: Amazon CEO says company working on facial recognition regulations – Reuters

France plans to scan social media for tax fraud

France ’s data protection watchdog has urged caution over plans to allow authorities to monitor individuals’ social media posts and purchasing activity on websites such as eBay in order to identify those committing tax fraud.

The French parliament is to debate proposals for a three-year trial during which the tax office’s computer system would collect information on peoples’ lifestyles from social media accounts such as Facebook, Instagram and Twitter, and also monitor their activity on sites such as eBay and the French site Le Bon Coin.

Source: French plan to scan social media for tax fraud causes alarm

New US ransomware bill passed

The US Senate has passed a bill that is aimed to protect public institutions like schools and law enforcement, from ransomware.

The DHS Cyber Hunt and Incident Response Teams Act would authorise the Department of Homeland Security (DHS) to create teams to help both private and public entities defend against attacks.

Additionally the cyber hunt and incident response teams, will provide support and technical advice, as well as provide incident response assistance.

Source: #Privacy: New US ransomware bill passed

Ecuador Is Latest Country to Consider GDPR-like Privacy Law

Ecuador is considering a GDPR – like privacy law. A massive data breach in Ecuador has sparked a new push to pass data protection legislation that would mirror the European Union’s privacy regime.

The National Assembly is debating a bill that allows citizens to access, correct, eliminate and oppose the use of their personal data and sets up a new data protection authority to enforce the law and sanction bad actors.  President Lenin Moreno sent the bill for debate shortly after the personal data of 20 million Ecuadorians was discovered on a server in Miami earlier this month.

Source: Ecuador Is Latest Country to Consider GDPR-like Privacy Law

Germany approves “numerous adaptations to German data protection regulations”

The Federal Council (‘Bundesrat’) announced, on 20 September 2019, that it had approved several amendments to the draft law on the adaptation of data protection legislation in relation to the General Data Protection Regulation (GDPR) and the Data Protection Directive with Respect to Law Enforcement (‘the Law Enforcement Directive’).

The Amendments outline, among other things, that the obligation to appoint a data protection officer (DPO) will apply to companies with at least 20 employees, and that employees’ consent to data processing will have to be provided in writing or electronically. The Draft Law will now pass to the President of the Federal Government for signing, and will come into force the day after its promulgation.

Source: Germany: Bundesrat approves “numerous adaptations to German data protection regulations”