fbpx

Download free GDPR compliance checklist!

Category Archives for "Legislation"

European Commission Publishes Draft of New Standard Contractual Clauses

On November 12, 2020, the European Commission published a draft implementing decision on standard contractual clauses for the transfer of personal data to third countries pursuant to the EU General Data Protection Regulation (GDPR), along with its draft set of new standard contractual clauses (SCC).

The SCCs are open for public consultation until December 10, 2020, and feedback may be submitted here. The adoption process for the SCCs requires an opinion of the European Data Protection Board and the European Data Protection Supervisor, and the positive vote of EU Member States through the comitology procedure. The final SCCs are expected to be adopted in early 2021.

Source: European Commission Publishes Draft of New Standard Contractual Clauses

Rights Activists Slam EU Plan for Access to Encrypted Chats

Digital rights campaigners on Monday criticized a proposal by European Union governments that calls for communications companies to provide authorities with access to encrypted messages.

“Anyone who finds an open back door into my house can enter it, the same is true for back doors in software,” German Left party lawmaker Domscheit-Berg said. “The proposed EU regulation is an attack on the integrity of digital infrastructure and therefore very dangerous.”

Source: Rights Activists Slam EU Plan for Access to Encrypted Chats | SecurityWeek.Com

EU inches closer to ban on end-to-end encryption

The Council of the European Union appears to have a near-completed resolution that would propose a ban on the use of end-to-end encryption on off-the-shelf apps such as WhatsApp and Signal, according to a leaked document.

The memo, dated 6 November and addressed to representatives from EU member states, reveals that strong encryption remains a priority for lawmakers but that the availability of end-to-end encryption has made it overly difficult for law enforcement to conduct investigations.

Source: EU inches closer to ban on end-to-end encryption | IT PRO

Industry groups urge Europe to reject privacy proposal

Industry associations GSMA and ETNO called on European Union member states to reject a proposal for tightening rules on communication services metadata processing, warning the approach would impede innovation and development of Europe’s data economy.

The two organisations issued a joint statement after Germany proposed a change in EU’s ePrivacy Regulation to restrict the use of pseudonymised metadata in communication services.

Source: Industry groups urge Europe to reject privacy proposal – Mobile World Live

Canada crawling toward AI regulatory regime, but experts say reform is urgent

Alberta and B.C. privacy commissioners has no authority to levy fines against the any companies that violate Canadians’ personal information, an “incredible shortcoming of Canadian law that should really change,” B.C. information and privacy commissioner Michael McEvoy said in an email.

The revelation shines a light on the legal void around algorithmic technology. Despite its status as an artificial-intelligence hub, Canada has yet to develop a regulatory regime to deal with problems of privacy, discrimination and accountability to which AI systems are prone, prompting renewed calls for regulation from experts and businesses.

Source: Canada crawling toward AI regulatory regime, but experts say reform is urgent | The Star

Singapore updates 2012 Personal Data Protection Act

Singapore passed amendments to its Personal Data Protection Act (PDPA) on Tuesday, in the first comprehensive review of the Act since its 2012 enactment.

The updated Act aims to strengthen consumer trust through organisational accountability as well as enhance effectiveness of enforcement, consumer autonomy and data use for innovation. Ministers believe it will allow organisations to keep pace with technological changes, and position Singapore as a key player in the digital economy.

Source: Singapore updates 2012 Personal Data Protection Act – PrivSec Report

German Presidency charts new COVID19 ‘metadata’ rules in leaked ePrivacy text

The German EU Council presidency is seeking to permit the processing of metadata in online communications for ‘monitoring epidemics’ or to help in ‘natural or man-made disasters,’ according to a leaked text on the ePrivacy regulation.

However, the Germans’ proposal on the highly controversial ePrivacy regulation has at the same time withdrawn the ‘legitimate interest’ provision for the general processing of metadata, included in earlier versions of the text.

Source: German Presidency charts new COVID19 ‘metadata’ rules in leaked ePrivacy text – EURACTIV.com

California Voters Approve Reworking of Landmark Consumer Privacy Law

California voters have approved a ballot measure, Proposition 24, known as the California Privacy Rights Act of 2020 (CPRA).

Referred to by some as CCPA 2.0, the CPRA amends certain provisions of the paradigm shifting 2018 California Consumer Privacy Act (CCPA), which went into effect in January 2020 and became subject to enforcement in July 2020. Moreover, the CPRA will introduce a number of new provisions and concepts to a law that regulators are still fleshing out and businesses are struggling to understand.

Source: California Voters Approve Reworking of Landmark Consumer Privacy Law – What CCPA 2.0 Will Mean for Businesses and Consumers

EU finance ministers call for GDPR clarity as they back greater info-sharing to tackle money laundering

EU finance ministers are calling for clarity on data protection rules as they seek to harmonise anti money laundering regulations across Europe.

The European Union’s ECOFIN council yesterday backed plans to establish a single rule-book and centralised supervision of anti-money laundering and terrorist financing.

As part of the reform plan, ministers want the European Commission to “consider the expansion of information-sharing possibilities within groups of companies as well as between other obliged entities not belonging to the same group or the same sector, so as to allow better monitoring and compliance.”

Source: EU finance ministers call for GDPR clarity as they back greater info-sharing to tackle money laundering

Portland, Maine Votes to Add Teeth to Ban on Facial Recognition

Voters in Portland, Maine passed a ballot initiative that strengthens the city’s ban on the use of facial recognition by law enforcement and city agencies.

The City Council previously passed an order banning face surveillance, but the initiative strengthens the ban with a private right of action and penalties for violations of the law.

A growing list of cities have banned facial recognition technology, including Boston, Oakland, San Francisco, and Portland, Oregon.

Source: EPIC – Portland, Maine Votes to Add Teeth to Ban on Facial Recognition

>