fbpx

Download free GDPR compliance checklist!

Category Archives for "Legislation"

House Committee reviews controversial Washington Privacy Act

Following a 46-1 vote in the Senate, the proposed Washington Privacy Act has moved over to the House, where a previous version stalled last spring.

The proposed legislation would give Washington residents the right to access, correct or delete data collected on them by commercial entities, as well as the right to opt out of certain forms of data processing.

Source: House Committee reviews controversial Washington Privacy Act

EU publishes revised draft ePrivacy Regulation

The Presidency of the Council of the European Union on 21 February 2020 published revised text of the proposed ePrivacy Regulation (Regulation concerning the Respect for Private Life and the Protection of Personal Data in Electronic Communications and Repealing Directive 2002/58/EC (Regulation on Privacy and Electronic Communications)).

New draft introduces the possibility to process metadata for legitimate interests, as well as to use the processing and storage capabilities of terminal equipment, and to collect information from end-users’ terminal equipment when it is necessary for the purpose of the legitimate interests pursued by the service provider, except when such interest is overridden by the interests or fundamental rights and freedoms of the end-user. That is big change compared to existing regulation requiring user’s consent.

Draft ePrivacy Regulation

Microsoft launches open-source privacy mapping tool

Microsoft has launched a new open-source tool mapping ISO’s global privacy standard, ISO/IEC 27701, to nine different privacy laws from around the world.

The “Data Protection/Privacy Mapping Project,” as it is named, maps ISO/IEC 27701 to the EU General Data Protection Regulation, the California Consumer Privacy Act, Brazil’s General Data Protection Law, Australia’s Privacy Act, Canada’s Personal Information Protection and Electronic Documents Act, Singapore’s Personal Data Protection Act, Hong Kong’s Personal Data Ordinance, South Korean’s Personal info Protection Act, and Turkey’s Data Protection Law.

Source: Microsoft launches open-source privacy mapping tool

Iowa senator to introduce ‘right to be forgotten’ law

A state senator wants to spare Iowans the agony of search engines digging up past indiscretions they would rather forget, or at least keep hidden from public view.

Bill is designed to protect Iowans who post information online “and half a decade later decide to go back and clean up their social media space before they apply for a job or move into a new opportunity in life,” said senator.

Source: Bill gives Iowans chance to ‘forget’ bad tweets | The Gazette

As Congress stalls on data privacy, Big Tech tangles with states

Top U.S. technology companies are shifting their focus to state capitals to shape emerging data-privacy laws as progress on a federal bill has slowed.

Trade groups representing consumer-oriented technology companies such as Amazon, Google and Facebook, as well as those working on behalf of business-oriented companies such as IBM, Intel, Microsoft and Oracle, have in recent weeks turned their attention to states.

In Congress, meanwhile, multiple bills and draft proposals are being circulated by members in both chambers.

Source: As Congress stalls on data privacy, Big Tech tangles with states – Roll Call

California Introduces Bill to Regulate Automated Decision Systems

On February 14, 2020, California State Assembly Member Ed Chau introduced the Automated Decision Systems Accountability Act of 2020, which would require any business in California that provides a person with a program or device that uses an “automated decision system” (“ADS”) to establish processes to “continually test for biases during the development and usage of the ADS” and to conduct an impact assessment on that program or device.

By March 1, 2022, businesses will be required to annually submit to the Department of Business Oversight a report that summarizes the results of their ADS impact assessments. If a change is made during the year, then the results of a new ADS impact assessment must be submitted within 60 days.

Source: California Introduces Bill to Regulate Automated Decision Systems

European Commission publishes data strategy, AI white paper

On Wednesday, the commission released its EU data strategy. The document outlines the commission’s five-year plan for “policy measures and investments to enable the data economy.”

The commission based its strategy on four pillars, one of which is a cross-sectoral governance framework for data access and use. The other pillars include investments in data and “strengthening Europe’s capabilities and infrastructures for hosting, processing and using data, interoperability,” empowering citizens to exercise their data rights and establishing “common European data spaces in strategic sectors and domains of public interest.”

In conjunction with the release data strategy, the commission also published a white paper on AI. The white paper covers the policy options the EU could implement to promote the increased use of AI while addressing the risks associated with the technology.

Source: European Commission publishes data strategy, AI white paper

Privacy Bill Clears Washington State Senate

The Washington State Senate has passed a privacy bill that would give state residents new rights over data collection and use, including the right to opt out of targeted advertising.

The bill gives residents the right to access data about themselves, correct errors, delete the information, and opt out of having their data used for ad targeting and profiling.

A similar bill was passed by the state Senate last year, but stalled in the House.

Source: Privacy Bill Clears Washington State Senate 02/18/2020

New laws to create a Data Protection Agency announced in USA

In the US, a new Data Protection Act (DPA) would create a consumer watchdog to give Americans control and protection of their data, promote a competitive digital marketplace, and prepare the U.S. for the digital age.

Introduced by U.S. Kirsten Gillibrand, the DPA will have the authority and resources to effectively enforce data protection rules—created either by itself or congress—and would be equipped with a broad range of enforcement tools, including civil penalties, injunctive relief, and equitable remedies.

Source: #Privacy: New laws to create a Data Protection Agency announced in USA

On data protection, the UK says it will go it alone. It probably won’t.

The Prime Minister listed data protection as an area that the UK could legislate on following Brexit – but diverging from European Union rules on privacy would only complicate things.

Currently, the UK’s data privacy legislation adheres closely to the General Data Protection Regulation (GDPR), the rules that were rolled out across all European Union member states in May 2018.

Not only would deciding to scrap GDPR go against what people are used to, it would also make it difficult for UK businesses to offer their services to Europe in future.

Source: On data protection, the UK says it will go it alone. It probably won’t. | ZDNet

>