fbpx

Download free GDPR compliance checklist!

Category Archives for "Legislation"

Brazilian Senate throws out delay to new data protection law

In a surprise move, the Brazilian Senate on Wednesday rolled back a planned Presidential postponement of Brazil’s new data protection law, originally scheduled to become effective on August 14 2020, but which had been delayed until May 2021.

Passed in 2018, Brazil’s new data protection law – Lei Geral de Proteção de Dados Pessoais, or “LGPD” – had been delayed by President Bolsonaro by a Provisional Measure, but the Measure had to be approved by August 27 by both houses of Congress. A proposal had been made to change the date once more, to December 31 2020, but instead, the Senate overruled any delays at all.

Source: Brazilian Senate throws out delay to new data protection law

German DPA Publishes Schrems II Transfer Compliance Checklist and Suggested Modifications to SCCs

On August 24, 2020, the data protection authority of the German state of Baden-Württemberg published guidance on international transfers of personal data following the Schrems II judgment.

This represents the first comprehensive guidance by a European privacy supervisor indicating how it intends to enforce the Schrems II decision. As well as including a Schrems II compliance checklist, it provides some recommendations on modifying the Standard Contractual Clauses to allow the parties to document their intent to act in accordance with the law.

Source: German DPA Publishes Schrems II Transfer Compliance Checklist and Suggested Modifications to SCCs

Facebook pushes for data portability legislation ahead of FTC hearing

Facebook pushed for legislation that makes it easier for users to transfer photos and videos to a rival tech platform, in comments it sent to the Federal Trade Commission ahead of a hearing on the topic on Sept. 22.

Facebook is seeking regulatory guidance, in the form of an independent body or regulator, in answering policy questions and helping them address liability issues tied to portability.

Source: Facebook pushes for data portability legislation ahead of FTC hearing – Reuters

Government ordered to rewrite German telecom act due to privacy concerns

Germany’s Constitutional Court has told the government to revise the Telecommunications Act by the end of next year as it violates the right of citizens to phone and internet privacy.

The law at present is unconstitutional because authorities have too much access to people’s data and the privacy of Germans should be better protected, the court ruled.

Source: Government ordered to rewrite German telecom act due to privacy concerns – PrivSec Report

US Senate Bill Limits Corporate Use of Facial Recognition

On August 4, 2020, Senators Jeff Merkley (OR) and Bernie Sanders (VT) introduced the National Biometric Information Privacy Act of 2020.

The bill would require companies to obtain individuals’ consent before collecting biometric data. Specifically, the bill would prohibit private companies from collecting biometric data—including eye scans, voiceprints, faceprints and fingerprints—without individuals’ written consent, and from profiting off of biometric data.

Source: Senate Bill Limits Corporate Use of Facial Recognition

New Zealand Will Consider Schrems II Decision in Implementing Own Privacy Act

New Zealand’s Data Protection Authority has offered its take on the Schrems II ruling that invalidated EU-U.S. Privacy Shield.

The decision does not directly affect transfers of data from the EU to New Zealand because such transfers are conducted on the basis of the adequacy decision in place. But the influence of this decision on international data transfers more generally is likely to be significant.

New Zealand will also be considering the decision in Schrems II as it develops model contract clauses under the new Privacy Act 2020 coming into force on 1 December 2020 and imposing limits on international transfers of personal information.

Source: International data transfers: The Schrems II decision

ICO completes Age Appropriate Design Code

The UK’s Information Commissioner’s Office (ICO) announced that The Age Appropriate Design Code has completed the Parliamentary process.

Code will come into force Sept. 2. The code then provides a transition period of 12 months, to give online services time to conform.

Source: Statement to issue the Age Appropriate Design Code | ICO

European Commission and U.S. Department of Commerce to Discuss Enhanced EU-U.S. Privacy Shield Framework

On August 10, 2020, U.S. Department of Commerce and the European Commission announced they have initiated discussions to evaluate the potential for an enhanced EU-U.S. Privacy Shield framework to comply with the CJEU’s Schrems II ruling that declared the EU-U.S. Privacy Shield framework no longer valid to transfer personal data from the EU to the U.S.

Joint press statement  emphasizes the need to strengthen data protection as well as the importance of cross-border data transfers to EU and U.S. citizens and to both economies.

Source: European Commission and U.S. Department of Commerce to Discuss Enhanced EU-U.S. Privacy Shield Framework

Germany Prepares New Law for Patient Data Protection

On 3 July 2020, the German parliament passed a draft bill for patient data protection and for more digitalisation in the German healthcare system (Patientendaten-Schutz-Gesetz). The draft bill is currently in the legislative procedure and is expected to enter into force in autumn 2020.

One of the main objectives of the bill is to make everyday life easier for patients and healthcare professionals by increasing use of innovative digital applications, while protecting sensitive health data.

Source: Germany Prepares New Law for Patient Data Protection and Increased Digitalisation in Healthcare and for “Data Donations” for Research Purposes

New York legislature bans use of facial recognition technology in schools

New York’s state legislature voted to pause the use of facial recognition at schools for two years.

The moratorium, approved by both the state Assembly and Senate on Wednesday, follows an attempt by a school district in upstate New York to install the controversial technology at its schools.

Source: New York legislature bans use of facial recognition technology in schools | TheHill

>