ICO Releases Draft Guidelines for PETs
The U.K. Information Commissioner’s Office published draft guidance for anonymization, pseudonymization and privacy-enhancing technologies. The guidance is intended to serve data protection officers working in large organizations. According to the draft guidance, PETs help you demonstrate a data protection by design and by default approach to data processing. PETs also assist organizations in complying with data minimization principles. The guidance warned PETs are not a “silver bullet” for complying with data protection laws, and processing still needs to be lawful, fair and transparent.
Proposed American Data Privacy and Protection Act hits House Snag
Reality is settling in for the proposed American Data Privacy and Protection Act as ongoing debate over the bill and its preemption provisions led U.S. House Speaker Nancy Pelosi, to oppose bringing the current bill to a Housefloor vote. Pelosi said she will work with House Committee on Energy and Commerce Chair Frank Pallone, on a path to possibly preserve the ability for states, particularly California, to legislate on privacy as they see fit.
Indonesia Advances Personal Data Protection Bill to Ratification Process
The Indonesian House of Representatives announced an agreement between the House Commission on Defense, Foreign and Information Affairs and the Ministry of Communication and Information to elevate the Personal Data Protection Bill to a plenary meeting for immediate ratification into law. “The PDP Bill raises public awareness and ensures recognition and respect for the importance of protecting personal data,” Minister of Communication and Information Johnny Plate said. Lawmakers and the ministry recently reached an agreement on the creation of the Indonesian data protection authority.
European Commission to Introduce IoT Cybersecurity Rules
The European Commission will soon introduce the Cyber Resilience Act, which lays out cybersecurity requirements for connected devices. The draft framework will cover digital products and their data processing solutions with exemptions for products covered by sector-specific regulations. Proposed security requirements for product design and development processes include ensuring the confidentiality of data, encryption and purpose limitation principles. If passed, the proposal would apply 24 months after its entry into force while manufacturer reporting obligations would apply one year after enactment.
Argentina’s AAIP Opens Consultation on PDPA Amendments
Argentina’s data protection authority, the Agency of Access to Public Information, opened a public consultation on the draft bill to amend Law No. 25.326 on the Protection of Personal Data. The filing to the Official Gazette of the Argentine Republic notes the draft bill seeks to address “new scenarios characterized by constant movements of large data flows” while working to “maintain protection standards capable of reconciling the digital economy, technological innovation and the protection of fundamental rights, within the framework of an inclusive development project.”
European Commission Unveils Cyber Resilience Act Proposal
The European Commission released a proposal for the EU Cyber Resilience Act. The proposed legislation would increase the standards for cybersecurity rules and promote “more secure hardware and software.” The law seeks to address weak cybersecurity vulnerabilities within those products and better inform users on the right products for enhancing security. The law would require software and hardware manufacturers to improve the security of their products from the design phase through its life cycle.
US Senators Call on HHS to tighten HIPAA Privacy Rule to Safeguard Women’s Abortion Information
Thirty Democratic senators called on the U.S. Department of Health and Human Services to protect women’s privacy and access to reproductive health care. In a letter to HHS Secretary Xavier Becerra, the senators pressed the Biden administration to strengthen the Health Information Portability and Accountability Act’s Privacy Rule to broadly restrict regulated entities from sharing individuals’ reproductive health information without explicit consent, especially with law enforcement or as part of legal cases for obtaining an abortion.
EDPB Adopts Statement on European Police Cooperation Code
The EDPB adopted a statement on the European Commission’s proposal for an EU Police Cooperation Code. This proposal aims to enhance law enforcement cooperation across Member States, in particular the information exchange between the competent authorities. The code is comprised of three main measures: proposal for a Prüm II Regulation, proposal for a Police Information Exchange Directive and the proposal for a Council Recommendation on operational police cooperation.
UN Report Details Threats to Global Digital Privacy
The United Nations Office for the High Commissioner of Human Rights issued a report detailing how “modern networked digital technologies” threaten individuals’ privacy. The report examined three areas: spyware abuse by world governments, the role of encryption in protecting human rights online and the impacts of digital surveillance of public spaces. According to the report, urgent steps are required to rein in the use of spyware until adequate safeguards to protect human rights are in place.
Indonesian Lawmakers Pass Data Protection Bill
Indonesian lawmakers passed a long-awaited data protection bill into law September 20th. Indonesia is the fourth most populous nation in the world. The law includes fines of up to 2% of a company’s annual revenue, the potential confiscation of assets, and a stipulation that individuals could be imprisoned for up to six years for falsifying personal data or up to five years for collecting personal data illegally, the report states. The bill also authorizes the president to create an oversight body to enforce the law. Indonesia Communications Minister Johnny Plate said the development “marks a new era in the management of personal data in Indonesia.”
FTC Releases Agenda for Children’s Marketing Privacy Workshop
The U.S. Federal Trade Commission published the agenda for its Oct. 19 workshop covering children’s protections against digital marketing practices. The workshop aims to outline the current landscape for digital advertising, children’s abilities to comprehend ads at various ages and whether the current regulatory landscape is equipped to address ongoing issues. The event will be followed by a public comment period on workshop discussions that runs through Nov. 18.
India Proposes Telecom, Online Messaging Bill
Indian Parliament published the draft Telecommunication Bill 2022, which aims to regulate digital communications. The bill allows the government to view all online communications in cases of perceived national security or public safety concerns while giving agencies immunity from potential lawsuits stemming from such intervention. The legislation also addresses spam messages, proposing consent requirements and a “Do Not Disturb” registry.
GAO Proposes Privacy Officer Requirements for Federal Agencies
The U.S. Government Accountability Office published a report examining the status of privacy leadership within 24 government agencies. The GAO found each agency has a designated privacy official, but those individuals “may have numerous other duties and may not bring a needed focus on privacy.” The report goes on to recommend U.S. Congress draft legislation to require the appointment of privacy-focused personnel. Meanwhile, members of U.S. Congress wrote the National Telecommunications and Information Administration urging improved privacy practices.
Nigeria Ready to Fast-Track DPA Bill
Members of Nigeria’s National Assembly indicated the country’s draft bill establishing the Data Protection Commission will be passed into law within 30 days of introduction by the Federal Executive Council. Senate Committee on Information Communication Technology and Cybercrime Chair Yakubu Useni said the bill “will see the light of the day” after it was not moved to the president’s desk in 2019. The bill aims to bring clear rules and procedures for the proposed regulator to follow as it enforces the Nigerian Data Protection Regulation, 2019.
US Executive Order on Trans-Atlantic Data Privacy Framework Imminent
U.S. President Joe Biden is expected to publish an executive order concerning a new agreement on EU-U.S. data flows as early as Oct. 3rd. According to individuals involved in negotiations, the order will cover new legal protections over personal data access and use by U.S. national security entities. Principles for necessity and proportionality in relation to government surveillance activities are included in the order. Once the order is published, the European Commission will begin a ratification process that could take as long as six months to complete.
Civil Rights Advocates, Lawmakers Push for Ban on Police Purchases of Cellular Tracking Data
Democratic U.S. senators and civil rights lawyers are calling for the creation of a law to restrict law enforcement’s ability to buy cellphone tracking data. Technologies such as Fog Reveal from Virginia-based Fog Data Science, which can trace movements of cellular users as far back as several years, were purchased by police departments to trace suspects’ whereabouts. In some instances, police did not obtain search warrants for the geolocation data reportedly tracked by Fog Reveal.
Michigan Lawmakers Introduce Comprehensive Privacy Bill
State Senator Rosemary Bayer, and fellow Senate Democrats introduced Senate Bill 1182, the Michigan Personal Data Privacy Act. The bill would cover businesses that hold data on more than 100,000 consumers and on those holding data on more than 25,000 consumers while generating 50% gross revenue from data sales. Notable provisions include consumer opt-outs for data sales and targeted advertising, a data broker registry, a 30-day right to cure, and a private right of action with 30 days of notice. The bill was referred to the Senate Committee on Energy and Technology.