Global News Roundup 15, 2019

In this week’s Privacy Tracker global legislative roundup, read about the IAPP’s coverage of the “Schrems II” case heard in front of the Court of Justice of the European Union, and learn about the U.K. Information Commissioner’s Office’s intention to fine British Airways and Marriott International for violations of the EU General Data Protection Regulation. Colombia’s data protection authority ordered Uber to improve its security measures after the ride-hailing company’s 2016 data breach, and in the U.S., the California Senate Standing Committee on Judiciary held a hearing on amendments to the California Consumer Privacy Act the state assembly passed last month.

LATEST NEWS

Ireland‘s Data Protection Commission determined the Department of Social Protection violated privacy laws when it demanded information about children from the parents under the threat their children will no longer receive benefits should they refuse.
More

India‘s Supreme Court rejected public interest litigation against the Delhi Government’s decision to install CCTV cameras in classrooms in government schools and live stream the feed to students’ parents.
More

A Florida lawmaker is calling for legislative changes after it was discovered the state’s Department of Motor Vehicles sold driver’s license and ID card holder’s private information.
More

Dr. Pepper and 7UP have been accused of violating the Illinois Biometric Information Privacy Act.
More

A Virginia lawmaker has been sued by a former aide for privacy violations after allegedly hacking a private email account.
More

ICYMI

Colombia’s data protection authority, Superintendencia de Industria y Comercio, has ordered Uber to improve its technical and organizational security measures to protect the personal data of Colombian users after the ride-hailing company’s 2016 data breach. University of the Andes’ Alejandro Londoño Congote recaps the DPA’s investigation and breaks down the decision.
More

Ahead of the “Schrems II” hearing with the Court of Justice of the European Union, Senior Privacy Fellow Caitlin Fennessy, CIPP/US, explored whether a data transfer mechanism is necessary for companies already subject to the EU General Data Protection Regulation.
More

Jennifer Baker reports on the eight-hour Schrems II hearing before the Court of Justice of the European Union. Baker covers the arguments made and reactions after the fact, which include concerns that the court’s ruling in 2020 could take down both standard contractual clauses and the Privacy Shield, too, leaving companies’ abilities to make global data transfers in a bind.
More

Bird & Bird Partner and Co-Head of International Data Protection Practice Ruth Boardman answers some of the most pressing questions privacy pros might be asking after the Court of Justice of the European Union heard arguments in the Schrems II case.
More

The European Data Protection Board Opinion 3/2019 stipulates that “informed consent� from clinical trial participants for life science research purposes typically does not satisfy requirements for consent as a legal basis for processing personal data under the EU General Data Protection Regulation. Gary LaFever and Mike Hintze, CIPP/US, CIPP/E, CIPP/G, CIPP/US, CIPM, CIPT, FIP, explain why the EDPB’s position should not come as a surprise.
More

DLA Piper’s Jim Halpert and Tracy Shapiro write about a hearing held by the California Senate Standing Committee on Judiciary on amendments to the California Consumer Privacy Act the state assembly had passed last month. Halpert and Shapiro provide an update on which bills passed with amendments, as well as the bills that were defeated.
More

In this episode of The Privacy Advisor Podcast, co-author of the CCPA ballot initiative Mary Stone Ross discusses with host Angelique Carson, CIPP/US, how the California Consumer Privacy Act might differ, in the end, from its initial aims and the impact industry’s lobbying efforts is having on the end result.
More

ASIA-PACIFIC

Amazon has inquired the Australian government about clarifications on data retention provisions within the Telecommunications and Other Legislation (Assistance and Access) Act 2018.
More

India‘s House of the People, Lok Sabha, has passed the Aadhaar and Other Laws (Amendment) Bill, 2019, which sets forth more stringent regulations related to Aadhaar and privacy violations.
More

CANADA

The Office of the Privacy Commissioner of Canada and Québec Access to Information Commission announced they have launched an investigation into the Desjardins Group data breach.
More

EUROPE

Germany‘s competition regulator, the Bundeskartellamt, released a decision that prohibits Facebook from combining user data from different sources.
More

A commercial court in Madrid has ruled that Spanish consumer group Organization of Consumers and Users will be able to go forward with its case against Facebook regarding allegations of personal data misuse.
More

The U.K. Information Commissioner’s Office announced it has issued a notice of its intention to fine British Airways 183.39 million GBP for violations of the EU General Data Protection Regulation.
More

The U.K. Information Commissioner’s Office also issued a notice of its intention to fine Marriott International 99 million GBP for violations of the EU General Data Protection Regulation.
More

The U.K.’s Competition and Markets Authority says a new regulator may be needed to monitor the “growing power of digital platforms.”
More

The European Data Protection Board determined in an opinion the competence for a lead supervisory authority to act can be switched to another supervisory authority in the event of a documented change related to a main or single establishment.
More

EU privacy regulators have discussed the launch of a new set of guidelines to increase restrictions on facial-recognition software.
More

LATIN AMERICA

The Brazilian Senate has approved a proposal that would guarantee fundamental rights and data protection across digital platforms within the country’s Constitution.
More

EU Commissioner for Justice, Consumers and Gender Equality Věra Jourová met with Chilean Minister of Finance Felipe Larraín Bascuñán and Minister of Justice and Human Rights Hernán Larraín Fernández to discuss methods to strengthen cooperation on data protection and data flows between the country and the European Union.
More

US

The United States Court of Appeals for the 8th Circuit denied immunity to three Arkansas police officers accused of privacy violations.
More

The Internet Association, a Silicon Valley group that includes Facebook and Google, has started a new campaign advocating for the definition of personal information to be less broad in the California Consumer Privacy Act.
More

Gov. David Ige, D-Hawaii, has vetoed Bill HB 702 HD1 SD2, which would have been the first bill in the U.S. to prohibit the sale of location data gathered by satellite-navigation-equipped devices without user consent.
More

A class-action lawsuit has been filed against Simple Laboratories for alleged violations of the Illinois Biometric Information Privacy Act.
More

A pair of Democratic House aides said the U.S. House Energy and Commerce Committee seeks to introduce a federal U.S. privacy bill by late September or early October.
More

U.S. House Judiciary Committee Ranking Member Rep. Doug Collins, R-Ga., released guiding principles for a federal privacy law he plans to draft and introduce.
More

Politico reports on the struggles within Congress to create a federal privacy law.
More

A class-action claim against T-Mobile for location data disclosures is being held up in federal court after the phone carrier said it previously agreed to arbitrate all disputes to avoid a trial.
More