Global News Roundup — Nov. 11–18, 2019

In this week’s Privacy Tracker global legislative roundup, the European Data Protection Board published final guidelines for territorial scope with the EU General Data Protection Regulation, an updated version of the ePrivacy Regulation was published, and Spain’s data protection authority issued guidelines on health data. In the U.S., a facial-recognition bill was introduced in the Senate, and a U.S. District Court banned phone and laptop searches at airports and ports of entry.

THE LATEST

Bulgaria’s Constitutional Court struck down a provision in the Personal Data Protection Act that helps journalists balance the rights to information and personal data protection.
More

The Finnish Presidency of the Council of the European Union has released a new version of the proposed ePrivacy Regulation.
More

In an interview with Politico, California Attorney General Xavier Becerra discussed U.S. antitrust laws, current antitrust probes and what he’d like to see Congress do regarding potential federal U.S. privacy legislation.
More

A class-action suit has been brought against WeWork following claims that its facial-recognition scanning on those who use its office spaces violates the Illinois Biometric Information Privacy Act.
More

ICYMI

IAPP Research Director Caitlin Fennessy, CIPP/US, wrote a white paper that maps the International Organization for Standardization’s first International Standards for privacy information management, ISO/IEC 27701, to the bodies of knowledge for both the CIPP/E and CIPM certifications.
More

For The Privacy Advisor, Heward Mills Founder Dyann Heward-Mills, CIPP/E, CIPP/US, CIPM, looked at how EU regulators, such as the U.K. Information Commissioner’s Office and Irish Data Protection Commission, have worked to safeguard children’s privacy, while the U.S. Federal Trade Commission aims to balance children’s privacy and innovation.
More

In a piece for Privacy Perspectives, TD Ameritrade Associate Counsel of Privacy Polina Arsentyeva, CIPP/US, discussed four reasons why she believes opt-in consent within federal U.S. and state privacy bills is actually worse for consumers.
More

ENFORCEMENT

The U.S. Federal Trade Commission has announced a settlement with Utah-based InfoTrax Systems over claims of insufficient safeguards for consumer data. InfoTrax must improve its data security to continue handling personal information and undergo third-party assessments of its information security systems every two years.
More

APAC

Google told Australia‘s Federal Court the Australian Competition and Consumer Commission’s allegations of location privacy violations are “out of context.”
More

EUROPE

The European Data Protection Board published a final version of its guidelines on the territorial scope under Article 3 of the EU General Data Protection Regulation.
More

The European Data Protection Board also adopted guidelines for privacy by design and by default and its own report on the EU-U.S. Privacy Shield review during its 15th plenary meeting.
More

The Spanish data protection authority, the AEPD, has published a guide created to answer questions patients have about the processing of their personal data.
More

The U.K. Information Commissioner’s Office has published updated guidance on special category data under the EU General Data Protection Regulation.
More

US

U.S. Sens. Chris Coons, D-Del., and Mike Lee, R-Utah, have introduced the Facial Recognition Technology Warrant Act, which seeks to cut the use of facial-recognition software by law enforcement agencies.
More

Microsoft has announced it will honor core California Consumer Privacy Act rights to all U.S. customers.
More

The U.S. District Court of Massachusetts has ruled warrantless searches of phones and laptops at airports and ports of entry violate the Fourth Amendment.
More

In a recent interview, U.S. Sen. Josh Hawley, R-Mo., claimed big tech companies are hiring lobbyists to delay or stop a potential federal privacy law.
More

The 9th Circuit Court of Appeals denied LinkedIn’s challenge of a prior decision to allow hiQ Labs to collect personal data from LinkedIn’s public pages.
More