Global News Roundup: Feb. 8–16, 2021

In this week’s Privacy Tracker global legislative roundup, the Council of the European Union made progress on a new ePrivacy Regulation. There are new developments on India’s draft Personal Data Protection Bill and Australia’s review of the Privacy Act. IAPP Senior Westin Research Fellow Müge Fazlioglu, CIPP/E, CIPP/US, and Future of Privacy Forum Christopher Wolf Diversity Law Fellow Katelyn Ringrose, CIPP/E, CIPP/US, looked at the California Privacy Rights Act. And check out the latest updates on U.S. state privacy law initiatives in Florida, North Dakota, Oklahoma and Washington.

THE LATEST

The Netherlands data protection authority, Autoriteit Persoonsgegevens, announced a 440,000 euro fine against a hospital for insufficient security of medical records.
More

Sweden’s DPA, Datainspektionen, fined the Swedish Police Authority SEK 2.5 million for processing personal data in breach of the Swedish Criminal Data Act while using Clearview AI’s facial recognition tech.
More

The Orlando Sentinel reports Gov. Ron DeSantis, R-Fla., has thrown his support behind House Bill 969, a bill concerning consumer data privacy, which was introduced to the Florida House of Representatives Feb. 15.
More

ICYMI

Ambassadors from the Council of the European Union agreed on a negotiating mandate for the draft ePrivacy Regulation. IAPP Editorial Director Jedidiah Bracy, CIPP, detailed the new draft, as well as reaction from industry professionals on the future of the regulation.
More

IAPP Westin Fellow Nicole Sakin looked at the current state of facial recognition in the U.S. and why the technology is receiving increased attention from lawmakers.
More

In the seventh installment of a 10-part series examining the top operational impacts of the California Privacy Rights Act, IAPP Senior Westin Research Fellow Müge Fazlioglu, CIPP/E, CIPP/US, looked at how businesses should respond to data requests from residents and what they may need to do to modify the existing systems built for compliance with the California Consumer Privacy Act.
More

Future of Privacy Forum Christopher Wolf Diversity Law Fellow Katelyn Ringrose, CIPP/E, CIPP/US, analyzed the categories of sensitive data under the California Privacy Rights Act, obligations for companies to consider, and whether it’s a good model for regulating use and disclosure of sensitive data.
More

IAPP Staff Writer Joe Duball reported on the North Dakota House of Representatives’ Committee on Industry, Business and Labor’s vote against advancing House Bill 1330, which would require user opt-ins for the sale of personal data.
More

IAPP Staff Writer Jennifer Bryant highlighted the Washington State Senate Ways & Means Committee’s meeting on the Washington Privacy Act, focusing on the proposed legislation’s enforcement provisions.
More

ENFORCEMENT

According to a blog post from law firm BDK Advokati, The Federal Administrative Court of Austria ruled Nov. 26, 2020, to uphold an Austrian Data Protection Authority decision to require consent for distributing political affiliation data.
More

Google filed a challenge with the French Council of State regarding the 100 million euro fine the country’s DPA, the Commission nationale de l’informatique et des libertés, administered over alleged cookie violations, Euractiv reports.
More

Poland’s DPA, the UrzÄ…d Ochrony Danych Osobowych, fined a health care entity 85,000 PLN for failing to notify individuals who were affected by a data breach after the agency ordered it to do so.
More

The U.K. Information Commissioner’s Office fined Call Centre Ops of Nottingham and House Guard of Bournemouth a combined 270,000 GBP for making hundreds of thousands of illegal direct marketing phone calls.
More

The U.S. Federal Trade Commission announced it has finalized a settlement with SkyMed International for allegedly failing to protect customers’ information.
More

A Delaware judge found Facebook may have paid $4.9 billion more than the maximum penalty it faced under a settlement with the U.S. Federal Trade Commission over allegations the company mishandled user privacy, Reuters reports.
More

The U.S. Department of Health and Human Services’ Office for Civil Rights announced not-for-profit Nevada health system Renown Health will pay $75,000 to settle Health Insurance Portability and Accountability Act violations.
More

Reuters reports on a ruling made by the 11th U.S. Circuit Court of Appeals that may factor into a decision it will make on a $380.5 million settlement regarding Equifax’s 2017 data breach.
More

ASIA-PACIFIC

Facebook and Snap filed submissions to the Australian government’s review of the Privacy Act, ZDNet reports. The companies urged for reform that leans toward a “globally harmonised framework” and carries elements of the EU General Data Protection Regulation.
More

The Economic Times reports the Joint Parliamentary Committee examining India’s draft Personal Data Protection Bill will file its report on the proposal by March 15. The PDPB was set to be tabled in Parliament’s winter session before it was canceled due to COVID-19.
More

Business Recorder reports Pakistan’s Ministry of Information Technology and Telecommunication revealed a draft Data Protection Bill will soon be introduced, citing a need to address cybercrimes and hacking.
More

Amendments to Singapore’s Personal Data Protection Act took effect Feb. 1, Regulation Asia reports. The changes include mandatory breach notification, an enhanced accountability principle and a revised consent framework.
More

CANADA

In a post on Miller Thomson’s cybersecurity blog, Associate Counsel David Krebs, CIPP/C, and Associate Samantha Santos explore privacy by design under the proposed Consumer Privacy Protection Act.
More

EUROPE

The European Data Protection Supervisor published its Opinions on the European Commission’s proposals for the Digital Services Act and Digital Markets Act.
More

The Centre for Information Policy Leadership submitted a response to the European Commission’s public consultation on the Data Governance Act, according to Hunton Andrews Kurth’s Privacy & Information Security Law Blog.
More

US

The Hill reports state privacy law proposals are being monitored closely by U.S. Congress, which may seek to respond with federal privacy legislation.
More

A bipartisan group of U.S. congressional lawmakers introduced the Promoting Digital Privacy Technologies Act, Nextgov reports. The bill would enhance support for data anonymization tools, algorithms and other privacy-enhancing technology.
More

A coalition of Big Tech companies and trade associations filed a brief to the Supreme Court of the United States questioning consumers’ ability to bring privacy class-action suits.
More

A pair of Democratic state lawmakers in Colorado plan to introduce legislation to establish guidelines on sharing personal information with federal agencies, CBS Denver reports.
More

The Oklahoma House of Representatives’ Committee on Technology voted 6–0 Wednesday to advance House Bill 1602, the Oklahoma Computer Data Privacy Act, for reading on the House floor.
More