Global News Roundup: Feb. 16–22, 2021

In this week’s global legislative roundup, IAPP Senior Westin Research Fellow Müge Fazlioglu, CIPP/E, CIPP/US, offered the latest in the IAPP’s series on California Privacy Rights Act’s top operational impacts and analysis on the EU’s ePrivacy Regulation efforts. IAPP Editorial Director Jedidiah Bracy, CIPP, and IAPP Senior Westin Research Fellow and Covington & Burling Senior Counsel Jetty Tielemans looked at draft decisions for U.K. adequacy. And in the U.S., Virginia’s Consumer Data Protection Act is a signature away from becoming a law.

THE LATEST

Costa Rica posted a bill to amend the Law on the Protection of Persons Regarding the Processing of their Personal Data No. 8968 of 2011 in its Official Gazette. Amendments include developing transparency and data minimization principles, updated data subject rights and outlining clear legal bases for cross-border data transfers.
More

Spain’s data protection authority, the Agencia Española de Protección de Datos, issued a 6 million euro fine to CaixaBank for violations of the EU General Data Protection Regulation.
More

In the U.S., the Virginia Senate passed the House Representatives’ substitute bill for Senate Bill 1392, the Virginia Consumer Data Protection Act, by a 32–7 vote. Gov. Ralph Northam, D-Va., has seven days from Feb. 19 to sign the bill into law.
More

ICYMI

Demarest Advogados’ Tatiana Campello, Eduardo Magrani and Kelvin Williamson broke down the Brazilian Digital Government Secretariat’s guidelines to instruct the interpretation of the General Data Protection Law by public entities.
More

IAPP Senior Westin Research Fellow Müge Fazlioglu, CIPP/E, CIPP/US, took a deep dive into the proposed ePrivacy Regulation, including its evolution, scope and how it handles consent and cookies. She also examined how ePrivacy interplays with the EU General Data Protection Regulation and its potential paths forward.
More

The European Commission released two draft decisions on the U.K.’s adequacy status. IAPP Editorial Director Jedidiah Bracy, CIPP, reported on the decisions, reactions from around the industry and next steps in the process.
More

In the eighth installment of a 10-part series examining the top operational impacts of the California Privacy Rights Act, IAPP Senior Westin Research Fellow Müge Fazlioglu, CIPP/E, CIPP/US, examines the right to deletion and no retaliation under the CPRA, as well as how the bill approaches children’s privacy.
More

ENFORCEMENT

Denmark’s data protection authority, Datatilsynet, the Danish Council for Digital Security, and the Danish Business Authority jointly released guidance on requirements for the use of cookies.
More

Hamburg’s Commissioner for Data Protection and Freedom of Information sent out a questionnaire to German organizations regarding third-party data transfers while using Microsoft Office 365.
More

Italy’s Antitrust Authority, the Autorità Garante della Concorrenza e del Mercato, issued a 7 million euro fine to Facebook following noncompliance with mandated changes to its data practices.
More

The U.S. Department of Health and Human Services’ Office for Civil Rights reached a $70,000 settlement with Sharp HealthCare over alleged violations of the Health Insurance Portability and Accountability Act Privacy Rule’s right to access standard.
More

ASIA-PACIFIC

The Ministry of Public Security is seeking public comments on Vietnam’s draft decree on personal data protection. The decree outlines definitions for categories of personal data, data subject rights, consent provisions and more.
More

US

Digiday reports on the early slate of lawsuits filed under the California Consumer Privacy Act.
More

An ordinance approved in Minneapolis, Minnesota, will ban the Minneapolis Police Department and other city agencies from using facial recognition technology, The Verge reports.
More

Montana lawmakers are considering a bill to amend the state constitution to include the prohibition of warrantless search and seizures of citizens’ “electronic data and communications,” the Sidney Herald reports.
More

State Sen. Kirk Cullimore, R-Utah, introduced Senate Bill 200, the Consumer Privacy Act, Feb. 16. The bill features opt-in consent requirements, data subject rights, data protection assessments and enforcement by the attorney general.
More

Photo by Francis Valadj from FreeImages