Global News Roundup: March 2–8, 2021

In this week’s global legislative roundup, IAPP Westin Research Fellow Sarah Rippy broke down Virginia’s Consumer Data Protection Act signed into law March 2. Italy’s data protection authority, the Garante, issued guidance on “vaccination passes.â€� Luxembourg’s National Commission for Data Protection is tempering ideas of big EU General Data Protection Regulation fines from its office. And, a number of state privacy laws were considered in the U.S., including Oklahoma, Utah and Washington state.

THE LATEST

In the U.S., the Utah State Legislature approved House Bill 243, which focuses on privacy protections and oversight within state government.
More

ICYMI

In this piece for Privacy Tracker, IAPP Westin Research Fellow Sarah Rippy broke down Virginia’s Consumer Data Protection Act, signed into law March 2, including its scope, exemptions, the data rights it gives to state residents and how it compares to other privacy laws.
More

In this piece for The Privacy Advisor, IAPP Staff Writer Jennifer Bryant spoke with plaintiff’s attorney Jay Edelson who described Facebook’s $650 million class-action settlement over alleged Illinois’ Biometric Information Privacy Act violations as “a make-or-break moment for the privacy barâ€� that establishes “a new modelâ€� for settlements.
More

ENFORCEMENT

The Office of the Australian Information Commissioner fined the Department of Home Affairs for breaching the privacy of more than 9,000 detainees and ordered it to pay between $500 and $20,000 on a case-by-case basis.
More

British Columbia’s Office of the Information and Privacy Commissioner published a series of best practices around common or integrated programs under the province’s Freedom of Information and Protection of Privacy Act.
More

Cyprus Officer of Commissioner fined Cypriot electricity authority 40,000 for unlawful use of an automated system allowing for the monitoring of employees’ absences for medical- and health-related reasons.
More

Luxembourg’s National Commission for Data Protection is tempering ideas of big EU General Data Protection Regulation fines from its office, Politico reports.
More

AFRICA

South Africa’s Information Regulator ruled Facebook is prohibited from sharing contact information it gathers from WhatsApp users in the country without permission from the agency, Reuters reports.
More

ASIA-PACIFIC

The Office of the Australian Information Commissioner issued guidance to help employers understand obligations on collecting, using, storing and disclosing employee health information related to COVID-19 vaccines.
More

The Dubai International Financial Centre announced proposed amendments to data protection laws that would clarify the judicial redress process for data subject rights and implement accountability requirements for controllers and processors.
More

Sri Lanka’s Information and Communication Technology Agency announced a final draft of the Act to Provide for the Regulation of Processing of Personal Data will soon be submitted to the Cabinet of Ministers.
More

EU

The Court of Justice of the European Union ruled access to location data drawn from electronic communications can only be used for law enforcement investigations involving serious crimes and to “prevent serious threats to public security.”
More

A member of the European Parliament who was involved in the creation of the EU General Data Protection Regulation said the law needs to be updated, the Financial Times reports.
More

Reuters reports France’s Council of State has orders from the government to bypass a prior decision by the Court of Justice of the European Union regarding data retention.
More

Italy’s data protection authority, the Garante, issued guidance on “vaccination passes,â€� saying they should not be used to enable access to certain services or locations, like airports or hotels, and the processing of data related to citizens’ vaccination status should be regulated by a national law.
More

Norway’s data protection authority, Datatilsynet, fined a company NOK 250,000 for monitoring an employee’s email without a legal basis.
More

US

Hawaii’s House of Representatives is considering House Bill 125, the Uniform Employee and Student Online Privacy Protection Act.
More

The Oklahoma House of Representatives approved the third reading of House Bill 1602, the Computer Data Privacy Act, with a vote of 85–11 and 5 abstentions Thursday.
More

Utah’s Senate Bill 200, the Consumer Privacy Act, failed to get a third Senate floor reading on the final day it was able to pass the chamber.
More

The Utah Legislature passed SB 34, which regulates the government’s use of facial recognition technology, The Salt Lake Tribune reports.
More

The Washington State Senate passed the Washington Privacy Act, with the bill now heading to the House of Representatives.
More