Global News Roundup: April 12–19, 2021

In this week’s global legislative roundup, IAPP Staff Writer Jennifer Bryant unpacked the latest on the Washington Privacy Act. The European Data Protection Board had a flurry of adoptions, including two opinions on the bloc’s draft U.K. adequacy decision. Another EU enforcement action, this time in the Netherlands, was altered via court ruling. And in the U.S., the latest updates on potential privacy legislation and amendments in Florida and Illinois, respectively, were released.

THE LATEST

Luxembourg’s National Commission for Data Protection released guidelines for how employers can track locations of employees’ vehicles.
More

In an interview with GeekWire, U.S. Rep. Suzanne DelBene, D-Wash., spoke about the prospects of federal privacy legislation and detailed her privacy proposal, the Information Transparency and Personal Data Control Act.
More

Republican members of U.S. Congress have circulated an outline for potential children’s privacy legislation that would regulate children’s data collection and targeted advertising against children, MediaPost reports.
More

ICYMI

IAPP Staff Writer Jennifer Bryant had the latest update on the status of the Washington Privacy Act in the U.S., which failed to advance out of the Washington state House of Representatives on deadline but, according to lawmakers, is said to be alive through the end of the legislative session.
More

ENFORCEMENT

The Court of The Hague reduced a fine against a Dutch hospital for EU General Data Protection Regulation violations from 460,000 to 350,000 euros after the hospital showed a willingness “to deal with the problems in the organization,� according to the court decision.
More

Hamburg’s Commissioner for Data Protection and Freedom of Information in Germany brought forth proceedings against Facebook Ireland over WhatsApp’s new privacy notice.
More

In the U.S., the New York Department of Financial Services reached a $3 million settlement with National Securities Corporation in relation to violations of DFS’ Cybersecurity Regulation stemming from four data breaches.
More

ASIA-PACIFIC

Kazakhstan’s Ministry of Digital Development, Innovations and Aerospace Industry reintroduced draft amendments to its data protection legislation.
More

The Centre for Information Policy Leadership submitted comments in response to the Ministry of Public Security of Vietnam’s Draft Decree on Personal Data Protection, according to Hunton Andrews Kurth’s Privacy & Information Security Law Blog.
More

EUROPE

European Data Protection Board adopted two opinions on the European Commission’s draft U.K. adequacy decision, a statement on data transfer agreements between EU member states and third countries, and guidelines on the application of Article 65(1)(a) of the EU General Data Protection Regulation.

Members of the European Parliament sent a letter to leaders of the European Commission on the leaked draft rules on artificial intelligence.
More

US

U.S. Sen. Ron Wyden, D-Ore., unveiled a bill that would prohibit the sale of citizens’ personal data to “unfriendly” foreign companies and governments, The Washington Post reports. The proposed Protecting Americans’ Data From Foreign Surveillance Act would task the Department of Commerce to identify the types of data that could impact national security.
More

In a piece for Lawfare, Atlantic Council Cyber Statecraft Initiative Fellow Justin Sherman writes about defining “data brokers” in a proposed U.S. privacy law.
More

The Florida House of Representatives Commerce Committee voted 22–0 to advance House Bill 969 with a favorable recommendation to the House floor. The committee took up a “strike-all” amendment that made several notable changes to the law, including tweaks to coverage thresholds, new controller-processor language and moving the effective date to July 2022.
More

Lawmakers are considering changes to Illinois’ Biometric Information Privacy Act following lawsuits and complaints from businesses, The Center Square reports. Senate Bill 300 would provide 30 days for an entity to correct a potential BIPA violation before an individual could file a lawsuit unless a breach of their information occurred.
More