A new bill, titled the “Washington Privacy Act,” was introduced in the Washington State Senate on January 18, 2019. If enacted, Washington would follow California to become the second state to adopt a comprehensive privacy law.
Similar to the California Consumer Privacy Act (CCPA), the Washington bill applies to entities that conduct business in the state or produce products or services that are intentionally targeted to residents of Washington and includes similar, though not identical size triggers. For example, it would apply to businesses that 1) control or process data of 100,000 or more consumers; or 2) derive 50 percent or more of gross revenue from the sale of personal information, and process or control personal information of 25,000 or more consumers. The bill would not apply to certain data sets regulated by some federal laws, or employment records and would not apply to state or local governments.
Continue reading “New Washington State Privacy Bill Incorporates Some GDPR Concepts”
On January 23, 2019, the European Commission announced its decision to adopt adequacy status with Japan for transfers of personal data. Pursuant to the European Union’s (EU) General Data Protection Regulation (GDPR), this decision will allow personal data to flow freely between the 28 EU countries, three additional European Economic Area member countries (Norway, Liechtenstein, and Iceland), and Japan, without the need for additional data protection safeguards or derogations. Japan adopted an equivalent decision with the EU on January 22, 2019. These reciprocal findings of adequacy will create the largest area of safe data flows in the world.
Continue reading “European Union Adopts Adequacy Decision For Safe Data Flows With Japan”
Issues of lack of transparency and consent formed the basis of the CNIL’s $57 million dollar fine against Google under the GDPR. CNIL is France’s highest ranking data-privacy agency. It’s the first large penalty for a U.S. technology company since the GDPR went into effect last May.
Continue reading “CNIL issues $57 million dollar fine under GDPR”
The UK Information Commissioner’s Office (ICO) has issued an Enforcement Notice against a Canadian data analytics firm, AggregateIQ (AIQ) that allegedly produced targeted advertisements for pro-Brexit campaigns. This action is the first enforcement Notice issued under the GDPR.
Continue reading “First Notice Filed Under GDPR against Canadian Analytics Firm”
The Senate Commerce Committee held a hearing “Examining Safeguards for Consumer Data Privacy” on September 26, which included testimony from tech industry executives.
Senator John Thune’s opening statement noted that with the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) have put the issue of consumer data privacy squarely on the Congress’s doorstep. “The question is no longer whether we need a federal law to protect consumers’ privacy,” he said. “The question is what shape that law should take.”
Continue reading “The Devil is in the Definitions for Federal Consumer Data Privacy Safeguards”
On August 14, the president of Brazil signed the Brazilian General Data Protection Law (LGPD) into law. It will become effective on Valentine’s Day 2020. The elements of the new law are similar to the European Union’s General Data Protection Regulation (GDPR).
Continue reading “Brazil Adopts New Privacy Law Similar to GDPR”