“Though it was hailed as a potentially groundbreaking bill, the New York Privacy Act (NYPA) failed to materialize during the state’s most recent session. Had it done so, the bill would have introduced a regulatory framework that rivaled or potentially even surpassed that of the California Consumer Privacy Act (CCPA), the first major piece of data privacy legislation in the United States.”
The Federal Trade Commission is seeking comments on the Children’s Online Privacy Protection Act Rule.
In light of continued rapid changes in technology, the Federal Trade Commission is seeking comment on the effectiveness of the amendments the agency made to the Children’s Online Privacy Protection Act Rule (COPPA Rule) in 2013 and whether additional changes are needed.
“In light of rapid technological changes that impact the online children’s marketplace, we must ensure COPPA remains effective,” said FTC Chairman Joe Simons. “We’re committed to strong COPPA enforcement, as well as industry outreach and a COPPA business hotline to foster a high level of COPPA compliance. But we also need to regularly revisit and, if warranted, update the Rule.”
In addition to standard questions about the effectiveness of the COPPA Rule and whether it should be retained or modified, the FTC is seeking comment on all major provisions of the COPPA Rule, including its definitions, notice and parental consent requirements, exceptions to verifiable parental consent, and safe harbor provision.
The European Data Protection Board (EDPB) publishes it’s first annual report and reveals a road map for guidance to come.
In 2019 and 2020, the EDPB aims to focus on data subjects’ rights, the concept of the controller and processor and legitimate interest.
The EDPB will also consider technologies such as connected vehicles, blockchain, artificial intelligence and digital assistants, video surveillance, search engine de-listing and data protection by design and by default.
The Dutch Data Protection Authority has levied a fine of 460,000 euros on Haga Hospital for insufficient security following an investigation revealing that dozens of hospital staff had unnecessarily checked the medical records of a well-known Dutch person.
In addition, if the hospital has not improved security before October 2, 2019, it must pay 100,000 euros every two weeks, up to a maximum of 300,000 euros.
According to DutchNews.nl, the authority’s chairman Aleid Wolfsen said: “The relationship between a healthcare provider and a patient should be completely confidential. Also within the walls of a hospital. It doesn’t matter who you are.”
Checklist for drafting your controller-controller data sharing agreement (from the ICO Data Sharing Code of Conduct now out for public consultation):
Questions to ask when sharing data between two data controllers (from the ICO Data Sharing Code of Conduct):
The UK Information Commissioner’s Office has issued a data sharing code of conduct for public consultation.
“The Federal Trade Commission fined Facebook a record-setting $5 billion on Friday for privacy violations, according to multiple reports. The penalty comes after an investigation that lasted over a year, and marks the largest in the agency’s history by an order of magnitude. If approved by the Justice Department’s civil division, it will also be the first substantive punishment for Facebook in the United States, where the tech industry has gone largely unregulated.”
The European Data Protection Board has issued an opinion on lead supervisory authority in the event of a change of location of the main establishment of an organization.
Key takeaways: