General Privacy & Data Security News & Developments

Information and Privacy Ombudspersons and Commissioners from across Canada are urging their governments to modernize access to information and privacy laws some of which have not been updated in 35 years. Their joint resolution calls for:

  • a legislative framework to ensure the responsible development and use of artificial intelligence and machine learning technologies
  • all public

Democratic U.S. Reps. Anna Eshoo and Zoe Lofgren have announced the Online Privacy Act, a proposal that would create a federal enforcement agency to protect privacy rights.

“The bill proposes the creation of the Digital Privacy Agency (DPA) that would have the power to enforce privacy rights for users and make sure companies follow the

The Dutch DPA has issued guidance on the use of “legitimate interest” as a legal basis for processing data under GDPR.

Key takeaways on what constitutes “legitimate”:

  • The interest needs to be pursuant to a written or unwritten legal principle.
  • Merely serving the interests of society or pure commercial interests, profit maximization, following the behavior

On November 1st of last year, businesses became subject to new mandatory breach reporting regulations under Canada’s federal private sector privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA).

Since November 1st, 2018, the Canadian government received 680 breach reports. That is six times the volume received during the same period one year

The Polish data protection authority has fined a public authority 40,000 Euros for violations of GDPR including:

  • failure to execute Article 28 data processing agreements with its service providers
  • retaining personal data for longer than required by law
  • storing official videos only on YouTube in violation of the obligation to ensure availability, integrity and continuity

“Manufacturers of smart microwaves, light bulbs, and other connected devices will face new security requirements in California and Oregon next year,”  Reports Sara Merken for Bloomberg Law.

“The two states are the first ones to specifically regulate the security of internet of things devices, with laws taking effect Jan. 1. Other states are likely to

Latin American Data Protection Authorities and the Spanish Data Protection Authority have issued a joint statement on data processing and Artificial Intelligence.

Key recommendations:

1. Comply with local regulations on the treatment of personal data.

2. Conduct a data protection impact assessment.

3. Embed privacy, ethics, and security by design and by default.

4. Operationalize

“Company executives would face possible jail time for lying to the Federal Trade Commission about privacy and data security matters, under a new bill by U.S. Sen. Ron Wyden, a Democrat representing Oregon,” reports Daniel R. Stoller, Esq. for Bloomberg Law.

“The Mind Your Own Business Act would give the FTC new authorities and resources

Sen. Ed Markey , D-Mass., has introduced a bill (S. 2577) imposing considerable obligations on data brokers regarding their handling of personal information.

Key provisions:

  • Don’t collect personal information under false pretenses.
  • Have policies and procedures to ensure the accuracy of the information.
  • Provide an individual a means to review any personal information that you

New York City lawmakers have proposed three bills that would regulate the use of facial-recognition software by business owners and landlords, The Wall Street Journal reports.

If passed, landlords and business owners would be required to:

  • register the technology with a public database
  • post signage stating the tech is being used

Landlords would also have