General Privacy & Data Security News & Developments

How much is that privacy in the window? Researchers behind experiments on people’s willingness to pay for privacy, including Angela Winegar, Cass Sunstein and Alessandro Acquisti argue that consumers’ behavior and preferences aren’t a reliable indicator of how they value their own privacy, let alone how a society as a whole should value it.

“Study

Beware the federal privacy bill.

“Although there are key differences, the two [federal privacy] bills also have important similarities:

  •  a set of individual rights combined with boundaries on how businesses collect, use, and share information.
  • individual rights including access, correction, deletion and portability for personal information, along with rights to give “affirmative express consent” before

Information and Privacy Ombudspersons and Commissioners from across Canada are urging their governments to modernize access to information and privacy laws some of which have not been updated in 35 years. Their joint resolution calls for:

  • a legislative framework to ensure the responsible development and use of artificial intelligence and machine learning technologies
  • all public

Democratic U.S. Reps. Anna Eshoo and Zoe Lofgren have announced the Online Privacy Act, a proposal that would create a federal enforcement agency to protect privacy rights.

“The bill proposes the creation of the Digital Privacy Agency (DPA) that would have the power to enforce privacy rights for users and make sure companies follow the

The Dutch DPA has issued guidance on the use of “legitimate interest” as a legal basis for processing data under GDPR.

Key takeaways on what constitutes “legitimate”:

  • The interest needs to be pursuant to a written or unwritten legal principle.
  • Merely serving the interests of society or pure commercial interests, profit maximization, following the behavior

On November 1st of last year, businesses became subject to new mandatory breach reporting regulations under Canada’s federal private sector privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA).

Since November 1st, 2018, the Canadian government received 680 breach reports. That is six times the volume received during the same period one year

The Polish data protection authority has fined a public authority 40,000 Euros for violations of GDPR including:

  • failure to execute Article 28 data processing agreements with its service providers
  • retaining personal data for longer than required by law
  • storing official videos only on YouTube in violation of the obligation to ensure availability, integrity and continuity

“Manufacturers of smart microwaves, light bulbs, and other connected devices will face new security requirements in California and Oregon next year,”  Reports Sara Merken for Bloomberg Law.

“The two states are the first ones to specifically regulate the security of internet of things devices, with laws taking effect Jan. 1. Other states are likely to