U.K. Minister of State in the Department of Science, Innovation and Technology Julia Lopez presented the proposed Data Protection and Digital Information Bill for its second reading in the U.K. House of Commons.
Washington state's House voted 57-40 for concurrence and final approval of House Bill 1155, the My Health My Data Act. The broad-based data privacy bill takes effect 31 March 2024 and establishes consumer rights, consent requirements for data practices concerning personal health care information, and a private right of action. Upon transmission to Gov.
Politico reports on how the health care industry is responding to federal enforcement actions around data privacy. Some health care firms have discontinued "advertising with major platforms like Google and Facebook," which could make it more difficult for consumers to find services online.
Companies are increasingly moving away from third parties that collect and process personal data on their behalf, relying instead on first-party data in particular to pursue personalized marketing activities. Osborne Clarke senior associate Florian Eisenmenger, CIPP/E, CIPM, FIP, discusses the privacy challenges around consent and transparency, best practices to ensure compliance requirements, and more. "Ultimately, greater control of data comes with the greater responsibilities of safeguarding it and meeting applicable compliance requirements," he said.
A Federal Court judge rejected a 2019 ruling by the Office of the Privacy Commissioner of Canada that Facebook violated privacy laws, IT World Canada reports. During its investigation into the Cambridge Analytica revelations, the commissioner ruled Facebook violated the Personal Information Protection and Electronic Documents Act by sharing user data with a third-party app without adequate consent.
The Dubai International Financial Centre announced a consultation on proposed amendments to Data Protection Law regulations. The proposed updates aim to "establish additional areas of regulation that support robust implementation" of the DPL. Topics covered within the updates include data breaches, controller and processor obligations in digital enablement technology systems, and incorporating privacy by design or default in artificial intelligence deployments.
Beginning in 2016, U.S. Immigration and Customs Enforcement officials allegedly accessed law enforcement databases illegally 414 times to commit a "swath" of unlawful activity, according to internal agency investigation records obtained by Wired. ICE agents and contractors allegedly used records to engage in "stalking, … harassment (and) passing information to criminals." ICE personnel allegedly searched databases for individuals' "medical, biometric, and location data" on behalf of friends and neighbors.
The EU Council circulated a third draft of compromise text for updating the Product Liability Directive, Euractiv reports. The directive spells out the circumstances in which software developers would be held legally accountable for their products causing "material damage" to customers but has not been modernized since the 1980s.