With the California Privacy Rights Act in effect, one of the burning questions businesses face relates to modifications made to the California Consumer Privacy Act business threshold. The change, and subsequent compliance requirements, will particularly impact small and medium-sized businesses. But how does a company identify if they fall under the change?
Euractiv reports European Parliament's ePrivacy Regulation rapporteur Birgit Sippel called on the Swedish Presidency of the Council of the European Union to give attention to the long-stalled proposal. In her letter to Swedish leadership calling for a meeting on the proposal, Sippel said "it seems crucial to me that we now make progress on this legislative act" as the EU presses forward with its digital strategy.
Denmark has built one of the most comprehensive machine learning-powered welfare auditing systems in the world, Wired reports. In a joint investigation with Lighthouse Reports, the publications discovered through public records requests that, to prevent fraud, Denmark’s Public Benefits Administration has access to nine state databases containing citizens’ personal information including tax, property and employment data.
WhatsApp Head Will Cathcart said its parent company, Meta, would not adhere to the proposed U.K. Online Safety Bill and break its end-to-end encryption, the Guardian reports. Cathcart said the future of WhatsApp operating in the U.K. could be in doubt should provisions in the bill allowing the U.K.
In an interview with Stuff, New Zealand’s Privacy Commissioner Michael Webster spoke out against the proposed expansion of the Search and Surveillance Act. Webster said the bill, which was crafted in response to gang war and to investigate those responsible, could be repurposed to erode privacy once codified in law.
EU-based companies that mishandle personal data following a cyberattack are subject to penalties following a ruling by Ireland’s Data Protection Commission, The Wall Street Journal reports. The DPC recently fined a Dublin-based medical group 460,000 euros for "inadvertent destruction of about 2,500 patient files and other data deletions" after a ransomware attack in 2019.
As the California Consumer Privacy Act and California Privacy Rights Act continue to preoccupy privacy professionals, there is still much to be decided with both laws. The IAPP's updated "CCPA-/CPRA-Related Legislation Tracker" keeps tabs on bills pending in the California Legislature that would amend the CCPA or CPRA and may otherwise impact how organizations understand or approach each law. The legislative session ends Sept. 14, and the deadline for bills to be signed into law is Oct.
The Office of the Privacy Commissioner of Canada published its 2023-2024 departmental plan. Commissioner Philippe Dufresne said the office is "preparing to be ready to deliver on its new mandate" if federal privacy law reforms under Bill C-27 pass. He also alluded to his office needing to be "properly resourced" for "necessary operational and structural changes" the office will assume under Bill C-27.
Significant figures involved in the most pertinent global privacy topics shared thoughts from the keynote stage at the IAPP Data Protection Intensive: UK Thursday. One panel explored the state of play and future of both EU data protection enforcement and international data transfers, while U.K. Secretary of State for the Department of Science, Innovation and Technology Michelle Donelan shared her perspective on proposed U.K. data reforms and their impacts.