More than 200 senior members of the legal profession – including QCs, law professors, senior lawyers and former judges – have signed an open letter to the UK Government condemning the Investigatory Powers Bill currently before Parliament. The letter describes the Bill as “unfit for purpose”, citing its failure to reflect international standards for surveillance powers, especially in relation to bulk data collection, targeting, and grounds for the issuing of warrants.
The European Union’s new General Data Protection Regulation (GPDR) has passed its last major hurdle to adoption. On Dec. 18, 2015, the Permanent Representatives Committee of the European Council confirmed that the compromise texts on the legislative package had been agreed with the European Parliament.
The GPDR contains a number of features potentially of interest to privacy practitioners in other jurisdictions whose privacy laws may follow the direction set by the EU, including:
- codifying the ‘right to be forgotten’ confirmed by the European Court of Justice in the 2014 Costeja decision
- regulating algorithmic decision-making where it produces legal effects or significantly affects individuals, and
- introducing requirements for mandatory notification of data breaches.
Link: WSGR via Bloomberg BNA
California has passed privacy law regulating the use of voice recognition in TVs. The law prohibits the operation of a voice recognition feature unless the user is prominently informed during the initial setup or installation of a connected TV. Further, any recordings of conversations collected through the operation of a voice recognition feature cannot be sold or use for any advertising purpose.
Link (Legislation): AB No.1116
California today passed the Electronic Communications Privacy Act, which prohibits law enforcement or other regulators from forcing businesses to hand over metadata or digital communications without a warrant. It also requires a warrant to track or search devices like mobile phones. The Act is being hailed as the most comprehensive law of its kind in any U.S. state.
President Barack Obama has put out for discussion a draft of the Consumer Privacy Bill of Rights Act.
The Act would:
- require compliance with fair information practice principles, which set out the legal obligations for the covered entities when collecting, creating, processing, using or disclosing personal data
- require that data security measures are reasonable in light of the “privacy risks”, defined as those risks that cause emotional distress or physical, financial or professional harm to the consumer
- impose civil penalties up to US$25 million, and
- provide a safe harbour for those entities that adhere to codes of conduct approved by the Federal Trade Commission.
Link: Discussion draft of Consumer Privacy Bill of Rights Act