Information privacy law

Understanding the Expanding Data Privacy Laws and its Impact on Businesses Webinar

Retrieved on: 
Tuesday, July 20, 2021

IRVINE, Calif., July 20, 2021 /PRNewswire-PRWeb/ --We are witnessing a global trend of data privacy regulations and because there is no federal data privacy law or central data protection authority tasked with ensuring compliance, a number of US states have taken it upon themselves to enact or propose their own data privacy laws.

Key Points: 
  • IRVINE, Calif., July 20, 2021 /PRNewswire-PRWeb/ --We are witnessing a global trend of data privacy regulations and because there is no federal data privacy law or central data protection authority tasked with ensuring compliance, a number of US states have taken it upon themselves to enact or propose their own data privacy laws.
  • However, MatrixPoint and Rutan & Tucker are jointly providing a webinar to unravel the complexities of the expanding state-by-state privacy laws.
  • The one-hour webinar will address these topics:
    State by state data privacy laws, the similarities, and differences and how they impact businesses
    To register for this webinar, visit: Understanding the Expanding Data Privacy Laws and its Impact on Businesses on Thursday, July 22 at 1:00 PM PDT Eventbrite.
  • MatrixPoint Consulting is a data-centric consulting firm that specializes in media analysis, marketing efficiency, and data privacy compliance.

BIGtoken’s Top 10 Privacy and Crypto Headlines From April 2021

Retrieved on: 
Thursday, April 29, 2021

\xe2\x80\x9c Comprehensive Data Privacy Law Bring Big Changes To Virginia, But Excludes Personal Employee Data,\xe2\x80\x9d The National Law Review - April 7, 2021\nVirginia has become the second state to enact a comprehensive data privacy law.

Key Points: 
  • \xe2\x80\x9c Comprehensive Data Privacy Law Bring Big Changes To Virginia, But Excludes Personal Employee Data,\xe2\x80\x9d The National Law Review - April 7, 2021\nVirginia has become the second state to enact a comprehensive data privacy law.
  • \xe2\x80\x9cColorado Mulls New Data Privacy Bill ,\xe2\x80\x9d ExchangeWire - April 6, 2021\nColorado has become the latest U.S. state to introduce a new data privacy bill.
  • There are concerns that in 14 of the 20 States the data privacy rules have been eroded through the efforts of Big Tech companies.
  • Further, as the data privacy issue becomes more understood, concerns about its misuse in areas such as personal financial information has become increasingly heightened.\n5.

Zoho Privacy Survey Finds 62% of Businesses Aren’t Telling Customers About Third-Party Ad Trackers Collecting Their Data

Retrieved on: 
Tuesday, December 15, 2020

Out of 1,220 respondents willing to share thoughts on their data privacy policies, 55% claim to have well-defined consumer data privacy policies that are strictly applied.

Key Points: 
  • Out of 1,220 respondents willing to share thoughts on their data privacy policies, 55% claim to have well-defined consumer data privacy policies that are strictly applied.
  • What's more, the majority of businesses do not see it necessary to inform customers that they are being tracked.
  • This business practice is also true in California, the only U.S. state with a consumer data privacy law.
  • Its privacy policy takes a bold stance against adjunct surveillance, closing loopholes that other businesses are still exploiting to generate revenue from third-party ad trackers.

CALIFORNIA APPROVES BALLOT MEASURE EXPANDING CONSUMER DATA PRIVACY EXPECTED TO ROLLOUT NATIONALLY

Retrieved on: 
Friday, November 6, 2020

The CPRA expands, amends, and increases the protections afforded by the California Consumer Privacy Act (CCPA), which was adopted January 1, 2020, with enforcement actions initiated in July 2020.

Key Points: 
  • The CPRA expands, amends, and increases the protections afforded by the California Consumer Privacy Act (CCPA), which was adopted January 1, 2020, with enforcement actions initiated in July 2020.
  • The new law is undoubtedly our countrys strictest consumer data privacy law, imposing stringent legal requirements on how businesses collect and share consumer data.
  • Under the CPRA, businesses must enable those rights by protecting personal data and providing consumers with access to their personal data.
  • As Data443 is All Things Data Security, we already support all facets of the CPRA for our clients automatically.

A Landmark Ruling in Brazil: Paving the Way for Considering Data Protection as an Autonomous Fundamental Right

Retrieved on: 
Tuesday, June 9, 2020

A historic ruling of the Brazilian Supreme Court from May 07, 2020 describes the right to data protection as an autonomous right stemming from the Brazilian Constitution. By a significant majority, 10 votes to 1, the Court halted the effectiveness of the Presidential Executive Order (MP[1] 954/2020) that mandated telecom companies to share subscribers’ data (e.g., name, telephone number, address) of more than 200 hundred million individuals with the Brazilian Institute of Geography and Statistics (IBGE), the country’s agency responsible for performing census research. More important than the decision itself was its reasoning, which paves the way for recognizing the protection of personal data as a fundamental right, independent of the right to privacy, that already receives such recognition, in a similar fashion to the Charter of Fundamental Rights of the European Union. This article summarizes the main findings of the ruling. First, (1) it will provide background on the role of the Brazilian Supreme Court and the legal effects of the ruling. It will then look into (2) the facts of the case, (3) the main findings of the Court, to conclude with (4) an analysis of what comes next for the Brazilian data protection and privacy law. The role of the Supreme Court and its rulings in the Brazilian legal systemOne particular type of proceeding, known as Direct Action of Unconstitutionality (ADI), can be filed directly to the Supreme Court without the need to be discussed on lower-level courts or any other court in cases in which laws or norms directly violate the constitution. Rulings from this particular type of proceedings have nationwide binding effects for all entities of the three branches of the government and for private organizations. This was the type of proceeding filed at STF to discuss data protection as an autonomous fundamental right. Its ruling, therefore, will have overall binding effects. Facts of the case and proceedingsThe trial in front of the eleven Justices started on May 6, with the participation of the parties’ lawyers and of amici curiae, including Data Privacy Brasil. The organisation filed an amicus brief and it was represented for the oral statement by its Director Bruno Ricardo Bioni (a co-author of this article), who spoke at length about the singular position of the right to protection of personal data, its status as an autonomous fundamental right, the many vices of the executive order and the current data protection landscape in Brazil, including the fact that the Brazilian General Data Protection Law (LGPD) is still in vacatio legis. He also reminded the Court that the national data protection authority, which will provide guidance and enforcement, is yet to be established. The English translation of the oral statement is available online. Main findings of the CourtOn top of that there are superior courts also with specific scope, such as specific violations of federal laws.

Key Points: 
  • A historic ruling of the Brazilian Supreme Court from May 07, 2020 describes the right to data protection as an autonomous right stemming from the Brazilian Constitution. By a significant majority, 10 votes to 1, the Court halted the effectiveness of the Presidential Executive Order (MP[1] 954/2020) that mandated telecom companies to share subscribers’ data (e.g., name, telephone number, address) of more than 200 hundred million individuals with the Brazilian Institute of Geography and Statistics (IBGE), the country’s agency responsible for performing census research. More important than the decision itself was its reasoning, which paves the way for recognizing the protection of personal data as a fundamental right, independent of the right to privacy, that already receives such recognition, in a similar fashion to the Charter of Fundamental Rights of the European Union. This article summarizes the main findings of the ruling. First, (1) it will provide background on the role of the Brazilian Supreme Court and the legal effects of the ruling. It will then look into (2) the facts of the case, (3) the main findings of the Court, to conclude with (4) an analysis of what comes next for the Brazilian data protection and privacy law. 
    1. The role of the Supreme Court and its rulings in the Brazilian legal system
  • One particular type of proceeding, known as Direct Action of Unconstitutionality (ADI), can be filed directly to the Supreme Court without the need to be discussed on lower-level courts or any other court in cases in which laws or norms directly violate the constitution. Rulings from this particular type of proceedings have nationwide binding effects for all entities of the three branches of the government and for private organizations. This was the type of proceeding filed at STF to discuss data protection as an autonomous fundamental right. Its ruling, therefore, will have overall binding effects. 
    1. Facts of the case and proceedings
  • The trial in front of the eleven Justices started on May 6, with the participation of the parties’ lawyers and of amici curiae, including Data Privacy Brasil. The organisation filed an amicus brief and it was represented for the oral statement by its Director Bruno Ricardo Bioni (a co-author of this article), who spoke at length about the singular position of the right to protection of personal data, its status as an autonomous fundamental right, the many vices of the executive order and the current data protection landscape in Brazil, including the fact that the Brazilian General Data Protection Law (LGPD) is still in vacatio legis. He also reminded the Court that the national data protection authority, which will provide guidance and enforcement, is yet to be established. The English translation of the oral statement is available online.
    1.  Main findings of the Court
    • On top of that there are superior courts also with specific scope, such as specific violations of federal laws.
    • At the top of the system sits the Brazilian Supreme Court (STF), a constitutional court of eleven Justices appointed by the President.
    • However, the MP mandated that subscribers data of 200 million telecom clients should be shared with IBGE to perform the census.
    • 5, X, of the Federal Constitution, and to the right to secrecy of communications data, provided by Art.
    • In previous case-law, the Court struggled to recognize stored data, such as subscribers data, as data protected by Art.
    • Long standing precedents only granted such type of protection to data in motion, like ongoing telephone calls or data being transmitted.
    • Acknowledging the need to update this understanding in light of new technologies and the impact that the misuse of data can have upon individuals and the society, another argument was presented: the need to recognize the right to protect personal data as an autonomous fundamental right.
  • If the Brazilian Constitution’s core value is the protection of human dignity, the protection it affords should go beyond the right to privacy in order to address other harmful challenges to an individual’s existence, and not only harms to personality rights. Today, humanity can be hacked not only through granting access to data regarding our intimacy, or aspects of human personality that must be locked under seven keys. Recalling the work of philosopher Yuval Harari, Justice Gilmar Mendes argued that due to technological progress, any type of data use that covers an extension of our individuality can pose a threat to human rights and fundamental freedoms. For this reason Justice Fux argued that just like the Charter of Fundamental Rights of the EU, the Brazilian Constitution should recognize the protection of personal data as an autonomous fundamental right, distinct from the right to privacy.
    • Protection of Personal Data as a pillar for democracy 
  • The Cambridge Analytica scandal was recalled by Justice Luiz Fux to contextualize the collective dimension of data protection rights. By describing the facts surrounding that case, the Justice highlighted how the misuse of personal data can have an impact that surpasses the individual and can affect the very foundations of democracies and influence electoral outputs. “We know today that the dissemination of this data is very dangerous”, affirmed Justice Fux, reminiscing of his term as President of the Superior Electoral Court, when he analyzed a case concerning lack of transparency and knowledge of how personal data is collected and used for political purposes, which can lead to unattended consequences that violate individual and collective rights.
    • Protection of Personal Data is rooted in the due process clause
  • “The use of personal data is inevitably an interference over the personal sphere of someone”, highlighted Justice Luis Roberto Barroso. As a  consequence, it should be proportionate by verifying if: 
    1. a) the purpose of the processing is clearly specified and legitimate; 
    2. b) the amount of data collected is limited to what is strictly necessary in relation to the purposes for which they are being processed; 
    3. c) information security measures are adopted to avoid unauthorized third-party access. 
  • Such proportionality test was the conclusion made by Justice Luis Roberto Barroso, which is clearly crafted after the traditional principles of protection of personal data. For the first time, a Judge of the Supreme Court has provided a ruling with such strong wording supporting fair information practice principles as components of an autonomous constitutional right to data protection. 
    • Digital Rights as Fundamental Rights
  • The case is still under ongoing proceedings and pending the votes of the other 9 Justices. Nonetheless, the two opinions already published are a breakthrough and show a steep change in the perception and understanding of Brazil’s highest court towards privacy and data protection rights. 
    1. A look to the future: the Brazilian General Data Protection Law and the amendment to the Brazilian Constitution
    • religion, family relationships) and, therefore, requests to access data from the IRS would not disproportionately interfere on the right to private life.
    • In the case RE 1055941, the same reasoning was adopted in order to grant similar data access request powers to the Public Prosecutors Office.
    • Thus, protection of personal data should receive the same protection conferred by the due process clause.
    • Despite this historical ruling, Brazil stilllacks an institutional infrastructure to supervise and enforce data protection rights.
    • The National Data Protection Authority was created by the Brazilian General Data Protection Law (LGPD), but is yet to be established.
    • In parallel, a proposal to amend the Federal Constitution aims to include the protection of personal data in the list of fundamental rights.
    • On top of that, the National Data Protection Authority (ANPD), created in Dezember 2018, is yet to be established.
    • Founder of Data Privacy Brasil; Contact: [emailprotected] Renato Leite Monteiro is a PhD candidate at the University of So Paulo School of Law.
    • He was a study visitor at Council of Europe and actively participated in the discussions that led to the Brazilian General Data Protection Law.
    • Data Privacy Brasil aims to improve privacy and data protection capacity-building for organizations active in Brazil.
  • Businesses Can Keep Customer’s Personal Information Personal with New Solution from Fiserv

    Retrieved on: 
    Tuesday, April 7, 2020

    TransArmor Personal Data Protection from Fiserv, which incorporates industry-leading data security technology from Protegrity, helps businesses secure consumers personal data.

    Key Points: 
    • TransArmor Personal Data Protection from Fiserv, which incorporates industry-leading data security technology from Protegrity, helps businesses secure consumers personal data.
    • With TransArmor Personal Data Protection, businesses are able to encrypt and tokenize personal information that consumers provide to businesses during routine interactions, such as creating a customer account, enrolling in a promotion, or disclosing basic shipping information.
    • TransArmor Personal Data Protection supports business applications and processes, and allows those systems to secure personally identifiable information and sensitive personal information.
    • Additionally, TransArmor Personal Data Protection helps businesses secure personal information of their own employees that may be stored on internal systems.

    FTC Finalizes Settlements with Four Companies Related to Privacy Shield Allegations

    Retrieved on: 
    Wednesday, January 29, 2020

    The Federal Trade Commission has finalized settlements with four companies over allegations they made false claims in connection with the EU-U.S. Privacy Shield framework, which enables companies to transfer consumer data legally from European Union countries to the United States.

    Key Points: 
    • The Federal Trade Commission has finalized settlements with four companies over allegations they made false claims in connection with the EU-U.S. Privacy Shield framework, which enables companies to transfer consumer data legally from European Union countries to the United States.
    • In separate actions, the Commission alleged that Click Labs, Inc.and Incentive Services, Inc.falsely claimed to participate in the EU-U.S. Privacy Shield framework and the Swiss-U.S. Privacy Shield framework, which establishes a process for companies to transfer consumer data in compliance with Swiss law.
    • The FTC also alleged that Global Data Vault, LLC, and TDARX, Inc.continued to claim participation in EU-U.S. Privacy Shield after allowing their certifications to lapse.
    • They also substantively violated the Privacy Shield principles by failing to verify annually that statements about their Privacy Shield practices were accurate and failing to affirm that they would continue to apply Privacy Shield protections to personal information collected while participating in the program.

    FTC Finalizes Settlements with Four Companies Related to Privacy Shield Allegations

    Retrieved on: 
    Wednesday, January 29, 2020

    The Federal Trade Commission has finalized settlements with four companies over allegations they made false claims in connection with the EU-U.S. Privacy Shield framework, which enables companies to transfer consumer data legally from European Union countries to the United States.

    Key Points: 
    • The Federal Trade Commission has finalized settlements with four companies over allegations they made false claims in connection with the EU-U.S. Privacy Shield framework, which enables companies to transfer consumer data legally from European Union countries to the United States.
    • In separate actions, the Commission alleged that Click Labs, Inc.and Incentive Services, Inc.falsely claimed to participate in the EU-U.S. Privacy Shield framework and the Swiss-U.S. Privacy Shield framework, which establishes a process for companies to transfer consumer data in compliance with Swiss law.
    • The FTC also alleged that Global Data Vault, LLC, and TDARX, Inc.continued to claim participation in EU-U.S. Privacy Shield after allowing their certifications to lapse.
    • They also substantively violated the Privacy Shield principles by failing to verify annually that statements about their Privacy Shield practices were accurate and failing to affirm that they would continue to apply Privacy Shield protections to personal information collected while participating in the program.

    Marking GDPR Anniversary, nCipher Survey Reveals Americans’ Data Privacy Attitudes

    Retrieved on: 
    Wednesday, May 22, 2019

    The results illustrate that data privacy has become a hot-button issue for Americans.

    Key Points: 
    • The results illustrate that data privacy has become a hot-button issue for Americans.
    • And it offers a look at how Americans view data privacy responsibility and what they know about data protection regulations.
    • The nCipher survey data indicates that protecting personal information has become of paramount importance for many Americans.
    • More than half (52%) of Americans said data privacy is important to them.

    Opening keynote speech by Commissioner Mariya Gabriel at the 9th Annual European Data Protection and Privacy Conference

    Retrieved on: 
    Thursday, March 21, 2019

    They constitute the foundations for future competitiveness of European companies that develop services based on trusted data technologies.

    Key Points: 
    • They constitute the foundations for future competitiveness of European companies that develop services based on trusted data technologies.
    • Data protection and privacy laws must allow businesses as well as political organisations opportunities to take advantage of new innovative ways of processing personal data.
    • Data protection and privacy laws, when properly implemented, play a key role in ensuring that cases where trust will be misused will be few and far between.