Privacy Law Update: January 23, 2023
- State Rep. Gregg Haddad, D-Conn., introduced House Bill 6253, the Connecticut Age-Appropriate Design Code. The bill was referred to the Connecticut General Assembly’s Joint Committee on General Law.
- Indiana House Bill 1554, an act concerning consumer data protection, was introduced and referred to the House Committee on Commerce, Small Business and Economic Development. HB 1554 is a competing bill to Indiana Senate Bill 5 and includes rulemaking authority.
- State Sen. Cynthia Stone Creem, D-Mass., introduced Senate Bill 745, the Massachusetts Data Privacy Protection Act. The proposal takes themes from U.S. Congress’ proposed American Data Privacy and Protection Act, including a private right of action.
- Mississippi House Bill 467, the Biometric Identifiers Privacy Act, was introduced and referred to the Committee on the Judiciary A.
- New York Senate Bill 2277, the Digital Fairness Act, was introduced and referred to the Senate Committee on Internet And Technology. SB 2277 will run against New York Assembly Bill 1362. Also, New York Assembly Bill 1362, the Biometric Privacy Act, was introduced and referred to the Committee on Consumer Affairs and Protection.
- State Rep. Andrew Stoddard, D-Utah, introduced an amendment to the Utah Consumer Privacy Act. House Bill 158 amends Utah’s law to include a carveout for law enforcement’s access to personal data with a warrant.
- The Virginia Senate took up bills to amend the Virginia Consumer Data Protection Act. Senate Bill 1087 proposes provisions to protect genetic data privacy, while SB 1432 concerns protection of personal health records.
- State Del. Wayne Clark, R-W.Va., introduced House Bill 2460, an act concerning children’s privacy, to the West Virginia House. The bill, which would bring privacy protections for children under age 18, was referred to the House Committee on the Judiciary.
The Information Commissioner’s Office is encouraging developers to consider privacy at an early stage when implementing new technologies to maintain public trust and confidence.
Our Tech Horizons Report looks at technologies emerging over the next two to five years and warns that the significant benefits they offer could be lost if people feel companies are misusing their data.
The report, which follows analysis of key technologies expected to impact society in the future, found businesses must consider transparency, what control people have over their data, and how much data is gathered to ensure their services are data compliant and developed with consumer privacy at the forefront.
Chinese social media company TikTok could face a ban in the European Union if it does not step up efforts to comply with EU legislation before September, the top official overseeing the EU’s internal market told the company’s CEO on Thursday.
ProPublica reports some online pharmacies selling abortion pills are using tracking technology that shares sensitive data with third parties, which could potentially lead to prosecution from law enforcement. ProPublica said it found web trackers, including a Google Analytics tool, on at least nine of 11 sites selling the pills. Data shared through the trackers include web addresses visited, items clicked on, search terms, and location and device information, as well as a unique identifier linked to a user’s browser.
Opt-ed: US schools banning TikTok is not an overreaction: U.S. schools are not overreacting by following federal, state and local entities in banning TikTok, University of North Carolina Greensboro professor of management and cybersecurity researcher Nir Kshetri writes in Fortune. “TikTok captures user data in a way that is more aggressive than other” applications, he said, as “its default privacy settings allow the app to collect much more information than the app needs to … function.” One example, he said, was TikTok accessing users contact lists and calendars every hour. There are also significant cybersecurity vulnerabilities that allow hackers to distribute “malicious software” using viral trends.
Irish DPC fines WhatsApp 5.5M euros, fissure with EDPB continues: Ireland’s Data Protection Commission completed its inquiry into Meta platform’s WhatsApp Ireland and fined the company 5.5 million euros related to transparency and forcing users to consent to the processing of their data in the Terms of Service. The DPC found WhatsApp was in breach of “its obligations in relation to transparency” because “information in relation to the legal basis relied on by WhatsApp Ireland was not clearly outlined to users, with the result that users had insufficient clarity as to what processing operations were being carried out on their personal data, for what purpose, and by reference to which of the six legal bases identified in Article 6 of the” EU General Data Protection Regulation, according to the DPC press release. The DPC found the lack of transparency did not meet Articles 12 and 13(1)(c) of the GDPR.