Privacy Law Update: October 18, 2021
• read
Stay up to date with this weekly release covering key developments on data privacy laws, technology, and other hot privacy topics!
The White House is having a big meeting about fighting ransomware. It didn’t invite Russia
The White House has held a meeting with ministers and officials from 30 nations and the European Union to discuss how to combat ransomware and other cyber threats. The two-day series of meetings aimed to find an answer to ransomware and followed calls from US president Joe Biden for the Kremlin to hold Russia-based ransomware gangs accountable for their file-encrypting attacks, rather than turning a blind eye to them so long as they don’t attack Russian organizations. Notably absent from the White House-led group was Russia itself, which was not invited. In June, Biden told Russian President Vladimir Putin that 16 US critical infrastructure entities should be off-limits from ransomware attackers operating from Russia.
Biden signs K-12 Cybersecurity Act, and more on children’s privacy
U.S. President Joe Biden signed the K-12 Cybersecurity Act, which aims to protect sensitive information maintained by schools. In a statement, Biden said the bill will address threats to students’ and educators’ privacy created by COVID-19, adding his administration will provide “important tools and guidance to help secure our school’s information systems.”
As data breaches near ‘all-time high,’ Senate committee talks regulation
This week, the United States came just 230 data breaches away from an “all-time high,” according to Identity Theft Resource Center Chief Operating Officer James Lee, but data security requirements either within a federal privacy law or a standalone regulation “would substantially improve data protection” and bring “stronger protections and greater clarity to the marketplace,” Kelley Drye Of Counsel Jessica Rich said. With 446 reported data breaches from July through September, “we’re in for raising the bar substantially,” said Lee, who shared the statistics with the U.S. Senate Committee on Commerce, Science, and Transportation Wednesday. “Behind all these numbers are people,” he said. “They’re victims.” The committee held its second privacy hearing in two weeks, with former members of the Federal Trade Commission testifying last week on a lack of resources within the agency to handle privacy and data protection challenges, and in support of a budget reconciliation package that would give the agency $1 billion over 10 years for a new privacy and data security division.
Irish privacy watchdog endorses Facebook’s approach to data protection
A draft decision from Ireland’s Data Protection Commissioner (DPC) endorsing Facebook’s legal basis for processing personal data has been met with criticism by a data protection activist who says the platform is trying to bypass EU privacy laws.
Privacy Legislation
Personal Data Protection Law enacted in Saudi Arabia
On 24 September 2021, the long anticipated Personal Data Protection Law, promulgated by Royal Decree No. M/19, dated 09/02/1443H (corresponding to 16 September 2021) (“Law”), was published in the Saudi Official Gazette (Umm AlQura). The Law was developed by the Saudi Data and Artificial Intelligence Authority (SDAIA), which will be the competent governmental authority (“Data Authority”) to administer the Law for a period of two years but it may thereafter transfer such competence to the National Data Management Office (NDMO). The Law will come into effect on 23 March 2022, at which time the Data Authority will be required to issue the Law’s implementing regulations (“Regulations”). Controllers (as defined below) will have one year from the effective date to comply with the Law.
China’s draft algorithm regulations: A first for consumer privacy
The People’s Republic of China broke new ground by announcing draft regulations on the widespread use of algorithmic recommendation technology. The regulations are, according to one expert, the first of their kind globally. And because China will soon exceed one billion internet users — roughly 20% of global internet users — these regulations will cover nearly one in five users on earth.