On Wednesday, September 29, the Senate Committee on Commerce, Science and Transportation held a hearing on data privacy titled, “Protecting Consumer Privacy.” The issue of data privacy is of particular interest to Sen. Maria Cantwell (D-WA), the Committee Chair, who introduced the Consumer Online Privacy Rights Act (COPRA) in 2019. Much of the testimony revolved…
Connecticut Legislators Pass Data Privacy Bill
The Connecticut Data Privacy Act (“CTDPA”) was approved by the Connecticut House of Representatives last week, and awaits the Governor’s signature before becoming law. The CTDPA, like data privacy laws in Virginia, Utah, and Colorado, is based on the 2021 Washington Privacy Act (WPA) model and shares the most similarities with the Colorado Privacy Act. CTDPA, broadly, will allow Connecticut residents to opt out of having their data collected, sold, and used for targeted advertising. CTDPA provides a right to cure violations to data controllers, prohibits dark patterns from being used to obtain consent, and gives enforcement power to the Connecticut Attorney General. Note that most of the provisions begin to take effect in January 2023, but some will roll out as late as 2025. ADCG will release a comprehensive guide to compliance next week.
FFIEC Releases 2022 HMDA Reporting Guide
The Federal Financial Institutions Examination Council released its 2022 handbook for HMDA reporting earlier this year. The handbook, A Guide to HMDA Reporting: Getting It Right, “incorporates the changes made by the 2020 HMDA Rule amending Regulation C to adjust the thresholds for reporting data for closed-end mortgage loans, effective July 1, 2020, and the thresholds for reporting data for open-end lines of credit, effective January 1, 2022,” according to JD Supra.
India’s National Health Authority (NHA) Releases Data Management Guide
The National Health Authority (NHA) last week published its revised Health Data Management (HDM) Policy. The newest version takes into account public feedback on its 2020 HDM Policy. The revised policy embraces the concept of privacy by design and is intended to set a minimum standard for data privacy protections across India’s healthcare system. According to the NHA, the policy is also based on the principle of federated architecture, which you can read more about here. As cyberattacks against healthcare entities become more damaging and frequent, expect to see more countries adopt stricter and savvier data privacy rules and policies.
Facebook Unable to Comply With GDPR
According to a report released by Motherboard/Vice last week, there’s no way for the tech giant to adequately comply with GDPR–at least not according to its engineers. The report is based on a leaked internal memo, “ABP Privacy Infra, Long Range Investments [A/C Priv],” from Facebook/Meta engineers that, according to TechCrunch can be summarized the following way: “Meta has ‘designed’ its ad system in such a totally unsiloed way that it’s very, very, very far from being able to comply with (even existing) laws like Europe’s General Data Protection Regulation (GDPR) which has a purpose limitation principle meaning you need a legal basis for each use of personal data.” Meta might not have a clear compliance solution, but other organizations don’t have to fear the same fate. Read our guide to compliance tech and tools here.
EU DPAs Vow to Work Together Against Big Tech
A meeting in Vienna last week between various EU data privacy authorities (DPAs) resulted in an agreement to curb infighting and work together more strategically against big tech. Per Bloomberg, the meeting follows a warning from “European Commission Vice President Vera Jourova last year that the commission may consider moving to a more centralized model to target violations if the watchdogs can’t sort out their “public squabbles” over the way they police the EU’s General Data Protection Regulation, or GDPR.” Ireland’s DPA in particular has come under fire for moving slowly on investigations.
* * * * * * *
To read our coverage on how the latest, “data poisoning” is creating a cybersecurity crisis and how to handle the new trend, click here.
To read our coverage on the METAVERSE and some of the regulatory implications businesses and consumers must consider before engaging, click here.
To browse through our previously published articles and news alerts, please visit our website, and don’t forget to subscribe to receive free weekly Data and Cyber Governance news and Breach Reports directly to your email.