On March 12, 2020, the Washington State Legislature passed SB 6280, which establishes safeguards for the use of facial recognition technology by state and local government agencies. Its stated goal is to allow the use of facial recognition services in ways that benefit society, but prohibit uses that put freedoms and civil liberties at risk. Continue Reading Washington State Passes Law Restricting Use of Facial Recognition Services
On March 17, 2020, the Executive Committee of the Global Privacy Assembly (“GPA”) issued a statement giving their support to the sharing of personal data by organizations and governments for the purposes of fighting the spread of the COVID-19 pandemic. The GPA brings together data protection regulators from over 80 countries and its membership currently consists of more than 130 data protection regulators around the world, including the UK Information Commissioner’s Office, the U.S. Federal Trade Commission, and the data protection regulators for all EU Member States. Continue Reading The Global Privacy Assembly Approves Data Sharing to Fight Coronavirus Pandemic
On March 10, 2020, the Vermont Attorney General filed a lawsuit against Clearview AI (“Clearview”), alleging that Clearview violated Vermont’s consumer protection law and data broker law. We previously reported on Vermont’s data broker law, which was the first data broker legislation in the U.S. Continue Reading Vermont Attorney General Files Lawsuit Against Clearview AI Under Data Broker Law
On March 12, 2020, Senator Jerry Moran (KS) introduced a comprehensive federal privacy bill entitled the Consumer Data Privacy and Security Act of 2020 (the “Act”). Continue Reading Senator Moran Introduces Consumer Data Privacy and Security Act
On March 12, 2020, the French Data Protection Authority (the “CNIL”) released its annual inspection strategy for 2020. The CNIL carries out approximately 300 inspections every year. These inspections are initiated (1) following complaints lodged with the CNIL; (2) in light of current topics in the news; (3) after the CNIL has adopted corrective measures (e.g., formal notices, sanctions) in order to verify whether the organization in question adopted the measures or remedied the situation; and (4) as part of the CNIL’s annual inspection strategy. Continue Reading CNIL Unveils 2020 Inspection Strategy and Announces Cookie Investigations
Hunton’s Centre for Information Policy Leadership (“CIPL”) reports on the top privacy-related priorities for this year:
1. Global Convergence and Interoperability between Privacy Regimes
Around the world, new privacy laws are coming into force and outdated laws continue to be updated: the EU General Data Protection Regulation (“GDPR”), Brazil’s Lei Geral de Proteção de Dados Pessoais (“LGPD”), Thailand’s Personal Data Protection Act, India’s and Indonesia’s proposed bills, California’s Consumer Privacy Act (“CCPA”), and the various efforts in the rest of the United States at the federal and state levels. This proliferation of privacy laws is bound to continue. Continue Reading CIPL: Eight Privacy Priorities for 2020 and Beyond
On March 12, 2020, the Centre for Information Policy Leadership (“CIPL”), in collaboration with Hunton Andrews Kurth LLP, published its legal note, “Artificial Intelligence and Data Protection: How the GDPR Regulates AI.” Continue Reading CIPL and Hunton Andrews Kurth Publish Legal Note on GDPR Regulation of AI
As reported by Bloomberg Law, on March 12, 2020, the Washington House and Senate were unable to reach consensus on the Washington Privacy Act. As we reported this January, lawmakers in Washington state introduced a new version of the Washington Privacy Act, a comprehensive data privacy bill. In the past two months, the much-discussed bill flew through the Washington Senate and House, but ultimately failed to pass.
The bill’s House version would have provided for a private right of action while the bill’s Senate version would have given sole enforcement authority to the state attorney general.
On March 11, 2020, the California Attorney General (“AG”) issued a second set of modified draft regulations implementing the California Consumer Privacy Act of 2018 (“CCPA”). The AG has provided a redline to the initial modified draft regulations about which we previously reported. According to the AG’s website, the second set of modified draft regulations are subject to another public comment period. The deadline to submit written comments is March 27, 2020, at 5:00 p.m. (PST).
On March 3, 2020, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens, the “Dutch DPA”) announced that it had imposed a €525,000 fine on the Royal Dutch Tennis Association (De Koninklijke Nederlandse Lawn Tennisbond, “KNLTB”) for an illegal sale of personal data. Continue Reading Dutch DPA Fines Royal Dutch Tennis Association 525,000 Euros For Illegal Data Sale