Privacy & Information Security Law Blog

On June 25, 2020, the European Data Protection Board (“EDPB”) published a new register containing decisions by national supervisory authorities (“SAs”) based on the One-Stop-Shop cooperation procedure set forth under Article 60 of the EU General Data Protection Regulation (the “GDPR”). Under Article 60 of the GDPR, SAs have the duty to cooperate on cross-border cases to ensure consistent application of the GDPR. In this context, the lead SA is responsible for preparing draft decisions and working together with the concerned SAs to reach a consensus.

Zeyn Bhyat of ENSafrica reports that on June 22, 2020, it was announced that South Africa’s comprehensive privacy law known as the Protection of Personal Information Act, 2013 (the “POPIA”) will become effective on July 1, 2020. POPIA acts as the more detailed framework legislation supporting South Africa’s constitutional right to privacy.

According to a memorandum issued by the California Secretary of State on June 24, 2020, the California Privacy Rights Act (“CPRA”) has garnered enough signatures to be placed on the State’s General Election ballot this November 3, 2020. As we previously reported, the CPRA would amend the California Consumer Privacy Act of 2018 (“CCPA”) to create new and additional privacy rights and obligations in California. According to early polling by Californians for Consumer Privacy (the group behind the CPRA), nine in 10 Californians would vote to support a ballot measure ...

The UK Prime Minister, Boris Johnson, announced on June 23, 2020, that restrictions relating to COVID-19 would be eased as of July 4. Although many measures remain in place to prevent the virus’ spread, certain businesses, including restaurants and pubs, will be able to reopen in the UK, with the recommendation that staff-customer contact be minimized.

On June 18, 2020, Senator Sherrod Brown (OH) released a discussion draft of a privacy bill entitled the Data Accountability and Transparency Act of 2020 (“the Bill”). The Bill would provide individuals with several new rights regarding their personal data; implement rules limiting how personal data is collected, used or shared; and establish a new federal agency called the Data Accountability and Transparency Agency to protect individuals’ privacy and enforce those rules.

On May 13, 2020, Senator Alessandro Vieira presented Bill n. 2630/2020 (“Bill”) to the Brazilian Senate, which the Senate is calling the “Fake News Law.” Officially, this Bill establishes the Brazilian law of “freedom, responsibility and transparency on the internet.” It was introduced in the context of the alleged use of fake news by political parties and other public sector stakeholders in Brazil.

On June 11, 2020, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth submitted its response (the “Response”) to the European Commission’s consultation regarding its white paper on “a European Approach to Excellence and Trust” on artificial intelligence (the “White Paper”).

On June 24, 2020, the European Commission (“the Commission”) submitted its first report on the evaluation and review of the EU General Data Protection Regulation (“GDPR”) to the European Parliament and Council. The report is required under Article 97 of the GDPR and will be produced at four year intervals going forward.

On June 19, 2020, France’s Highest Administrative Court (the “Conseil d’Etat”) issued a decision partially annulling the guidelines of the French Data Protection Authority (the “CNIL”) on cookies and similar technologies (the “Guidelines”). The Conseil d’Etat annulled the provision of the Guidelines imposing a general and absolute ban on ‘cookie walls’ that prevent users who do not consent to the use of cookies from accessing a site or mobile app. However, the Conseil d’Etat upheld the main part of the Guidelines. On the day of the Conseil d’Etat’s decision, the CNIL published a statement (the “Statement”) announcing that they took note of the decision and will strictly comply with it.

The UK Information Commissioner’s Office (“ICO”) has released guidance to assist employers in implementing appropriate safeguards as workplaces reopen, titled “Coronavirus Recovery - Six Data Protection Steps for Organisations” (the “guidance”). This guidance sets out the key principles of data protection that should be kept in mind as employers put measures in place to prevent the spread of COVID-19.