Data Protection News Update 17 July 2023

United States

The debate is ongoing between Massachusetts state lawmakers.

The Massachusetts Location Shield Act would also implement a search warrant requirement for police to access user location data and prevent them from purchasing such data from data brokers.

Meredith Whittaker claims attempts to break or bypass encryption for the sake of online safety will sacrifice individual privacy.

The president alluded to the potential “total evisceration of the right to privacy” if government-approved scanning of people’s personal communications comes into force.

One such government-approved scanning includes the proposed UK Online Safety Bill.

Europe

The new framework entered into force on the 11^th of July.

According to European Commissioner for Justice Didier Reynders, “the adequacy decision ensures that data can be transmitted between the European Union and the US on the basis of a stable and trusted arrangement that protects individuals and provides legal certainty to companies”.

The third attempt of the European Commission to obtain stable agreement on EU-US data transfers is likely to end up back at the Court of Justice of the EU.

NOYB (“None Of Your Business”), a privacy activist group founded by Max Schrems, has announced it will challenge the decision, claiming it to be a copy of the “Privacy Shield” that came before it.

The group says the fundamental problem with FISA 702, the surveillance law, was not addressed by the US.

The European Data Protection Supervisor has announced the restructuring is to prepare for “evolving data protection challenges that lie ahead”.

Such challenges include appointing the former Director of the Office of the EDPS, Leonardo Navas, as the regulator’s first Secretary-General.

Navas is to oversee the EDPS’ activities and provide strategic advice.

The EDPS is also to take on a sector-specific approach.

International

ANPD, Brazil’s DPA, has announced it will examine Meta’s Threads and its privacy practices.

The study “will evaluate and consider the implications of the collection and use” against claims of insufficient transparency and no legal basis for processing.

Threads is not released in the EU.

South Africa’s Information Regulator has issued a ZAR5 million fine, equivalent to 209,305.62 pounds, to the Department of Justice and Constitutional Development for failing to comply with an enforcement notice.

This notice was issued by the agency after the Department allegedly circumvented elements of the Protection of Personal Information Act.

United Kingdom

The forum works to support international data transfers between member countries, safeguarding standards on data protection and privacy.

The Associate status presents the UK with an opportunity to help drive cooperation with member nations, including the US, Canada, Mexico, Japan, the Republic of Korea, the Philippines, Singapore, Chinese Taipei and Australia on international data flows.