Welcome to “Last Week in Privacy!” Each week, OneTrust’s in-house privacy experts will give you the top international privacy industry highlights from last week.
Here’s a quick recap of last week’s top privacy industry headlines:
- The Australian Parliament has passed a bill that will require tech companies to assist law enforcement in criminal investigations, such as in cases where law enforcement seeks to bypass the encryption of private messaging apps, with some exceptions. Most notably, the law gives Australian law enforcement officials the power to issue new compulsory notices to companies to intercept electronic communications or to build new interception capabilities, such as a backdoor to encryption, in cases where doing so would not amount to a systemic weakness or vulnerability in a class of technology. As expected, the bill received fierce pushback from industry, with lawmakers receiving over 15,000 comments on the law during the public consultation period.
- The European Commission has presented a coordinated plan with EU Member States to foster the development and use of artificial intelligence in Europe. According to the Commission, the plan proposes joint actions for closer and more efficient cooperation between Member States, Norway, Switzerland and the Commission in four key areas: increasing investment, making more data available, fostering talent and ensuring trust. The Commission states that their objectives include ensuring that all Member States have their own strategies for AI in place by mid 2019, setting up new partnerships with academia and industry, supporting startups and innovators in AI and blockchain, and developing AI development and testing centers.
- A new regulation in the EU came into effect that removes unjustified geo-blocking in the online environment across the European Union. As a result of this new law, Europeans websites will no longer be able to block access or redirect visitors just because they live in another country. The regulation also brings the EU another step closer to the goal of achieving a single digital market in the EU, as prior to this law many website owners would not allow purchases to be made by individuals located in other EU member states. The Commission has now called on the Member States to ensure smooth implementation of the Regulation, and will carry out an assessment of the functioning of the law by March 2020.
- The Business Roundtable—a coalition made up of over 200 retailers, banks and tech companies—has released a framework and recommendations for a comprehensive privacy law in the U.S. as well as additional resources to be allocated to the Federal Trade Commission for enforcement. Unlike some other recent coalitions, this one is unique in that it includes a wide cross-section of companies beyond just Silicon Valley, from names like Apple and AT&T, to Walmart, Wells Fargo and J.P. Morgan. The Business Roundtable’s recommendations include streamlining federal privacy laws and creating a national standard for breach notification that would pre-empt state laws, providing flexibility when seeking consent from individuals, and appointing the FTC as lead enforcement authority with the help of state attorneys general.
- In a recent decision, the Pennsylvania Supreme Court held in Dittman v. UPMC that employers have a legal duty to safeguard their employees’ electronically stored sensitive personal information, and that they could be held liable for failure to do so. While the extent of this legal duty remains somewhat unclear, the court stated that failures including having inadequate encryption or firewalls, or a lack of proper authentication practices would be enough to make a claim for a lack of due care by an employer.
That’s all for this week, be sure to join us next week for Last Week in Privacy.