Melissa Agnes - Crisis Management Keynote Speaker

Update to Pending and New Online Privacy Laws Around the World

By 1 Comment

Online Privacy and Security LawsEditor’s Note: Online privacy issues, for individuals and companies alike, are a growing concern and world-wide mission by officials. It is extremely important that we all keep current on, at the very least, the basics of these new laws as they form around the world. The following is an update by Judith Delaney, U.S. attorney specializing in social media law and online privacy laws and regulations, on the Global Online Privacy and Security Laws for Individuals and Companies article that she has so kindly promised to keep current for all readers and visitors of this blog and website.

Update to Pending and New Online Privacy Regulations Around the World

As promised in my article “Global Online Privacy and Security Law for Individuals and Companies”, I want to update you on the most recent activity regarding the status of Privacy regulation around the world. As you will soon notice,  this update goes beyond the four countries featured in the article.  Of those four, Canada and Europe are listed in the updates (the United States continues to grapple with trying to enact federal legislation around this concern). What is significant, at least from my perspective, is the “rumblings” of other countries,  wanting to address the protection of personal data on a global level and not just within the confines of their borders.

Finally, before you peruse the following information, I want you to know that  if you have any information on the matter at hand that I may have missed, please feel free to share with all of us in the comments section below, or by sending myself or Melissa Agnes an email. Thank you.

– Amercas –

Brazil:

Update data protection bill of law (Bill of Law No. 4.06012.12) which aims to protect individuals’ fundamental rights regarding the processing of their personal data to include the Bill of Law on Civil Liabilities on the Internet; a decision is expected on this bill in 2013.

Columbia:

Colombia Law No. 1581 of 2012 came into force on April 18, 2013, following its approval by the Constitutional Court on 17 October 2012:

The Law introduces a comprehensive privacy regime in Colombia for the first time and regulates, among other things, notice and consent requirements, cross-border data transfers, and the processing of children’s data. The Law also contains data subject rights and registration requirements.

Dr. Cynthia Tellez, Head of the Data Protection Division at Iriarte & Asociados stated:

“The principles and provisions of this Law are applicable to the personal data in any database that makes it amenable to treatment by public entities or private entities. The Law will only be fully operational from 18 April 2013. It is expected that before the end of the transition period, authorities will disclose the new legal framework of the Act before making sanctions effective.”

Under the law, the Superintendence of Industry and Commerce will have the power to sanction violations of the provisions with a maximum fine of approximately COL $1,182,000,000 (€500,000 or US $650,000) suspension of activities for a period of up to six months, and the temporary or permanent closure of operations.

Canada:

Several important cases regarding data protection such as United Food and Commercial Workers, Local 401 v. Alberta (Attorney General) and Citi Cards Canada v. Pleasance are being monitored as to their potential impact on how Canada protects personal data.

– Asia –

China:

The Guidance for Personal Information Protection (GB Guidance) was approved in November, 2012 and became effective February 1, 2013.

South Korea

A new section, the Personal Information Protection Act, has been added to the Data Protection Act.

– Europe –

EU:

EU Data Protection Regulation which will replace the existing EU data protection directives:  The EU Parliament on Wednesday, April 17, postponed until later in May, 2013 a final vote on the proposed overhaul of the European Union’s data protective regime, as companies and regulators continue to push lawmakers to loosen restrictions on the collection and use of consumer personal data.

Part of the “push”  by lawmakers has to do with The Article 29 Working Party (WP29) adopted – on April 2, 2013 – Opinion 03/2013 (‘the Opinion’) which analyzes the purpose limitation principle and calls for it to be strengthened under the Draft EU Data Protection Regulation (Draft Regulation), particularly with the increasing ubiquity of big data and open data. “The traditional approach to ‘purpose limitation’ is only truly relevant to data provided directly and voluntarily by the data subject”, stated Eduardo Ustaran, Partner and Head of the Privacy and Information Law Group at Field Fisher Waterhouse. “But ‘purpose limitation’ is not that relevant as a mechanism to prevent misuses of big data, which appears to be a key concern for the regulators.”

Note: I will address this in more detail in a separate, upcoming article about the growing trend of the use and storage of  big data and the  concern with the rights to privacy.

Current Litigation:
It is not my intention to make a habit of detailing litigation around privacy concerns. However, I  do believe it is worthwhile for you, the reader, to be (if not already so) aware of the  Google litigation and  what it could mean to countries and other social media sites around the world.  Following is the summary:

Six European countries, including France and Britain, on Tuesday (April 16, 2013)  launched joint action against Google to get the US Internet giant to scale back on new monitoring powers that watchdogs believe violate EU privacy protection rules. Despite sharp criticism from US and European consumer advocacy groups, Google last year rolled out a common user privacy policy for its services that condensed around 60 previous sets of rules into one and allowed the company to track users more closely to develop targeted advertising. Among the Google services affected were Gmail, YouTube, the Android mobile system, social networks and its ubiquitous Internet search engine. France’s Cnil data protection agency said in a statement that the concerted action – which was also carried out by authorities in Germany, Italy, the Netherlands and Spain – was launched “on the basis of the provisions laid down in their respective national legislation” to force Google to bring its privacy policy in line with European regulations. The action came after the European Union’s 27 member states warned Google in October not to apply the new policy, and gave it four months to make changes or face legal action. When that deadline expired in February, several European data protection agencies set up a task force to pursue coordinated action against the US giant. Cnil said it had seen no changes to Google’s privacy policy since the company’s representatives met on March 19 with the task force, which included agencies from Britain, France, Germany, Italy, the Netherlands and Spain. Cnil also said it had notified Google that it had launched an inspection procedure. Google has repeatedly maintained that its privacy policy respects European law. In a statement sent to AFP, the company said “privacy policy respects European law and allows us to create simpler, more effective services. We have engaged fully with the data protection agencies involved throughout this process, and we’ll continue to do so.”

– Latin America –

Uruguay:

The Council of Europe (CoE) announced – on April 12, 2013 – that Uruguay has become the first non-European country to accede to the Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data (Convention 108) and its Additional Protocol. The treaty will enter into force in Uruguay on August 1, 2013, making it the 45th country to be party to the Convention.

Convention 108 was the first legally binding instrument governing data protection, adopted by the CoE in 1981, establishing minimum data protection standards and regulating cross border data transfers. The CoE is in the process of discussing proposals to modernize the Convention in light of the upcoming changes proposed by the draft EU Data Protection Regulation.

Dr Ana Brian Nougrères, Director and Principal Consultant at Estudio Jurídico Briann & Associates,stated:”Uruguay is assuming an important position, showing a country with special concerns regarding the principles of data protection and privacy. [Furthermore], the ratification of the Additional Protocol confirms Uruguay’s respect of foreign data protection authorities, and emphasizes the role of international data flows.”

Martín Pesce and Stephania Bresque, Senior Associate and Associate respectively at Ferrere, said: “This is another significant step for Uruguay in the field of data protection, after being granted adequacy status by the European Commission last year.”  As previously reported in DataGuidance, this decision – issued on 23 August 2012 – made Latin America the second most ‘adequate’ continent behind Europe itself.

“Both the adequacy declaration and the incorporation of the Convention to the national legal system places Uruguay as the Latin-American country that is most aligned with European [standards] for data protection,” said Pesce and Bresque. “It also definitively puts Uruguay in the spotlight for the setup of data centres at a global level, which is expected to trigger the development of areas of high added value, such as e-health or telemedicine.”

Going forward

As more countries begin to work together to meet their mutual interest in protecting personal data, it is the hope that ultimately this will result in consistent cross-border standards and regulations across the globe.  Stay Tuned!

Disclaimer:  The information contained in this article is provided only as general information and may or may not reflect the most current developments legal or otherwise pertaining to the subject matter thereof.  Accordingly, this information is not promised or guaranteed to be correct or complete, and is not intended to create, or constitute formation of an attorney-client relationship. The author expressly disclaims all liability in law or otherwise with respect to actions taken or not taken based on any or all of the content of this article.

Comments

  1. Steve MacDonald says

    Awesome information! Thank you very much for sharing this! This is the type of information that I'd like to be aware of. Love to learn and read more from your posts.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

TWEETS BY @MELISSA_AGNES

RECENT POSTS

MELISSA AGNES
melissa@melissaagnes.com
Subscribe and become CRISIS READY™!

If you're interested in implementing a CRISIS READY™ culture, then subscribing to my newsletter is a good place to start. Subscribe to receive emails with all my latest tips, strategies and case studies to help you turn today's real-time challenges into a winning crisis management strategy.

I promise to never spam you.
x
Subscribe to Melissa's CRISIS READY™ Newsletter

Get the tips and strategies you need to prevent, manage and overcome any type of organizational crisis, by subscribing to the CRISIS READY™ newsletter. Subscribe to receive emails with:

  • Unique insights on how to implement a CRISIS READY™ culture
  • Exclusive offers on upcoming ebooks, flowcharts and more

I promise to never spam you.
Close