DOJ received industry requests this month to scrutinize the Maryland Online Data Privacy Act (MODPA) and other state privacy measures as possibly burdening interstate commerce. The closely watched Maryland legislation takes effect Oct. 1. The chief privacy officer of one company that flagged MODPA told Privacy Daily that his business' main concern is the part of the law's unique data minimization requirement that bans sale of precise location data.
Although every state has a data breach notification law, each one imposes different regulations and reporting requirements, Emory Roane, associate director of policy at Privacy Rights Clearinghouse (PRC), said in a recent interview with Privacy Daily. While some protections exist at the federal level, a comprehensive breach law would help, as would data minimization principles, privacy pros added.
Even without a private right of action, a Massachusetts comprehensive privacy bill nearing a Senate floor vote could still be the strongest of about 20 states with such laws, Electronic Privacy Information Center (EPIC) Deputy Director Caitriona Fitzgerald said in an interview Friday. While legislators previously cut the right for individuals to sue -- limiting enforcement authority to the Massachusetts’ attorney general -- they kept data minimization requirements like those from Maryland’s privacy law.
European data retention rules for telcom companies are fragmented and should be addressed by the EU during its regulatory simplification push, the GSM Association and ConnectEurope said in comments posted this week. They were responding to a European Commission consultation on data retention by service providers for criminal proceedings.
While both the EU and U.K. use legitimate interest as a basis for processing personal data, the U.K. Data Use and Access Act (DUAA) has introduced "something interesting" -- a more flexible standard that can reduce administrative burden in some cases, said Daniel Vinerean, managing director of law firm David and Baias, during a webinar Thursday.
Some groups seek assurances that they won’t be covered by rules implementing the New Jersey Data Privacy Act, according to comments submitted to the New Jersey attorney general’s Division of Consumer Affairs by Sept. 2. Many other business sectors urged the division to withdraw or significantly overhaul draft rules released last May (see 2509120009), according to comments obtained by Privacy Daily (part one, part two, part three).
Many industries are sounding the alarm over proposed rules to implement the New Jersey Data Privacy Act. In comments submitted by the Sept. 2 deadline, industry officials said a draft by the attorney general’s Division of Consumer Affairs is too burdensome and exceeds what’s allowed under the NJDPA and other laws. On the flip side, several consumer privacy advocates suggested that the state legislature should overhaul the law itself to make it far stricter.
Several House members are working on proposals to preempt state AI laws with targeted federal regulations, Rep. Ted Lieu, D-Calif., said Tuesday.
Safety by design is the core element to ensuring kids remain safe online while also protecting their privacy and rights, a Public Knowledge paper argues (see 2509050046). More research is needed concerning tangible harms, panelists said during a discussion Monday about the paper.
Massachusetts should pass legislation protecting privacy of individuals’ social care information, said an official from FindHelp, a social care data software company, at a livestreamed Joint Consumer Protection Committee hearing Monday.