Week in Review
Last Friday, the European Commission and the United States announced that they had agreed on a new Trans-Atlantic Data Privacy Framework agreement that addresses the EU Court of Justice’s (Schrems II) judgement on safe and secure data transfer.
As a result of the new framework, it is now possible to:
- Access data by US intelligence agencies is limited to what is necessary and appropriate, and hence legal, to defend national security.
- National security objectives will not disproportionately impact individual privacy and civil rights protections.
- EU citizens’ complaints about US intelligence agencies accessing their data will be probed and addressed through a new two-tier redress system.
- Companies that process data transferred from the EU still self-certify their compliance with the US Department of Commerce Principles.
- Specific systems will be implemented for monitoring and review.
US Intelligence agencies would only be allowed to access data if it’s required to “advance legitimate national security objectives.” They must also implement new supervision methods to ensure compliance with the agreement.
Top Stories and Updates
Google collects text and calls data from phone users without consent
According to new research, Google has been collecting incredibly extensive information on phone calls and text messages via the Phone app on the Android phone. Google used these Android apps to send massive amounts of data to its servers without notifying or seeking approval from users. This type of action may violate privacy protections mandated by law in some markets (such as the EU’s GDPR laws). It could be construed as spying on users. Read more here.
Microsoft confirms it was breached by a hacker group
In a blog post late Tuesday, Microsoft stated that it had been hacked by the hacker collective Lapsus$, adding to the group’s expanding list of victims. Lapsus hacked into one of its accounts, giving it ‘limited access to business networks but not to any data Microsoft customers. According to Microsoft, “Our cybersecurity response teams promptly addressed the compromised account and prevented further activity.” Read more here.
Datatilsynet published a handbook to safeguard employees privacy at work
The Norwegian DPA (Datatilsynet) released a handbook on data processing at work which ensures that personal information about employees is handled correctly, while also protecting employers’ legitimate interests as data controllers in selecting how to conduct their operations legally to find a balance between workers’ legitimate expectations and employers’ legitimate interests. Read more here.
Brazil introduced a bill prohibiting telemarketing without prior user consent
On March 22, the National Congress’s Chamber of Deputies revealed that a bill had been filed prohibiting telemarketing companies from contacting people without their consent. The bill provides measures for telemarketing operations for customer’s prior consent and imposes punishment as well as a fine for violations. Read more here.
Utah passes new Consumer Privacy Act
On March 24, 2022, Utah passed its new Consumer Privacy Act and became the fifth state to establish its own law. The law provides consumers with a tonne of privacy protections in relation to their personal data, including opt-out options, consumer request rights, and even removal of said data. It differs from the CCPA and the CPRA in that it does not provide consumers with a private course of action if a company breaks the law. Read more here.
Need a privacy program for your business or need help building it?
Seers is here to make it easy for you! Schedule a DEMO for a free consultation.
