Blog

Week of October 25, 2021

Julie Rubash, Chief Privacy Counsel
November 2, 2021

Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.

USA

ADVOCACY GROUPS PUSH THE FTC FOR PRIVACY RULEMAKING

45 advocacy groups sent a letter to the FTC encouraging a rulemaking that “addresses the entire life cycle of data–collection, use, management, retention, and deletion”. The letter asked for clear rules against discriminatory and abusive data practices and suggested specific restrictions based on the types of personal data involved, the particular uses of the data, and the entities utilizing and sharing the data.

OUR TAKE

With comprehensive federal privacy legislation looking unlikely in the near term, many privacy advocates are looking to the FTC’s rulemaking authority for solutions, including several U.S. Senate Democrats, who wrote a letter to the FTC last month urging rulemaking around the collection and use of personal data in the digital economy. The federal infrastructure bill, which in its original form would allocate $1 billion to the FTC to create a privacy bureau, has cut the allocation in half in the most recent version released by the House October 28, so FTC capacity for privacy rulemaking and enforcement may not be as great as some had hoped. 

GLOBAL

AUSTRALIA RELEASES DRAFT LEGISLATION/PUBLIC CONSULTATION

Two separate privacy developments occurred in Australia this week.

One, the Australian Government released a draft privacy legislation amendment (Online Privacy Bill) providing for the development of a new Online Privacy Code and increasing penalties for serious or repeated interferences with privacy to up to the greater of $10 million, three times the value of the benefit obtained through the misuse of information, or 10% of the entity annual Australian turnover. 

The other privacy development is that the Australian Attorney General’s Department published a discussion paper and opened a consultation for public comment as part of the Australian Government’s review of the Privacy Act 1988. The paper includes proposals regarding the scope, application, protections, regulation and enforcement under the Act.

Protection proposals include enhanced opt out rights and notice obligations regarding direct marketing, targeted advertising, and profiling. 

WHY IT MATTERS

Australia’s Privacy Act became effective in 1988, but it didn’t apply to the private sector until 2000. It then underwent a major overhaul in 2014. The Privacy Act in its current form requires that direct marketing messages include a clear and simple way to opt out of receiving future messages, and requires consent for the use of sensitive information for direct marketing, but it does not specifically address targeted advertising or profiling.

The proposals and draft legislation, if adopted, would impose more specific obligations to the digital marketing industry and increase penalties for serious or repeated privacy interferences.

GLOBAL PRIVACY ASSEMBLY ADOPTS PRIVACY RESOLUTIONS

The Global Privacy Assembly (GPA), a forum of over 130 international data protection and privacy authorities, adopted several privacy resolutions, including resolutions on the assembly’s strategic direction, data sharing for the public good, children’s digital rights, and government access to data. In its strategic direction resolution, the GPA identified data sharing for the public good, AI, biometrics and surveillance technologies, children’s online privacy, and data protection and other rights and freedoms as the four areas of policy focus.

The resolution included an action plan to, among other actions, identify and consider topics of focus relating to surveillance of citizens and consumers in the digital economy, such as advertising technologies, web scraping, smart cities and connected vehicles, and monitoring of mobile workers and created a digital economy working group to take such action.

The Children’s digital rights resolution recommended, among other things, that states consider promoting regulations prohibiting use or transmission to third parties of children’s data for commercial or advertising purposes and the practice of marketing techniques that may encourage children to provide personal data.

WHY IT MATTERS

Although GPA resolutions are not binding law, they provide insight into the areas of focus we may see from data protection authorities across the globe. 

INDIA DATA PROTECTION BILL TO BE CIRCULATED

A new draft report of India’s Personal Data Protection Bill reportedly is likely to be circulated to members of Parliament by November 6.  

WHY IT MATTERS

The Joint Parliamentary Committee on the Bill was reportedly expected to meet October 20 to formally adopt a resolution to include non-personal (anonymized) data in the scope of the bill. It’s not clear from recent reports whether that resolution was adopted, but distribution of a report by November 6 means that we may see adoption of a privacy bill in India this winter session. 

INDUSTRY

FIREFOX TO ROLL OUT GLOBAL PRIVACY CONTROL

Firefox announced that it has been testing implementation of Global Privacy Control and has made it available as a prerelease feature in Firefox Nightly for experimental use.

WHY IT MATTERS

Global Privacy Control, a browser setting that enables users to communicate privacy preferences to websites, is currently offered by Brave and DuckDuckGo browsers. The California Attorney General’s office has enforced rules requiring companies to honor the signal when set by California residents, and the upcoming Colorado Privacy Act will require its recognition for Colorado residents as of 2024. 

Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.

A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.

Latest Blog Posts

Week of November 22, 2021

November 30, 2021

Belgian DPA finalizes draft IAB decision for DPA feedback....

FAQ: Updates on the Belgian DPA’s investigation of the IAB’s TCF

November 30, 2021

An investigation by the inspection service of the Belgian...

Week of November 15, 2021

November 22, 2021

Bedoya testifies in FTC nomination hearing, plus federal online...

Latest White Papers

Ebook: A Publisher’s Guide to Vendor List Curation

August 16, 2021

How to review your vendor list to mitigate compliance...

Keep in touch

Sign up for our newsletter to keep up with the latest privacy and media news.

Let's explore what we can do together.

We’ll be in touch within 48 hours

    First name *

    Last name *

    Email address *

    Company *

    Message *

    * indicates required fields