Want to receive these weekly privacy recaps in your inbox? Sign up for our privacy newsletter, A Little Privacy, Please.
45 advocacy groups sent a letter to the FTC encouraging a rulemaking that “addresses the entire life cycle of data–collection, use, management, retention, and deletion”. The letter asked for clear rules against discriminatory and abusive data practices and suggested specific restrictions based on the types of personal data involved, the particular uses of the data, and the entities utilizing and sharing the data.
With comprehensive federal privacy legislation looking unlikely in the near term, many privacy advocates are looking to the FTC’s rulemaking authority for solutions, including several U.S. Senate Democrats, who wrote a letter to the FTC last month urging rulemaking around the collection and use of personal data in the digital economy. The federal infrastructure bill, which in its original form would allocate $1 billion to the FTC to create a privacy bureau, has cut the allocation in half in the most recent version released by the House October 28, so FTC capacity for privacy rulemaking and enforcement may not be as great as some had hoped.
Two separate privacy developments occurred in Australia this week.
One, the Australian Government released a draft privacy legislation amendment (Online Privacy Bill) providing for the development of a new Online Privacy Code and increasing penalties for serious or repeated interferences with privacy to up to the greater of $10 million, three times the value of the benefit obtained through the misuse of information, or 10% of the entity annual Australian turnover.
The other privacy development is that the Australian Attorney General’s Department published a discussion paper and opened a consultation for public comment as part of the Australian Government’s review of the Privacy Act 1988. The paper includes proposals regarding the scope, application, protections, regulation and enforcement under the Act.
Protection proposals include enhanced opt out rights and notice obligations regarding direct marketing, targeted advertising, and profiling.
WHY IT MATTERS
Australia’s Privacy Act became effective in 1988, but it didn’t apply to the private sector until 2000. It then underwent a major overhaul in 2014. The Privacy Act in its current form requires that direct marketing messages include a clear and simple way to opt out of receiving future messages, and requires consent for the use of sensitive information for direct marketing, but it does not specifically address targeted advertising or profiling.
The proposals and draft legislation, if adopted, would impose more specific obligations to the digital marketing industry and increase penalties for serious or repeated privacy interferences.
The Global Privacy Assembly (GPA), a forum of over 130 international data protection and privacy authorities, adopted several privacy resolutions, including resolutions on the assembly’s strategic direction, data sharing for the public good, children’s digital rights, and government access to data. In its strategic direction resolution, the GPA identified data sharing for the public good, AI, biometrics and surveillance technologies, children’s online privacy, and data protection and other rights and freedoms as the four areas of policy focus.
The resolution included an action plan to, among other actions, identify and consider topics of focus relating to surveillance of citizens and consumers in the digital economy, such as advertising technologies, web scraping, smart cities and connected vehicles, and monitoring of mobile workers and created a digital economy working group to take such action.
The Children’s digital rights resolution recommended, among other things, that states consider promoting regulations prohibiting use or transmission to third parties of children’s data for commercial or advertising purposes and the practice of marketing techniques that may encourage children to provide personal data.
WHY IT MATTERS
Although GPA resolutions are not binding law, they provide insight into the areas of focus we may see from data protection authorities across the globe.
A new draft report of India’s Personal Data Protection Bill reportedly is likely to be circulated to members of Parliament by November 6.
WHY IT MATTERS
The Joint Parliamentary Committee on the Bill was reportedly expected to meet October 20 to formally adopt a resolution to include non-personal (anonymized) data in the scope of the bill. It’s not clear from recent reports whether that resolution was adopted, but distribution of a report by November 6 means that we may see adoption of a privacy bill in India this winter session.
WHY IT MATTERS
Global Privacy Control, a browser setting that enables users to communicate privacy preferences to websites, is currently offered by Brave and DuckDuckGo browsers. The California Attorney General’s office has enforced rules requiring companies to honor the signal when set by California residents, and the upcoming Colorado Privacy Act will require its recognition for Colorado residents as of 2024.
Want more of the privacy highlights that matter to adtech and martech? Sign up for our privacy newsletter, A Little Privacy, Please.
A Little Privacy, Please weekly recaps are provided for general, informational purposes only, do not constitute legal advice, and should not be relied upon for legal decision-making. Please consult an attorney to determine how legal updates may impact you or your business.
Keep in touch
Sign up for our newsletter to keep up with privacy news for adtech and martech,
plus occasional company news.