Welcome to Privacy Insider, a round-up of the week's most important stories.
It's been exactly three years since the EU's General Data Protection Regulation became effective. As a privacy reporter, I think I wrote "What if" stories about life under Europe's sweeping new privacy rule every week from 2016 until its official birthday, May 25, 2018. I remember the sheer panic. Companies terrified of getting slapped with a fine — up to four percent of global turnover — were logging on to privacy chat rooms and attending webinars in record number. It felt like Y2K, like on May 25, everything was going to change. The "gold standard of privacy law" was about to shake up the world.Enjoy reading, and I'll see you next week!
Remember Edward Snowden's whistleblowing saga in 2013? The grand chamber of the European court of human rights has finally ruled the U.K. spy agency's methods for "bulk interception of online communications violated the right to privacy," and the regime for collection of data was unlawful, The Guardian reports. The ruling confirms a lower court's 2018 judgment. However, GCHQ changed its surveillance practices in 2016 with the passage of the Investigatory Powers Act.
Read Story
2. Politician who championed the GDPR calls for its reform
This week, one of the EU General Data Protection Regulation's lead politicians has said the law needs revising. In sync with its third anniversary this week, Parliamentarian Viviane Reding, former vice president of the European Commission, said the regulation's enforcement has been uneven. Reding, who lead the GDPR effort through the Commission, said enforcement "against systematic stealing of data for commercial or political purposes is somehow not so strong." Instead, privacy regulators have focused on "the local football club."
Read Story
3. State Senate to vote on New York Privacy Act
New York lawmakers will soon vote on a bill to give consumers more control over their personal data, Spectrum News reports. Senators will vote on the New York Privacy Act, requiring businesses to get consent before sharing consumers' personal data to a third party, the report states. It would also give consumers the right to opt-out of having their data sold and the right to request that a company delete their data.
Read Story
4. How does Virginia's privacy law compare to California's?
Virginia's Consumer Data Protection Act grants Virginia consumers rights over their data. It requires companies covered by the law to comply with rules on the data they collect, how it's treated and protected and with whom it's shared. It contains specific provisions on sensitive data, data used for targeting and data sales. This piece compares CDPA to California's two privacy laws, the California Consumer Privacy Act and the more recent California Privacy Rights Act.
Read Story
5. EU antitrust regulators creeping in on privacy authorities' terrain
The EU antitrust and privacy authorities are getting competitive over the regulation of major tech companies. Where privacy authorities worry about how companies that collect large amounts of personal data are treating it, antitrust authorities worry about the fact they've collected so much at all. The idea is that the companies with the most data have the most market power. And when one company acquires another, the data trove -- and the powerful insights it provides -- can be enormous.
Read Story
6. WhatsApp changes approach, won't punish users
WhatsApp has changed its response to the Indian government over concerns that its new privacy policy violates Indian law. Based on privacy concerns, the government told WhatsApp to withdraw its new policy, First Post reports. WhatsApp said it would start deleting user accounts or disable some functionality for those who didn't accept the new terms. The company now says it will not sanction users and will instead continue to remind users of its new policy.
Read Story