|Research by Industry/Sector
May 24, 2013
|Data Privacy News Archive |
Data Privacy and Cross-Border Data Flows: News Archive
- On September 13th, OTEC’s Josh Harris spoke at the International Association of Privacy Professionals KnowledgeNet regarding the Asia Pacific Economic Cooperation Cross-Border Privacy Rules system, highlighting how it works and how U.S. companies can participate.
- On July 26 2012, the United States formally commenced participation in the APEC Cross Border Privacy Rules (CBPR) system. The CBPR requires interested organizations to develop their own internal business rules on cross-border privacy procedures, which must be assessed as compliant with the minimum requirements of the APEC system by an independent public or private sector body, called an Accountability Agent. The goal of the system is to enhance electronic commerce, facilitate trade and economic growth, and strengthen consumer privacy protections across the Asia Pacific region. Additional information here.
- On May 9th and 10th, the OECD held is biannual WPISP meeting. OTEC’s Caitlin Fennessy joined the U.S. delegation to the WPISP and participated in the Privacy Volunteer Group discussions on the review of the 1980 Privacy Guidelines.
- On March 19th, EU Commission Vice-President Viviane Reding and U.S. Commerce Secretary John Bryson released a Joint Statement on Privacy. The statement reaffirms the EU and U.S. commitments to the Safe Harbor Framework, to promoting the rights of individuals to have their personal data protected, and to facilitating interoperability of our commercial data privacy regimes.
- On March 19th, the European Commission hosted a conference on Privacy and Protection of Personal Data in Washington, DC. The conference covered transatlantic privacy issues, focused on current policy and legislative initiatives in the European Union and the United States, and included a discussion of the US-EU Safe Harbor Framework.
- On March 8th, the International Trade Administration and Switzerland’s State Secretariat for Economic Affairs released the U.S.-Swiss Safe Harbor Framework: A Guide to Self-Certification (Guide). The Guide will soon be available at http://export.gov/safeharbor/. For additional information contact David Ritchie.
- On February 23rd, the White House unveiled a new comprehensive privacy blueprint. The report: Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Digital Economy
- On February 23rd, OTEC’s Caitlin Fennessy gave a presentation on APEC Cross Border Privacy Rules Accountability Agent Recognition at the Centre for Information Policy Leadership Accountability Phase IV Experts Meeting in Brussels.
- From January 30th to February 4th, OTEC’S Josh Harris led the U.S. delegation to the APEC Electronic Commerce Steering Group Meetings in Moscow, where economies began work to implement APEC’s Cross Border Privacy Rules System.
- On January 25th, the European Commission proposed a reform of the EU’s 1995 data protection directive. The proposed Regulation is now under consideration in the Parliament and European Council.
- On December 21st, Mexico issued the final version of its Regulations of the Federal Law for the Protection of Personal Data Held by Private Parties. The Regulation went into effect on December 22nd.
- On November 12th, the 2011 APEC Leaders’ Statement directed economies to implement the APEC Cross Border Privacy Rules System to reduce barriers to information flows, enhance consumer privacy, and promote interoperability across regional data privacy regimes.
- On November 1st, ITA’s Deputy Under Secretary Michelle O’Neill spoke at the OECD conference Current Developments in Privacy Frameworks: Towards Global Interoperability in Mexico City.
- On November 1st, 2011, the OECD will hold a Privacy Conference in Mexico City.
- On July 6, 2011 Mexico released draft regulations implementing its data protection law. They are now available for public comment and posted on COFEMER’s website here. August 3rd will be the last day to submit comments regarding these draft regulations, which can be sent to firstname.lastname@example.org
- On June 28, 2011 Mexico published two new guides on how to draft a Privacy Notice and how to designate a Privacy Officer, both of which can be found here.
- On June 28 and 29, 2011, the OECD held a High Level Meeting on the Internet Economy. This high-level meeting built on the OECD Ministerial on the Future of the Internet Economy held in Seoul, Korea in June 2008. It brought together leaders from all stakeholder communities with the aim of fostering the development of the Internet economy. At the conclusion of the meeting, they released a communiqué on principles for internet policy-making, available here.
- On June 9 and 10, 2011, the OECD Working Party on Information and Security (WPISP) met in Paris, France. At these biannual meetings, delegations discussed the ongoing review of the 1980 OECD Privacy Guidelines and work to ensure the continued relevance of the OECD privacy framework given changing technologies.
- On June 7, 2011, the Peruvian Congress passed a federal data protection law, which establishes principles and consent requirements for data processing. President Garcia is expected to sign the bill before his term ends. The legislation creates a commission that will have 120 days after the bill is signed to draft implementing provisions. The text of the legislation is available here.
- On May 26, 2011, amendments to the EU Privacy and Electronic Communications governing websites use of “cookies” came into force. The amendments were adopted in November 2009 and require websites to gain users’ consent to place cookies on their devices, unless they are strictly necessary to provide an explicitly requested service. EU members were given 18 months to translate the new regulations into national law. However, a number of countries missed the May 26th deadline. The text of the 2009 amendment is available here.
- May 23 through May 27, 2011, the Online Dispute Resolution Working Group of the United Nations Commission on International Trade Law met in New York. During the week-long meetings, delegations discussed the development of procedural rules for online dispute resolution for cross-border electronic commerce. Additional information is available here.
- On May 6, 2011, the Office of the Privacy Commissioner of Canada released their final report on their 2010 Consultations on Online Tracking, Profiling and Targeting, and Cloud Computing. The report, available here, recommends stronger privacy protections, urging organizations to limit personal data collection to what is reasonable and appropriate and to obtain informed consent.
- On May 3, 2011, Canadian federal and provincial privacy commissioners launched a new online self-assessment tool to help organizations determine how well they are protecting personal information in line with Canada’s commercial privacy laws. Additional information is available here.
- On April 27, 2011, Costa Rica’s Supreme Court ruled that a draft data protection law, available here, is constitutional. The legislation is expected to pass in 2011 or 2012.
- On April 11t, 2011, India’s Ministry of Communications and Information Technology provided notification for a variety of rules implementing sections of the Information Technology Act, 2000 as amended in 2008. The rules that were notified address reasonable security practices and procedures and sensitive personal data or information, guidelines for intermediaries, and guidelines for cyber-cafes. The text of the new rules is available here.
- On December 16, 2010, the Department of Commerce released a Privacy Green Paper, entitled Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework.
- On November 8, 2010, Mexico's Ministry of Economy will hold a workshop on planned implementation of its new commercial sector data protection law. The workshop will be held at the Ministry in Mexico City from 8:30AM to 5PM and will be conducted in Spanish. Both the Under Secretary for Commerce and Industry and the Director General for Domestic Trade and the Digital Economy are scheduled to speak. During the event, a series of panels will discuss the requirements for privacy notices, industry best practices and self-regulatory mechanisms, as well as implications for cross-border data flow and the importance of international cooperation. Interested U.S. and Mexican stakeholders are encouraged to attend. Additional information regarding the agenda and free registration is available at http://www.edigital.economia.gob.mx/Evento%20Datos%20Personales.htm.
- On October 25, 2010, the Office of the Privacy Commissioner of Canada published a draft report on the Office’s 2010 public consultations on online tracking, profiling, targeting and cloud computing. The Office noted that the draft report summarizes the comments received during the consultation process as well as the views of the Office. They expect that this report will help inform the next legislative review of the Personal Information Protection and Electronic Documents Act (PIPEDA). In addition to proposing a path forward, the draft report seeks additional input from stakeholders. The Office has asked for public feedback by November 26, 2010. The report and information on submitting comments is available at http://www.priv.gc.ca/resource/consultations/index_e.cfm.
- On October 24, 2010, the White House National Science and Technology Council announced the launch of the Subcommittee on Privacy and Internet Policy. The Subcommittee will be co-chaired by Department of Commerce General Counsel Cameron Kerry and Department of Justice Assistant Attorney General Christopher Schroeder. The Subcommittee will include representatives from a variety of federal Departments, agencies, and offices and will develop strategic directions to foster consensus in legislative, regulatory and international Internet policy efforts in cooperation with stakeholders. The Office of Science and Technology blog post announcing the Subcommittee's launch is available at: http://www.whitehouse.gov/blog/2010/10/24/white-house-council-launches-interagency-subcommittee-privacy-internet-policy
- On October 12, 2010, the Article 29 Working Party, an independent European advisory body on data protection and privacy, determined that Uruguay's legal system provides "adequate" protection for personal data in line with the standards of the European Data Protection Directive. This determination was based primarily on Uruguay's adoption of Law 18,331, on the Protection of Personal Data and “Habeas Data” Action (LPDP) in 2008 and the implementing regulations. The Article 31 Committee and European Commission must still make a final decision on Uruguay's adequacy status before it becomes official. Once adequacy status is given, companies will be able to more easily transfer personal data of European citizens to Uruguay for processing. Additional information on the opinion of the Article 29 Working Party is available at http://ec.europa.eu/justice/policies/privacy/docs/wpdocs/2010/wp177_en.pdf.
- From September 15–September 18, 2010, OTEC Director Robin Layton led the U.S. delegation to the Asia Pacific Economic Cooperation (APEC) Electronic Commerce Steering Group meetings in Sendai, Japan. The group discussed the ongoing implementation of the APEC Privacy Framework and the rollout of the APEC Data Privacy Pathfinder project. The outcomes report of this meeting is available here. More information on OTEC’s work on the APEC Data Privacy Pathfinder can be found here.
- On September 21, 2010, the Global Privacy Enforcement Network (GPEN) officially launched its website, accessible at https://www.privacyenforcement.net. GPEN, which is composed of thirteen privacy enforcement agencies from across the globe, aims to facilitate cross-border cooperation in the enforcement of privacy laws. The network was officially launched in March 2010. The thirteen member authorities represent the United States, Canada, France, New Zealand, Australia, Israel, Ireland, Spain, the United Kingdom, Italy, the Netherlands, Germany, and Victoria, Australia. FTC Chairman John Leibowitz highlighted the value of GPEN, stating, “Cooperation is critical in the enforcement of privacy laws. GPEN will provide us with the necessary tools to facilitate cooperation with our international counterparts.”
- On June 14, 2010, the Argentine Personal Data Protection Authority issued Resolution 18/2010, which states that Argentina’s adequacy requirement for the transfer of data across borders (mandated by Personal Data Protection Law No. 25,326) may be fulfilled through the use of a cross-border data transfer agreement that provides for this kind of protection. The agreement must comply with certain guidelines established by the Authority. Resolution 18/2010 is available in Spanish at http://www.jus.gov.ar/media/86578/D2010_018.pdf.
This page was last updated on 03/13/2013. This site is operated by the Office of Technology and Electronic Commerce (OTEC) division of the International Trade Administration, U.S. Department of Commerce.