This Week in Privacy: 13 December 2021
December 13, 2021
International: UK and US issue joint statement on data partnership
The UK and the US issued a joint statement on their commitment to deepening their data partnership.
The UK Secretary of State for Digital, Culture, Media & Sport, Nadine Dorries and the US Commerce Secretary, Gina Raimondo noted that significant progress had been made by respective teams to support, stabilise and realise the benefits of bilateral data flows, and that there was commitment to achieving a successful and enduring partnership, including on adequacy.
Additionally, the US and the UK announced plans to collaborate on bilateral innovation prize challenges focused on advancing privacy-enhancing technologies. According to the statement, the prize challenges will aim to help mature and facilitate adoption of these promising technologies.
It is anticipated that the prize challenges will launch in the spring of 2022.
British Columbia: PIPA review committee issues report with recommendations for reform
The Special Committee to Review the Personal Information Protection Act released its report with recommendations to modernise British Columbia's private sector privacy law.
The report makes 34 recommendations, which include:
- aligning PIPA with provincial, federal, and international privacy legislation;
- adding provisions to reflect modern information processing practices and their impact on privacy;
- ensuring individuals have meaningful control over their information;
- explicit protections for sensitive information such as biometric data;
- mandatory notification following a significant privacy breach; and
- enhancing the enforcement powers of the Information and Privacy Commissioner.
The report also assesses the current privacy landscape in British Columbia to highlight the necessity for the proposed recommendations.
Read more here.
Zimbabwe: New Data Protection Act enacted
Zimbabwe's first comprehensive privacy law, the Data Protection Act, was enacted.
The Act is applicable to the processing of data carried out in the context of the effective and actual activities of any data controller, and to the processing and storage of data by a controller who is not permanently established in Zimbabwe, if the means used, whether electronic or otherwise is located in Zimbabwe, and such processing and storage is not for the purposes of the mere transit of data through Zimbabwe. Under the Act, data subjects are provided with several rights, including the right of access, objection, correction, deletion and the right to be informed. Data controllers are also required notify the Authority within 24 hours of any security breach.
The Act includes requirements around international data transfers to jurisdictions ensuring adequate levels of protection as well as those that do not.
Read more here.