News Alerts and Breach Report for Week of March 13, 2023

TikTok to Migrate Data to European Servers

Last month, both the U.S. House of Representatives and the European Commission ordered their respective staffs to remove TikTok—which is owned by Beijing-based ByteDance—from any and all work devices. And late last year, a GDPR probe by Ireland’s Data Protection Commission found that TikTok staff based in China were able to access user data belonging to EU citizens. In an effort to appease irate regulators, TikTok has announced an official transfer of EU users’ data to an Ireland-based data center, which TikTok’s European VP of government relations and public policy, Theo Bertram, says will be “a secure enclave for European TikTok user data.” The transfer project, named Project Clover, should conclude by 2024.

SXSW Panelists: Student Data Privacy is a Civil Rights Issue

Student data privacy is a civil rights issue, according to Elizabeth Laird, the director of equity in civic technology for the Center for Democracy and Technology. Her fellow panelist at SXSW this weekend, Clarence Okoh, added that in some cases, a lack of student data privacy can even perpetuate racism. The senior policy counsel for the Center for Law and Social Policy, cited an example in Minnesota, where three entities—Ramsey County, the city of St. Paul, and St. Paul Public Schools, “entered into a data-sharing agreement to increase efficiency and effectiveness in identifying young people that were at risk to be involved in the juvenile justice system.” That sort of partnership, well intentioned-or not, is problematic according to a third panelist, Marika Pfefferkorn, co-founder of the Twin Cities Innovation Alliance think tank, “because sensitive data about a student could end up being viewed by people who should not have access to it.”

Finnish Data Privacy Act Stalls

The Finnish Act on the Protection of Privacy in Working Life (Act)—which governs how Finnish companies can collect employees’ personal data—will not be amended during the current legislative period according to this alert, which notes: “The government proposal on amending the Section 4 of the Act has not progressed since May 2022 and will lapse, as the electoral term’s last parliamentary session has now ended.” For background, Finland’s Ministry of Economic Affairs and Employment launched an initiative in 2020 with the purpose of adding a consent requirement to the Act. No further movement is on the near horizon.

UK Introduces Data Protection Bill

The Data Protection and Digital Information (No. 2) Bill was introduced to Parliament last week by Michelle Donelan, the UK Secretary of State for Science, Innovation and Technology. The original version of the bill was introduced then put on pause over the course of last summer, and its younger sibling promises “a simple, clear and business-friendly framework that will not be difficult or costly to implement—taking the best elements of GDPR and providing businesses with more flexibility about how they comply with the new data laws.” According to the press release, the new bill will also ensure data adequacy with the EU and other third-countries, reduce paperwork needed for compliance, increase clarity around when businesses can process personal data without consent, and “Increase public and business confidence in AI technologies by clarifying the circumstances when robust safeguards apply to automated decision-making.”

BREACH REPORT

* * * * * * *

To read our latest article, Practical Guidance: The Technical Side of Compliance, click here.

Jody Westby hosts our podcast, ADCG on Privacy & Cybersecurity, bringing together leaders in the privacy and cybersecurity arenas to discuss a wide range of issues ranging from the proposed federal and state regulations to best practices and standards for compliance. Episodes can be enjoyed on many platforms including Spotify and Apple Podcasts. Don’t forget to subscribe!

Our most recently released episodes:

87 | Artificial Intelligence & Chatbots…Helpful or Harmful? (with guest Heather West)

86 | Using Tools to Help Manage Incident Response (with guest Lauren Wallace)

85 | How Incident Response Has Changed (with guest Violet Sullivan)

To browse our previously published articles and news alerts, please visit our website, and don’t forget to subscribe to receive free weekly Data and Cyber Governance news and Breach Reports directly to your email.

Previous
Previous

Updates to the Pennsylvania Data Breach Notification Law

Next
Next

News Alerts and Breach Report for Week of March 6, 2023