第三十三期|国际数据合规时事速递(1月10日至1月16日)
点击蓝字|关注我们
第三十三期|国际数据合规时事速递
(1月10日至1月16日)
Issue #33 | International Data Protection News Alert
(Jan.10 - Jan.16)
1
US Lawmakers Propose Data Transparency Bill
美国议会提出数据透明法案
On 13 January 2022, U.S. Senators and Representatives introduced the Terms-of-service Labeling, Design and Readability ('TLDR') Act to require commercial websites and mobile apps to create a simple and readable summary of their terms-of-service agreements. The TLDR Act would increase online transparency and ensure consumers are informed about how their personal data is collected and used. The TLDR Act gives consumers transparency by requiring terms-of-service summaries to include: (1)The type of consumer information being collected; (2)Whether the data collected is necessary for the company to provide consumers their service; (3)A graphic diagram of how consumer data is shared with third parties; (4)Whether a consumer can delete their data and instructions on how to do so; (5)The legal liabilities of a consumer using the service, including their rights to their content, mandatory arbitration, and class action waivers; (6)A list of reported data breaches from the past three years.
2022年1月13日,美国议员提出了《服务条款标签、设计和可读性法案》(TLDR),要求商业网站和移动应用创建简单易读的服务条款协议摘要。该法案将提高数据的在线透明度,确保消费者了解他们的个人数据是如何被收集和使用的。该法案要求服务条款摘要包括以下内容,从而给予消费者服务透明度:(1)所收集的消费者信息的种类;(2)所收集的数据是否为公司向消费者提供服务所必需的;(3)消费者数据如何与第三方共享的图表;(4)消费者是否可以删除其数据以及如何删除的说明;(5)使用服务的消费者的法律责任,包括对服务内容的权利、强制仲裁和放弃集体诉讼的权利;(6)过去三年内已报告的数据泄露事件清单。
2
2021 Draft Regulations Published and Awaited National Assembly’s Approval
肯尼亚2021年条例草案已公布并等待国民议会批准
The Office of the Data Protection Commission ('ODPC') announced on 14 January 2022, the 2021 Data Protection Regulations have been published in the Official Gazette. In particular, the Regulations were first put forward for public consultation on 13 April 2021 with comments accepted until 11 May 2021. In this regard, the Regulations are now awaiting approval from the National Assembly, after which, provided no objections are made, the Regulations will come into effect. Notably, the National Assembly has 28 days from the day the Regulations are referred to it to approve or object to the Regulations.
肯尼亚数据保护委员会办公室在官方公报上发布通知宣布《2021年数据保护条例》已公布。其中,该条例于2021年4月13日首次向公众征求意见,意见反馈截止日期为2021年5月11日。该条例目前正在等待国民议会的批准,若后续并无反对意见,则该条例将生效。值得注意的是,国民议会需自条例提交之日起的28天内批准或反对。
3
CNIL Opens Consultation on Augmented Public Cameras
法国CNIL就增强型公共摄影机展开意见征求
France's data protection authority, the Commission nationale de l'informatique et des libertés, announced a public consultation on its position related to the use of augmented cameras in public spaces. The CNIL describes the cameras as those equipped with "automated image processing" tools, noting a difference from biometric recognition devices. The regulator opines the use of these cameras could "make it possible to extract various information from the resulting video streams." The consultation deadline is March 11.
法国国家信息与自由委员会(CNIL)就增强型公共摄像机的使用展开公众意见征求。CNIL将这些摄像机定义为配备了“自动图像处理”技术的摄像机,并指出了它们与生物识别设备的不同之处。监管者认为,这些摄像机可以“从结果视频流中提取各种信息。”据悉,该意见征求截止日期为3月11日。
4
QFC Issues 2021 Data Protection Regulations
卡塔尔金融中心颁布《2021年数据保护条例》
The Qatar Financial Centre ('QFC') issued on, 21 December 2021, the new QFC Data Protection Regulations ('the 2021 Regulations'), following a revision of the 2005 Data Protection Regulations and the 2005 Data Protection Rules ('the 2005 Legislation'), and a recent public consultation on one the same, which ended on 16 September 2021. In particular, the 2021 Regulations aim to clarify some of the existing provisions under the 2005 Legislation and introduce new provisions in line with global developments in data protection laws, including: (1) the establishment of a new Data Protection Office and the Data Protection Commissioner; (2)data processing principles including, among others, purpose specification, data minimisation, and storage limitation; (3)clarifications of the requirement for consent; (4) introduction of data subjects' right to data portability, right not to be subject to automated decision-making, and right to effective judicial remedy enforceable against controllers and processors; (5)requirement to implement appropriate technical and organisational measures on controllers; (6) requirement to conduct Data Protection Impact Assessments ('DPIAs') in certain circumstances. Notably, the 2021 Regulations will come into effect 180 days from the date of their issuance, i.e. 21 May 2022.
继对《2005年数据保护条例》和《2005年数据保护规则》(“2005年立法”)进行修订后,卡塔尔金融中心于2021年12月21日发布了新的《卡塔尔金融中心数据保护条例》(“2021年条例”),此前,该条例已于2021年9月16日结束了公众意见征求。特别是,2021年条例旨在澄清2005年立法中的一些现有规定,并根据数据保护法律的全球发展情况引入新规定,包括:(1)设立新的数据保护办公室和数据保护专员;(2)数据处理原则,包括目的说明、数据最小化和存储限制等;(3)澄清“同意”的要求;(4) 引入数据主体的数据可携带权、不受自动化决策影响的权利以及针对数据控制者和处理者获得有效司法救济的权利;(5)要求对数据控制者实施适当的技术和组织措施;(6)要求在特定情况下进行数据保护影响评估。值得注意的是,2021年条例将自发布之日起180天后生效,即2022年5月21日。
5
DSK Opens Consultation on TTDSG Guidance
德国数据保护会议就TTDSG展开公众意见征求
The German Data Protection Conference ('DSK') announced, on 14 January 2022, that it had opened a public consultation on its guidance on the Federal Act on the Regulation of Data Protection and Privacy in Telecommunications and Telemedia ('TTDSG'), which entered into force on 1 December 2021. In particular, the DSK noted that the consultation process is intended to review and, if necessary, further develop the guidance, but does not affect its validity and application.
德国数据保护会议(“DSK”)于2022年1月14日宣布,就其于2021年12月1日生效的《电信和电话媒体数据保护和隐私联邦法案》(“TTDSG”)的指南展开公众意见征求。DSK特别指出,征求过程旨在审查并在必要时进一步完善该指南,但不会影响其有效性和适用性。
扫二维码|关注我们
M姐 数据合规评论
微信号|M_DigitalLawandLife