Although Brazil’s new General Data Privacy Law (LGPD) significantly expands Brazil’s data protection framework and places the country among one of the few jurisdictions to provide similar data privacy protections as those offered in the European Union, the new law did not create a data protection authority. On 28 December 2018, outgoing President Michel Temer signed Medida Provisória no. 869/18, a last-minute executive order that made important changes to the LGPD and most notably created the Brazilian National Data Protection Authority (ANPD).
The UK Information Commissioner and the Secretary of State for Justice have entered into Memoranda of Understanding on the handling of information requests in relation to national security cases under the UK’s Data Protection Act, Freedom of Information Act and Environmental Information Regulations. The new Memoranda set out guidelines as to how the Information Commissioner’s office and government departments will cooperate with one another in cases where a government department refrains from disclosing information to an individual, or the ICO, on the basis of national security.
On November 27, the European Commission released a strategy memo on rebuilding trust in the mechanisms allowing data to flow from the European Union (“EU”) to the United States. The Commission recognizes that EU-U.S. data flows are essential to the strategic and economic partnerships between the two markets. However, revelations about U.S. surveillance programs have, according to the Commission, caused EU Member States and citizens to believe that the current data transfer mechanisms do not provide adequate protections for personal data. To address those concerns and rebuild trust in transatlantic data flows, the Commission recommends six initiatives, including specific recommendations for reforming the U.S. privacy framework. Of particular note, the Commission identified several shortcomings with the EU-U.S. Safe Harbor framework and offered 13 recommendations for reform. And the Commission once again calls on the United States to adopt comprehensive privacy legislation.
In an August 13 letter to Commissioner Viviane Reding, Article 29 Working Party Chair Jacob Kohnstamm requested more information regarding the United States’ national security surveillance program, including the widely-publicized PRISM program.
On February 26, the U.S. Supreme Court ruled in Clapper v. Amnesty International that a group of U.S. citizens and U.S.-based organizations did not have standing to challenge the constitutionality of a provision of the Foreign Intelligence Surveillance Act (FISA) that allows the U.S. Government to monitor the electronic communications of non-U.S. persons located on […]