This Week in Privacy: LGPD Enforcement Provisions, US States Privacy Legislation, & OIPC PIPA Review
Brazil: Bills introduced to amend timeline of LGPD enforcement provisions
Two bills have been introduced in Brazil regarding the LGPD, one seeking to delay the enforcement provisions until 2022, whilst the other seeks their immediate application.
The bill providing for delay of the enforcement provisions sets a renewed timeline of their entry into effect 1 August 2021 to 1 January 2022. The bill highlights several considerations including that, as a result of the economic crisis due to COVID-19, the imposition of fines could further harm companies. Conversely, the bill seeking their immediate application highlights the need to respond to the exponential growth of digital data due to the pandemic.
Both bills have been introduced to the Chamber of Deputies and await further legislative discussion and review.
USA: States continue to introduce privacy legislation
The trend of States introducing bills to regulate privacy continues, with several more proposing such legislation over the last few days.
In Illinois, House Bill 3910 for the Consumer Privacy Act was introduced which includes obligations on businesses in relation to privacy notices and information provision, and providing consumers with rights of access and deletion, whilst House Bill 1492 for the Minnesota Consumer Data Privacy Act was also introduced which provides further detailed requirements around technical and organisational measures to be implemented, further consumer rights, and obligations in relation to data protection assessments.
Additional state proposals have also emerged in Massachusetts and Vermont.
British Columbia: OIPC releases supplementary submission on PIPA review
In Canada, the Office of the Information and Privacy Commissioner of British Columbia released a supplementary submission to the Special Committee which is currently reviewing the Personal Information Protection Act.
The supplement follows its earlier submission in September 2020 and recognises the federal government’s introduction of a bill to reform PIPEDA, and notes that the harmonisation between the federal law and the Personal Information Protection Act would be beneficial to businesses while also ensuring that PIPA remains substantially similar. The submission examines how the proposed federal bill and the OIPC’s recommendations of September 2020 align on certain matters, and the benefit of doing so, including in relation: mandatory breach notification requirements; consent; automated decision-making; and oversight and enforcement.