Below are snapshots of recent global updates courtesy of Nymity Research.
COVID-19: Workplace Vaccine Policies Should be Consistent and Flexible
A law firm suggests that US employers design a vaccine verification policy that clearly identifies what records the employee must provide (e.g., CDC-issued vaccination card) and should not provide (e.g., medical or genetic information ancillary to the actual inoculation), and consider what should happen if an employee cannot obtain verification; be cautious about implementing a “vaccination only” policy or creating workplace policies that provide certain benefits only to vaccinated individuals. Read more here.
Legislation: Germany Passes Telecommunications Data Protection Law
Effective December 1, 2021, telemedia companies and telecoms must have user-friendly consent management services (“CMS”), only store user traffic or location data on a user’s terminal equipment with end-user consent, conduct security assessments to determine whether their CMS complies with the GDPR, only process traffic data for operational purposes (i.e., maintaining telecommunications, billing purposes, and establishing connections), and disclose password and access data for criminal investigations. Read more here.
Legislation: North Carolina Introduces Comprehensive Privacy Obligations
If passed, controllers must comply with personal data processing principles (transparency, purpose limitation, data minimization, security), conduct annual assessments of processing for targeted advertising, profiling, personal data sales, and comply with requests from consumers (access, correction, deletion, data portability); violations can result in penalties by the AG up to $5,000 for violations and civil actions by aggrieved individuals. Read more here.
Legislation: Federal Bill Makes Major Changes to Children’s Online Privacy Rules
If passed, online privacy protections would be extended beyond children under 13 years of age to teens or “minors” between the age of 12 and 16, and require the implementation of a Digital Marketing Bill of Rights for Minors that limits the collection of PI from teens; internet companies would be prohibited from collecting PI of a minor without their consent and must comply with deletion requests, and manufacturers of connected devices directed at a child or minor must comply with transparent packaging requirements. Read more here.
Stay informed with daily comprehensive regulatory updates using Nymity Research. Minimize the need for time consuming searches for accurate analysis with easy to understand alerts on the latest privacy laws. Start a free trial today.