Below are snapshots of recent global updates courtesy of Nymity Research.
Law Enforcement: South Korea PIPC Requirements for Emergency Disclosures
Personal information handlers may be required to disclose personal data to law enforcement to protect an individual’s life or if required by law (i.e., disaster prevention, locate missing children, emergency rescue requests); personal data disclosed for an emergency purpose cannot be used for a secondary purpose, individuals must be notified about the disclosure of their personal data for an emergency purpose, and only the necessary information to fulfill the emergency purpose may be disclosed. Read more here.
Legislation: Italy Amends Processing for Public Interest Purposes
Effective October 9, 2021, the Decree amends the Italian Privacy Code to repeal the existing provision on high risk processing for public interest, and permit processing by a public administration or public company (as defined), where necessary to fulfil a task in the public interest, or to exercise public powers, provided that information on the controller, processing and exercise of data subject rights is included; related amendments are made to the retention requirement for phone traffic data, and an enforcement mechanism through the GPDP is added for revenge porn violations. Read more here.
COVID-19: DPA Turkey Clarifies PHI May be Processed for Public Health
The DPA emphasises that processing personal health data related to COVID-19, such as vaccination status and PCR test results, is necessary in order to protect public health, public security and public order within the scope of combating the pandemic; there is no obstacle to processing COVID-19 vaccination information and/or PCR test information within the scope of preventive and protective activities carried out by public institutions and organisations as defined in order to limit the spread of the pandemic. Read more here.
Legislation: California Governor Signs Genetic Information Privacy Act into Law
Effective immediately, companies must develop procedures and practices to enable consumers to exercise their rights (such as being able to access their genetic data), and destroy consumer’s biological samples within 30 days of revocation of consent; genetic data cannot be disclosed to any entity offering health or life insurance, consumers cannot be discriminated against for exercising any consumer rights, and violations of this Act can see fines between $1,000 to $10,000. Read more here.
Stay informed with daily comprehensive regulatory updates using Nymity Research. Minimize the need for time consuming searches for accurate analysis with easy to understand alerts on the latest privacy laws. Start a free trial today.