The Privacy Professional

By Privacy Counsel What is PECR?  In February of this year, the Information Commissioner’s Office (ICO), or UK’s Data Protection Regulator, published additional guidance on the Privacy and Electronic Communications Regulations (PECR) , initially passed in 2003, on applying PECR to the DPA. How does PECR apply? There is frequently a lot of discussion around the e-Privacy Directive ( Directive 2009/136/EC ) and very little surrounding the UK. Although the UK is no longer part of the EU, it has adopted a GDPR national privacy law, The Data Protection Act (DPA). PECR applies in the context of UK residents specifically. The e-Privacy Directive applies to GDPR and EU residents. The chart below provides the similarities and distinctions between the two.    Differences from the E-Privacy Regulation PECR E-Privacy Directive Scope PECR applies to the transmission of unsolicited electronic messages to individuals in the UK. ePD applies to the processing of personal data and security of the trans

  By Victorianne Musonza, Privacy Counsel Meta was recently fined 400 Million Euros by the Irish Data Protection Commission for privacy violations, mainly because they failed to adhere to GDPR processing restrictions on personal data. According to Politico , Helen Dixon of the Irish DPC also seeks to prevent Meta from using standard contractual clauses (SCC) to facilitate personal data transfers from the EU to the US. Read more about this here .

Right on the heels of South Dakota, who passed their data protection bill in February of this year, Alabama is the 50th and final State to pass a data protection bill. Alabama SB 318 was passed this month. The codification of state data protection laws began in 2003 with California. To date all remaining states have followed suit. SB 318 , seemingly incorporates Health Insurance Portability Accountability Act's ( HIPAA ) terminology and some application. Class of protected The statute applies to individuals residing within the state. Individuals rights Individuals are afforded protection from the breach , which is defined as the unauthorized acquisition of personally identifiable information (PII). PII is also referred to as personal data , in some jurisdictions. Data Protected The statute outlines the type of PII that is protected under the statute as “electronic data ” that can be any of the following : Identification number (military, driver’s

In the EU, individual privacy and data protection have been a fundamental rights for quite some time and is now a way of life under GDPR .  Data protection in the U.S. is a fairly new concept. In 2003, California was the first state to pass a data protection law. Since then, 48 other states have followed suit by passing data protection laws that protect the personal data of their respective residents. South Dakota is not the last state, but by passing SB 62 in February of this year it is still pretty late to the data protection party. Class of the protected individuals The bill applies to individuals residing in the state. Individual Rights Individuals have the right to have their personally identifiable information (PII) from being acquired by an unauthorized parties (breach ). PII is defined as “ computerized data ” consisting of first name (or first initial) and last names AND one of the following : Identification number (such as social security numbers