A Massachusetts ballot question asks voters if they would like to impose requirements on vehicle telematics systems. “Ballot Question 1 in Massachusetts, if passed in November, would require car manufacturers that sell cars equipped with telematics systems to install a standardized, open data platform beginning with model year 2022. Such a system would allow the cars’ owners to access their telematics system data through a mobile app and give their consent for independent repair facilities…

The U.S. Department of Commerce (DoC)has updated its Frequently Asked Questions piece on the Swiss-U.S. Privacy Shield to address questions raised by the the Schrems II decision regarding the EU-U.S. Privacy Shield. Key takeaways: The court’s decision does not relieve participants in the EU-U.S. Privacy Shield of their obligations under the EU-U.S. Privacy Shield Framework. The Swiss-U.S. Privacy Shield Framework remains a valid mechanism to comply with Swiss data protection requirements when transferring personal data…

The Information Technology Industry Council (ITI) issued a statement on Schrems II: Many small and medium sized enterprises (SMEs) are affected by the Court of Justice of the European Union decision and need guidance and a solution. “We encourage the U.S. and EU governments to work together to ensure that companies can fully and safely rely on data transfer mechanisms, to ensure the long-term viability of SCCs in order to avoid legal uncertainty and economic…

Norway’s Datatilsynet issues detailed FAQ’s on #SchremsII: Notable takeaways: “[T]he additional measures…could potentially be…legal, technical or organizational measures. At present…there is great uncertainty about what kind of additional measures may be sufficient if the third country has laws that take precedence over…or otherwise lower the level of protection. This means that at present it is very challenging to transfer personal data to such third countries, and in practice it will probably not be possible for…

The Bailiwick of Guernsey’s Office of Data Protection Authority has stated its position on #SchremsII: You must invest resources into ensuring appropriate safeguards are in place. Identify if you have been relying on the EU-U.S. Privacy Shield for data transfers. Check the terms of service, contracts or privacy statements for all third parties you may use to process your data including ubiquitous social networks, mailing providers; event registration providers, collaboration software. If you have…

Senate Bill 8450C, or An Act to Amend the Public Health Law in relation to the Confidentiality of Contact Tracing Information, passed the New York State Senate and Assembly and will be delivered to the governor’s office for signature. The bill requires that information collected for COVID-19 contact tracing be kept confidential and not be disclosed other than as necessary to carry out contact tracing or a permitted purpose. Interestingly, the bill adopts the California…

Germany’s  Datenschutzkonferenz (DSK) issues its guidance on Shrems II: The transfer of personal data to the United States based on Privacy Shield is not permitted and must be discontinued immediately. Standard contractual clauses can continue to be used, but, depending on the result of the assessment of the data exporter, additional measures may be required. (This is different from the position expressed by the Berlin DPA.) The DSK does not list the supplementary measures. The…