News Net Nebraska

Complete News World

Protection of personal data, even the US is moving: what changes compared to the EU

Protection of personal data, even the US is moving: what changes compared to the EU

(By Advocate Alessandro del NiñoDonucci & Partners Partner, IT)

In the United States on June 21, a comprehensive federal draft law to protect personal data was presented to the US House of Representatives.US Data Privacy and Security ActADPPA, if it is approved (after 180 daysLaw President) is the first organic bill aimed at recognizing basic data rights for American consumers.

The US bill can be compared to the EU Data Protection Regulation (GDPR) to identify common features and significant differences.

So let us analyze only some basic features of ADPPA.

For subjective use, the so-called ADPPA applies Closed Institutionsmeans any natural or legal person (other than those acting in a non-commercial context) that determines the purposes and methods of data collection, processing or transfer, either individually or jointly with others, and is subject to jurisdiction; Federal Trade Commission; or a telecom operator (common carrier) subject to prevailing norms Communications Act of 1934; or a non-profit organization. Again: includes or includes any company or person controlled / or under common control by one of the companies or persons listed above.

However, this (unlike the European GDPR) does not apply to government agencies and any person who collects, processes or transfers data on behalf of government agencies at federal, state, regional or local level.

The ADPPA protects data that identifies a natural person residing in the United States; connected or attached to that resident; identify a device, including personal identifiers, that are connected or reasonably capable of being connected; are derived from other information. On the other hand, the personal data of their identity and the data of workers are not included in the protection of ADPPA; Publicly available information and information obtained from various publicly available information sources.

See also  Forex, dollar steady as Fed waits minutes for clues on US rates

As is already happening in the European Economic Area with the GDPR, the ADPPA contains precise provisions on the protection of so-called “sensitive” data, even when comparing “data of a specific nature” with the strictly qualified GDPR. Member of the US Legislature between Key data This includes certain information that is not of a “specific nature” under the GDPR. For example, an identification number or a document issued by a government authority – a passport or driver’s license – is considered sensitive data. So are numbers: financial accounts, bank and credit debit cards, or information related to income levels in bank accounts or bank statements. They are also sensitive data: personal communications of a natural person, such as voice messages, e-mails, SMS, direct or postal messages or information identifying the parties to such communications, voice communications and any information related to such communications. , data highlighting precise geolocation, device authentication credentials and created accounts. Again: account or device-related access or security codes, all information identifying a person under 17 years of age, or contained in a calendar or address book, text or phone records. But photographs, audio or video recordings kept for personal use, information revealing content or video services requested or selected by a natural person from a provider of multimedia services in television broadcasting, cable services, satellite services or streaming. For the rest, the definition of sensitive data in the ADPPA is consistent with information of a specific nature identified by the GDPR.

The ADPPA contains precise provisions on information to be made to consumers, mitigation policies and Privacy by designChildren’s data protection, rights Data protection Provisions for consumer (the commercial perspective is strong in the US data law proposal), marketing and commercial profiling (basicallyOpt out) and on appeal and defense mechanisms.

See also  Chip, the United States and the European Union plan to resolve the crisis