October

Data protection proposals in the UK are part of an overhaul of UK data protection laws drafted under Digital Minister, Matt Hancock. The bill will transfer the European Union's GDPR into UK law.
 
"The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world”, Hancock said. "It will give people more control over their data, require more consent for its use, and prepare Britain for Brexit."
 
Proposals included in the bill will make it simpler for people to withdraw consent for their personal data to be used, let people ask for data to be deleted, require firms to obtain "explicit" consent when they process sensitive personal data, expand personal data to include IP addresses, DNA and small text files known as cookies, and make re-identifying people from anonymized or pseudonymized data a criminal offence, among other benefits.

The Supreme Court of Canada has dismissed an appeal regarding a case where an employee was terminated for using cocaine on his days off, was involved in an accident in the workplace, and tested positive for cocaine.
 
The employer said the employee was terminated not because of his addiction, but rather his breach of the company's drug abuse policy (failure to disclose an addiction). While the employee was able to establish that he had a disability that was protected, he failed to establish that the disability was a factor in his termination.
 
The Court said that where there is the opportunity to voluntarily disclose an addiction and receive treatment, employees who hide an addiction will be held accountable for putting themselves and their co-workers at risk.

The Argentinian Data Protection Authority has approved Data Protection Standards for Ibero-American States.
 
The Standards seek to address the lack of harmonization in Ibero-American states regarding data protection by issuing a series of principles and common rights to serve as a framework for the adoption and development of legislation in the region. The Standards provide definitions of anonymization, consent, personal data, sensitive personal data, data controller, data processor, and data processing. They also call for mandatory data breach notification requirements, subject to certain exemptions, and set out the conditions for such notification.
 
In addition, the Standards set out criteria for obtaining consent, require controllers to implement adequate security measures, recognize data subjects' right to data portability, and establish general rules for international data transfers.