Global Privacy & Security Compliance Law Blog

Category Archives: Privacy

Subscribe to Privacy RSS Feed

The Countdown to the General Data Protection in Europe Has Begun

By Gail Crawford and Lore Leitner Today, after more than four years of debate, the General Data Protection Regulation (GDPR, or the Regulation) enters into force. The GDPR will introduce a rigorous, far-reaching privacy framework for businesses that operate, target customers or monitor individuals in the EU. The Regulation sets out a suite of new … Continue Reading

Are Changes in Store for the Stored Communications Act?

By Serrin Turner Last week saw action on two fronts regarding the Stored Communications Act (SCA) – the US federal statute regulating government searches of online accounts in criminal investigations. In Congress, a proposal to reform the SCA advanced in the House; and in the courts, Microsoft sued to challenge a provision of the SCA as … Continue Reading

Analysis of the FCC’s Proposed Broadband Privacy Regulations

By Amanda Potter and Alex Stout As we highlighted in a post last month, the FCC has proposed sweeping new privacy rules on broadband providers. Since our last post, the FCC has released its proposal in the form of a Notice of Proposed Rulemaking. This proposal would institute new customer privacy and data breach rules … Continue Reading

Recent Amendments to the Russian Personal Data Protection Legislation: The Right to be Forgotten

By Mikhail Turetsky, Ksenia Koroleva and Lore Leitner On July 13, 2015, the Russian President signed Federal Law No. 264-FZ (the Law), which introduced a range of amendments into Russian legislation (the Amendments). In particular, the principle of the “right to be forgotten”, a concept not previously recognized under Russian law came into effect on … Continue Reading

Privacy Shield is on its Way

By Ulrich Wuermeling, Jennifer Archie & Lore Leitner On March 17, 2016, the Civil Liberties Committee convened to discuss whether the Privacy Shield framework that will replace Safe Harbor provides adequate protection to the data of EU citizens. A number of experts were questioned including: the US lead negotiator, the EU Data Protection Supervisor, members of the … Continue Reading

FCC Proposes Broad Privacy Regulations for Broadband Providers

By Matt Murchison and Alex Stout Last week, the FCC announced that Chairman Tom Wheeler had circulated a Notice of Proposed Rulemaking (NPRM) on implementing Section 222’s privacy obligations for broadband providers. Section 222’s requirements were originally crafted for telephone companies, and were first applied to broadband providers as part of the 2015 Open Internet … Continue Reading

Proposal of EU-US Privacy Shield Leaves Businesses in State of Uncertainty

By Ulrich Wuermeling, Gail Crawford and Jennifer Archie Earlier this week, the European Commission announced that a “political” agreement has been reached on a new framework for data flows from the EU to the US. The announcement highlights a few changes from the old Safe Harbor regime, such as more direct and active oversight by US … Continue Reading

Political Agreement on European Data Protection Regulation

By Ulrich Wuermeling A political compromise has been reached on the new European Data Protection Regulation. On December 15, 2015, the negotiators in the so-called “informal trilogue” between the Council, the Parliament and the European Commission closed the final issues. Meanwhile, the Luxembourg Presidency informed the LIBE-Committee of the Parliament as well as the Permanent Representatives Committee … Continue Reading

Final Negotiations on European Data Protection Regulation

By Ulrich Wuermeling Almost four years after the European Commission introduced their draft for a new European Data Protection Regulation, negotiators of the European Parliament and Council are close to agreeing on a compromise text, set for December 15, 2015. If the final negotiations in the so-called “informal trilogue” are successful, the legislative process can be formally … Continue Reading

WEBCAST Safe Harbor: Staying Alive?

Speakers: Gail Crawford, Jennifer Archie, Ulrich Wuermeling On October 6, 2015, the European Court of Justice invalidated the EU Commission’s decision that had allowed companies to transfer personal data from the EU to the United States under the EU-US Safe Harbor Framework. Two months on, various bodies and EU privacy regulators have issued guidance, including … Continue Reading

FTC Administrative Law Judge Issues Initial Decision in LabMD Matter

By Jennifer Archie, Scott Jones and Alex Stout In a stunning victory, an administrative law judge has recommended the dismissal of a long-pending US Federal Trade Commission (FTC) complaint against LabMD, Inc. (LabMD). In a strongly worded opinion in a case that had become highly politicized following 2014 congressional hearings, ALJ D. Michael Chappell found … Continue Reading

European Commission Defends Model Contracts

By Ulrich Wuermeling On November 6, the European Commission issued a comprehensive Communication on the consequences of the Schrems Judgment of the Court of Justice of the European Union (ECJ). In the Communication, the Commission puts national data protection authorities in their place by stating that Model Contracts are a valid alternative measure to provide … Continue Reading

DIFC in Dubai Says Transfer to US Cannot Rely on Safe Harbor

By Brian Meenagh On October 26, 2015, Raja Al Mazrouei, the Commissioner for Data Protection for the Dubai International Financial Centre (the DIFC), issued guidance on the adequacy of US Safe Harbor for the purpose of exporting personal data from the DIFC. The guidance is significant for organisations that transfer personal data from the DIFC to the … Continue Reading

European Commission Pushes New Agreement with the US

By Ulrich Wuermeling On October 26, the European Commissioner Věra Jourová addressed the Parliament Committee on Civil Liberties, Justice and Home Affairs to discuss the consequences of the Schrems Judgment of the Court of Justice of the European Union (ECJ). Jourová commented on the status of the negotiations with the US to find a new solution … Continue Reading

German Data Protection Authorities: Hope for Model Contracts?

By Ulrich Wuermeling An early Position Paper of the German data protection authority of Schleswig-Holstein on the Schrems Judgment of the Court of Justice of the European Union (ECJ) gave little hope for practical alternatives to Safe Harbor. On October 26, all German data protection authorities published a more reasoned joint Statement that follows the … Continue Reading

European Data Protection Authorities Grant Grace Period Until End of January 2016

By Gail Crawford, Ulrich Wuermeling and Jennifer Archie The so called Article 29 Working Party met on October 15, 2015 to discuss the consequences of the Schrems Judgment of the European Court of Justice (ECJ). On October 16, 2015, the Working Party published a Statement summarizing their initial conclusions. The Working Party includes representatives of … Continue Reading

European Court of Justice: Safe Harbor Decision Is Invalid!

By Jennifer Archie, Gail Crawford and Ulrich Wuermeling On October 6, the European Court of Justice ruled that Decision 2000/520 of the European Commission, which stated that Safe Harbor-certified US companies provide adequate protection for personal data transferred to them from the EU (the Safe Harbor Adequacy Decision), is invalid (Case C-362/14 – Maximillian Schrems … Continue Reading

European Court of Justice Advocate General Opinion: The End of Safe Harbor?

By Ulrich Wuermeling On September 23, the European Court of Justice heard the case which will determine whether US companies can rely on Safe Harbor as a measure to provide adequate privacy protection for personal data imported from the European Union. As of today, more than 4000 US companies have notified the Department of Commerce … Continue Reading

St. Elizabeth’s Medical Center Pays $218,400 to Settle Alleged HIPAA Security Case Stemming from Use of Cloud-Based Document Sharing Service

By Jennifer Archie, Susan Ambler Ebersole, and Kasey Branam Alleged HIPAA Violations Resulted from Medical Center’s Failure to Risk Assess Internet-Based Document Sharing Application and Inadequate Breach Response The US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) reached a settlement in the form of a Resolution Agreement and Corrective Action … Continue Reading

Update on the Russian Data Localization Law

By Lore Leitner & Ksenia Koroleva Since the proposal of Federal Law No. 526-FZ (the Law) in December 2014, the Russian data protection regulator (Roscomnadzor) has not issued any official comments on the application of the new Law. Roscomnadzor did recently hold several meetings with a number of representatives of major IT companies in Russia … Continue Reading

English High Court Declares UK Legislation Expanding Government Powers to Retain and Intercept Data Unlawful

The English High Court has declared that UK legislation which expanded government powers to require communication providers to retain communication traffic data is incompatible with human rights, and is unlawful. The legislation is seen by the government as a key power to ensure that such data is accessible by law enforcement and security services to … Continue Reading

FCC Releases New Clarifications Regarding the TCPA

On July 10, the Federal Communications Commission (“FCC”) released the text of a Declaratory Ruling and Order, initially adopted on June 18, that provides various clarifications regarding the Telephone Consumer Protection Act of 1991 (“TCPA”) and the FCC’s existing rules. The proceeding that led to the Order attracted widespread attention and was the result of nearly … Continue Reading

FCC Finds Fault in User Agreement and Issues Stern Guidance for Telemarketing Calls

June is proving to be a very active month for the US Federal Communications Commission (FCC) in construing the Telephone Consumer Protection Act, including what sorts of consumer interactions are sufficient to meet the requirements for consent to receive marketing or other messages. This post reports on an extraordinary warning letter issued to PayPal, criticizing … Continue Reading
LexBlog