By Tess Waldron
As has been widely reported, on 6 November 2012 the ICO fined Prudential £50,000 for what was described by the ICO’s head of enforcement, Stephen Eckersley, as a case that “would be considered farcical were it not for the serious sums of money involved”.
The breach originally occurred in 2007, when the records of two individuals with the same first name, surname and date of birth were erroneously merged, causing thousands of pounds meant for
The pressure on companies to adapt to stronger privacy regulation and enforcement in the EU increased this week, following the release of a letter to Google on behalf of 30 European data-protection commissioners.
On October 16, 2012, the Article 29 Data Protection Working Party publicly disclosed the correspondence it sent simultaneously to Google following the investigation into Google’s new privacy policy that started in February this year. In the correspondence (letter and appendix), the European data protection
Do we need to regulate generally accepted, low risk forms of data processing that individuals are now comfortable with as part of daily life (e.g. on-line orders, payroll processing and employment contract administration) to the same standard as types of processing that intrude more clearly on an individual’s privacy (e.g. tracking user preferences, monitoring communications etc.)? Should the draft European Data Protection Regulation impose differing standards depending on the risk to the individual from the processing in question, rather than
An August 2 webcast on Compliance and Enforcement in the Hospitality Industry looked at the FTC proceedings in the Wyndham Hotels matter and identified some key takeaways, while considering how similar issues might play out in the European Union. (For those unable to follow the live webcast, the full presentation is now available online.)
Some of the key points covered in the discussion include:
With data breaches and the new cookies rules never far from the press or industry agendas, and with a new European framework on the horizon, the past year has been a busy one for the Information Commissioner’s Office (ICO). Its Annual Report for 2011/12, along with a companion webcast, reflect this changing privacy landscape. Both offer useful insights into the ICO’s priorities for the coming year.
In terms of enforcement action (perhaps one of the most
By Gail Crawford and Amy Taylor
It seems somewhat fitting to blog about the USA Patriot Act on this Fourth of July. On the second day of the annual Privacy Laws & Business conference in Cambridge, Peter McLaughlin, senior counsel at Foley & Lardner, took to the floor with the aim of “distinguishing fact and fiction about the scope of the law and its impact on companies outside the United States” for a predominantly European audience.
In the last slot of the
The French Data Protection Authority (CNIL) has issued a working document setting out its recommendations to companies contemplating the use of cloud computing services. This is in part the result of a public consultation carried out by the CNIL from October to December 2011. The guidance includes a checklist applicable to both private and public clouds with seven key steps, summarized below, to be followed by cloud customers:
1. Identify the types of data and the data processing that could
By Gail Crawford, Amy Taylor, and Ben Wright
The UK Information Commissioner’s Office (ICO) 12-month grace period for enforcing compliance with the new cookie consent rules has now expired. If you are not yet compliant, you need to take action.
Over the course of the 12-month grace period, we have seen guidance released from, amongst others, the ICO, setting out its interpretation of the new rules; the International Chamber of Commerce (ICC), working with industry to publish a
The European Commission adopted a proposal to reform European privacy law on 25 January 2012. According to the Commission the reform will “strengthen online privacy rights and boost Europe’s digital economy.” Time will tell whether the former is compatible with the latter.
The proposal now moves to the European Parliament and to the Council representing the member state Governments for discussion. Since the first draft leaked in November, a number of amendments have been made to make the proposal less
The Directorate General for Justice of the European Commission has in recent weeks worked to overcome criticism from other Directorates on its draft proposal to reform Europe’s privacy law. It now appears possible that the proposal for the reform is back on track for adoption at the Commissioner’s Meeting scheduled for 25 January 2012. From there, the proposal would move into the legislative process, requiring approval by the European Parliament and the national Governments via their representatives in the
