By Ulrich Wuermeling On January 10, 2017, the European Commission proposed a new ePrivacy Regulation (Proposal). Compared to the internal draft that was leaked in December, the official Proposal has been substantially modified. However, the general approach taken by the European Commission has not changed. The Proposal includes provisions with a broad scope of application covering … Continue Reading
By Ulrich Wuermeling An internal Commission draft of a new ePrivacy Regulation (Draft) has been leaked to the public. The Commission plans to propose it in early 2017, but the content of the Draft does not seem near a final proposal. It is either older or still needs some time to be finalized. The Draft … Continue Reading
By Serrin Turner Last week saw action on two fronts regarding the Stored Communications Act (SCA) – the US federal statute regulating government searches of online accounts in criminal investigations. In Congress, a proposal to reform the SCA advanced in the House; and in the courts, Microsoft sued to challenge a provision of the SCA as … Continue Reading
A Stored Communications Act (SCA) search warrant case arising out of a New York federal narcotics trafficking investigation is being closely watched by EU data protection authorities, privacy advocates, multinational internet service providers, and law enforcement, among others, as the parties pursue an expedited appeal to the Second Circuit Court of Appeals. Captioned In re Search … Continue Reading
On July 17th, the Data Retention and Investigatory Powers Act (DRIPA) came into effect in the United Kingdom reinstating the Government’s powers to require communication providers to retain traffic data (also known as metadata) and enabling the Government to serve warrants to intercept communications data on companies outside of the United Kingdom to the extent … Continue Reading
By Kevin Boyle and Alex Stout On Wednesday, the Attorney General of California released a new privacy guide, titled Making Your Privacy Practices Public. The guide doesn’t purport to be a restatement of California law (or other law) and expressly disclaims that, but it does present what the AG’s office views as a best practice … Continue Reading
By Kevin Boyle & Alex Stout Hardly a day passes now without some new report of a security vulnerability with inevitable breaches that follow, but Monday’s news about the two-year old vulnerability in OpenSSL is (or should be) catching everyone’s attention. The problem is a coding error in a widely used cryptographic software library for … Continue Reading
By Kevin Boyle and Aryeh Richmond Here is a reminder that the Federal Trade Commission’s revisions to its Children’s Online Privacy Protection Rule become effective on July 1. If you haven’t already, now is the time to make sure you have revisions to meet the rule in place as FTC and state attorney general inquiries … Continue Reading
By Omar Elsayed Although some surveys of privacy law suggest otherwise, privacy requirements do in fact exist in the Kingdom of Saudi Arabia (KSA)and are very relevant to companies operating there or seeking to provide services to customers in KSA. Background The paramount body of law in KSA is the Sharīʿah. The Sharīʿah is comprised … Continue Reading
By Brian Murray The Federal Communications Commission (“FCC”) is examining privacy and security issues raised by customer information stored on mobile communications devices. In a public notice released on May 25, 2012, the FCC sought comment on the privacy and data-security practices of mobile wireless service providers with respect to such information, as well as … Continue Reading
The UK’s data privacy regulator, the Information Commissioner’s Office (ICO), has recently issued its largest fine to date against a single data controller, for breaches of the Data Protection Act 1998 (the DPA). This latest fine, of £120,000 imposed on Surrey County Council, continues a string of increasing financial penalties imposed by the ICO following the bolstering … Continue Reading
Google has consented to the entry of a proposed Agreement Containing Consent Order with the US Federal Trade Commission, subjecting the company to sweeping government oversight of its privacy disclosure and product development and release practices, nominally arising out of the roll-out of its Buzz product in February 2010. The auditing and reporting requirements are … Continue Reading
A court in the United Kingdom has cast doubt on whether IP addresses can be used to identify infringement of copyright by a specific individual. In this post, we ask whether this case impacts the generally accepted view in Europe that IP addresses should be treated as personal data under applicable data privacy laws. The … Continue Reading
The First Chamber of the German Federal Supreme Court decided on the permissibility of outbound advertising calls on the basis of a so-called “double-opt-in” (judgement dated February 10, 2011 – I ZR 164/09 – Telefonaktion II). The full reasoning of the decision has not been published yet. But the press release already gives important clues … Continue Reading