By Gail Crawford, Ulrich Wuermeling and Jennifer Archie The so called Article 29 Working Party met on October 15, 2015 to discuss the consequences of the Schrems Judgment of the European Court of Justice (ECJ). On October 16, 2015, the Working Party published a Statement summarizing their initial conclusions. The Working Party includes representatives of … Continue Reading
By Jennifer Archie, Gail Crawford and Ulrich Wuermeling On October 6, the European Court of Justice ruled that Decision 2000/520 of the European Commission, which stated that Safe Harbor-certified US companies provide adequate protection for personal data transferred to them from the EU (the Safe Harbor Adequacy Decision), is invalid (Case C-362/14 – Maximillian Schrems … Continue Reading
On July 10, the Federal Communications Commission (“FCC”) released the text of a Declaratory Ruling and Order, initially adopted on June 18, that provides various clarifications regarding the Telephone Consumer Protection Act of 1991 (“TCPA”) and the FCC’s existing rules. The proceeding that led to the Order attracted widespread attention and was the result of nearly … Continue Reading
By Alexander Stout and Matthew T. Murchison on Posted in Privacy
June is proving to be a very active month for the US Federal Communications Commission (FCC) in construing the Telephone Consumer Protection Act, including what sorts of consumer interactions are sufficient to meet the requirements for consent to receive marketing or other messages. This post reports on an extraordinary warning letter issued to PayPal, criticizing … Continue Reading
The recent showdown over renewal of certain provisions of the USA Patriot Act (often called simply the Patriot Act) and the subsequent enactment of the USA Freedom Act have raised a number of questions about the ongoing impact of these laws on data traversing or being stored in the United States. While the new law … Continue Reading
On Wednesday, April 8, the Federal Communications Commission (FCC) entered a consent decree and levied a $25 million civil penalty against AT&T to settle a data breach that exposed the information of nearly 280,000 customers. This order comes on the heels of other recent FCC enforcement actions for privacy violations, demonstrating an invigorated effort by … Continue Reading
This week the Court of Justice of the European Union (‘CJEU’) heard a case that could destabilise data flows between the US and EU under the EU-US Safe Harbor Decision. In Schrems v Data Protection Commissioner(C-362/14), the same court that last year approved the “right to be forgotten” online heard evidence about the adequacy of … Continue Reading
By Chei-Liang Sin, Luke Grub, Sally Murphy and Latham & Watkins on Posted in Privacy
By Chei-Liang Sin, Luke Grubb & Sally Murphy The Personal Data Protection Commission (the Commission) was established in January 2013 to implement and enforce The Personal Data Protection Act 2012 (PDPA). The PDPA fully came into force on 2 July 2014. So far, the Commission has mainly used its investigation and enforcement powers to take … Continue Reading
The State of California, long the most proactive U.S. state in enacting data privacy laws, has again modified its breach notification and data protection laws. This week, Governor Jerry Brown signed two privacy bills into law: SOPIPA (SB 1177), aimed at regulating the use of student data, and AB 1710, targeting data protection more broadly. … Continue Reading
A Stored Communications Act (SCA) search warrant case arising out of a New York federal narcotics trafficking investigation is being closely watched by EU data protection authorities, privacy advocates, multinational internet service providers, and law enforcement, among others, as the parties pursue an expedited appeal to the Second Circuit Court of Appeals. Captioned In re Search … Continue Reading
The Straits Times reported on 14 August that Singapore’s Personal Data Protection Commission (the “Commission”) is investigating a complaint from a user that Xiaomi has breached the Personal Data Protection Act 2012 (“PDPA”). This is believed to be the first investigation under the main PDPA rules unrelated to the Do Not Call registry which came … Continue Reading
On July 17th, the Data Retention and Investigatory Powers Act (DRIPA) came into effect in the United Kingdom reinstating the Government’s powers to require communication providers to retain traffic data (also known as metadata) and enabling the Government to serve warrants to intercept communications data on companies outside of the United Kingdom to the extent … Continue Reading
By Kevin Boyle and Alex Stout On Wednesday, the Attorney General of California released a new privacy guide, titled Making Your Privacy Practices Public. The guide doesn’t purport to be a restatement of California law (or other law) and expressly disclaims that, but it does present what the AG’s office views as a best practice … Continue Reading
By Larry Cohen and Gail Crawford While the popular press has been full of stories about the European Court of Justice’s (“ECJ”) ruling creating a “right to be forgotten” (ahead of the still pending Data Protection Regulation), we will focus on both the ruling as well as the specific questions referred to the ECJ that … Continue Reading
By Ulrich Wuermeling On March 4, 2014, a policy debate was held in the European Justice and Home Affairs Council concerning the planned General Data Protection Regulation. The debate focused on several issues related to Chapters I through V of the draft Regulation. The main issues were the territorial scope of the Regulation and the … Continue Reading
By Matthew Murchison & Matthew Brill By all accounts, the number of class action lawsuits brought under the Telephone Consumer Protection Act against companies communicating by telephone, text, and fax has exploded in recent years. These lawsuits—which rely on the private right of action at 47 U.S.C. § 227(b)(3) for violations of the statutory prohibitions … Continue Reading
Guest Blogger Jillian Chia from Skrine, Kuala Lumpur, Malaysia & Gail Crawford With the Malaysian Personal Data Protection Act 2013 (“PDPA”) having come into force on 15 November 2013, Jillian Chia, Senior Associate at Skrine, provides an overview of the salient provisions in the Regulations and Orders. She notes that that there is a grace period for … Continue Reading
By Drew Wisniewski & Jennifer Archie Governor Jerry Brown signed California Assembly Bill 370 (“A.B. 370”), an amendment to the California Online Privacy Protection Act (“CalOPPA”), into law on Friday, September 27. As previously reported here, A.B. 370 requires an operator of a Web site or online service that collects “personally identifiable information” to disclose … Continue Reading
By, Jeremy M. Alexander, Natalie E. Brown & Susan A. Ebersole The day all covered entities and business associates have been working toward is here—September 23, 2013, the deadline to comply with the changes in the HIPAA omnibus final rule, published on January 25, 2013. Here is a review of the top three compliance categories … Continue Reading
By Drew Wisniewski and Jennifer Archie On September 3, 2013, California Assembly Bill 370 (“A.B. 370”), an amendment to the California Online Privacy Protection Act (“CalOPPA”), was enrolled and sent to Governor Jerry Brown for his signature. A.B. 370, which was sponsored by Attorney General Kamala Harris, requires an operator of a Web site or … Continue Reading
By Jennifer Archie and Kevin Boyle A California state judge has dismissed a state enforcement action against our client Delta Air Lines arising out of the alleged failure to timely post a privacy policy specific to its Fly Delta App in a manner that was reasonably accessible to smartphone users. In what Law360 characterized as … Continue Reading
By Omar Elsayed Although some surveys of privacy law suggest otherwise, privacy requirements do in fact exist in the Kingdom of Saudi Arabia (KSA)and are very relevant to companies operating there or seeking to provide services to customers in KSA. Background The paramount body of law in KSA is the Sharīʿah. The Sharīʿah is comprised … Continue Reading
By Susan Ambler Ebersole HHS today published the long-awaited HIPAA/HITECH omnibus final rule. A pre-publication version of the Rule was released on January 17. The Rule is effective March 26, 2013, but covered entities and business associates have until September 23, 2013 to comply. While Latham & Watkins is still engaged in a comprehensive review … Continue Reading
