By Linda Inscoe and Joseph Farrell On September 27, 2012, California became the third state to enact legislation protecting employees, job applicants, university students and prospective students against coerced disclosure of usernames, passwords and other information related to personal social media accounts, such as Facebook, MySpace and Twitter accounts, text messages, private email accounts, blogs … Continue Reading
Do we need to regulate generally accepted, low risk forms of data processing that individuals are now comfortable with as part of daily life (e.g. on-line orders, payroll processing and employment contract administration) to the same standard as types of processing that intrude more clearly on an individual’s privacy (e.g. tracking user preferences, monitoring communications … Continue Reading
The Office of Hong Kong’s Privacy Commissioner for Personal Data (PCPD) recently announced the results of compliance checks on the collection of “cookies” by local banks in response to earlier media reports and a survey by the Hong Kong Monetary Authority (HKMA). According to media reports from September 2010, some local banks in Hong Kong … Continue Reading
An August 2 webcast on Compliance and Enforcement in the Hospitality Industry looked at the FTC proceedings in the Wyndham Hotels matter and identified some key takeaways, while considering how similar issues might play out in the European Union. (For those unable to follow the live webcast, the full presentation is now available online.) Some … Continue Reading
On Thursday, the U.S. Senate failed to pass a motion to end debate on the Cybersecurity Act of 2012 by a vote of 52-46. Sponsors were unable to muster the 60 votes required to move forward with the legislation, following heavy lobbying against the bill by the U.S. Chamber of Commerce, the financial industry, and … Continue Reading
By Jennifer Archie and Kevin Boyle The Cybersecurity Act of 2012 (S. 3414) moved one step closer to possible passage on Thursday when the United States Senate voted 84 to 11 to allow an open amendment process when the bill is taken up for floor debate, as early as next week. The bill still faces … Continue Reading
By Brian Murray The Federal Communications Commission (“FCC”) is examining privacy and security issues raised by customer information stored on mobile communications devices. In a public notice released on May 25, 2012, the FCC sought comment on the privacy and data-security practices of mobile wireless service providers with respect to such information, as well as … Continue Reading
By Simon Berry and Daisy Shen Questions often arise about the scope of a data user’s obligations to respond to data subject access requests. Hong Kong’s Privacy Commissioner for Personal Data offers some guidance in a recently issued Guidance Note (Guidance on Proper Handling of Data Access Request and Charging of Data Access Request Fee … Continue Reading
By Lijie Han China’s internet and telecoms industry regulator, the Ministry of Industry and Information Technology (MIIT), recently released two draft regulations for public comment, namely, the amended Measures on the Administration of Internet Information Services (IIS Measures) and the Notice Regarding Strengthening the Administration of Network Access for Smart Mobile Devices (Smart Mobile Notice). … Continue Reading
By Gail Crawford and Amy Taylor It seems somewhat fitting to blog about the USA Patriot Act on this Fourth of July. On the second day of the annual Privacy Laws & Business conference in Cambridge, Peter McLaughlin, senior counsel at Foley & Lardner, took to the floor with the aim of “distinguishing fact and fiction about the scope of the law and … Continue Reading
By Gail Crawford and Amy Taylor Privacy professionals from more than 20 countries are gathered in Cambridge, England, to discuss privacy challenges in today’s world at the 25th annual Privacy Laws & Business conference. Professor Michael Birnhack, Professor of Law at Tel Aviv University and Visiting Associate Fellow at the Institute of Advanced Legal Studies, … Continue Reading
The French Data Protection Authority (CNIL) has issued a working document setting out its recommendations to companies contemplating the use of cloud computing services. This is in part the result of a public consultation carried out by the CNIL from October to December 2011. The guidance includes a checklist applicable to both private and public … Continue Reading
By Gail Crawford, Amy Taylor, and Ben Wright The UK Information Commissioner’s Office (ICO) 12-month grace period for enforcing compliance with the new cookie consent rules has now expired. If you are not yet compliant, you need to take action. Over the course of the 12-month grace period, we have seen guidance released from, amongst others, … Continue Reading
Spokeo Consent Decree Serves as Important Caution to Buyers and Sellers of Social Media Reports on Consumers to Understand and Comply with FCRA By Jennifer Archie, Kevin Boyle and Kelsey McPherson As part of a settlement announced Monday, the FTC sends a reminder that the requirements of the Fair Credit Reporting Act (“FCRA”) apply to … Continue Reading
The European Commission adopted a proposal to reform European privacy law on 25 January 2012. According to the Commission the reform will “strengthen online privacy rights and boost Europe’s digital economy.” Time will tell whether the former is compatible with the latter. The proposal now moves to the European Parliament and to the Council representing … Continue Reading
The Directorate General for Justice of the European Commission has in recent weeks worked to overcome criticism from other Directorates on its draft proposal to reform Europe’s privacy law. It now appears possible that the proposal for the reform is back on track for adoption at the Commissioner’s Meeting scheduled for 25 January 2012. From … Continue Reading
Viviane Reding, the European Commission Vice President in charge of the reform of the European privacy law, has received negative opinions from a handful of Directorates-General in the European Commission on an internal draft of the General Data Protection Regulation. As a consequence, the draft will not be ready for the official publication that was … Continue Reading
A recent draft of the new European Data Protection Framework has leaked from the European Commission. It is still subject to internal discussions between the different Commissioners and Directorates-General, but is likely to be reasonably close to the official Commission draft expected to be published by the end of January 2012. According to the draft … Continue Reading
The European Court of Justice (ECJ) is challenging national legislators in the European Union who introduced privacy laws stricter than those provided for by the European Data Protection Directive (95/46/EC). In a decision issued on November 24, 2011, the ECJ declared a provision in the Spanish Organic Law 15/1999 invalid because it imposes additional requirements for … Continue Reading
By Kevin Boyle and Kee-Min Ngiam The SEC’s Staff of the Division of Corporation Finance recently issued guidance to help clarify public reporting companies’ disclosure obligations in the area of cybersecurity risks and cyber incidents. The guidance, which does not change existing disclosure obligations for public companies, should help company officers responsible for security, privacy, … Continue Reading
European Union Justice Commissioner Viviane Reding has confirmed that we can expect to see a draft of the eagerly awaited new Data Privacy Directive in January. The new rules are likely to significantly strengthen the rights of individuals. According to a press release issued jointly last week by Reding and Germany’s Federal Minister for Consumer Protection, Isle … Continue Reading
Our 27 June post on the new Indian data privacy regime discussed the key provision of the Information Technology (Amendment) Act 2008 and its implementing regulations, the new Rules. It also considered some of the questions left unanswered by the Rules. What categories of personal data do the Rules apply to? How is the required … Continue Reading
Our May 26, 2011 blog post on the new European cookies rules introduced by the revised E-Privacy Directive marked the deadline for EEA Member States to implement the Directive into national law. As of late August, only the UK, Denmark, Estonia, Finland, Ireland, Malta and Sweden have introduced laws fully implementing the amendments contained in … Continue Reading
On August 3, 2011, the German Parliament received a new Bill from the Federal Council of German States (Bundesrat) proposing a revision of the German Telemedia Act (Telemediengesetz). As part of the revision, the Bill proposes to transform the cookie consent requirement of the revised European E-Privacy Directive. While it is doubtful that the Federal … Continue Reading