Global Privacy & Security Compliance Law Blog

Tag Archives: Legislation & Regulation

California Limits Employer Access to Employee/Applicant Social Media

By Linda Inscoe and Joseph Farrell On September 27, 2012, California became the third state to enact legislation protecting employees, job applicants, university students and prospective students against coerced disclosure of usernames, passwords and other information related to personal social media accounts, such as Facebook, MySpace and Twitter accounts, text messages, private email accounts, blogs … Continue Reading

PL&B Annual Conference Review: The Draft EU Regulation, The Need for Proportionality

Do we need to regulate generally accepted, low risk forms of data processing that individuals are now comfortable with as part of daily life (e.g. on-line orders, payroll processing and employment contract administration) to the same standard as types of processing that intrude more clearly on an individual’s privacy (e.g. tracking user preferences, monitoring communications … Continue Reading

Cookie Compliance Check Results Announced by Hong Kong Data Privacy Commissioner

The Office of Hong Kong’s Privacy Commissioner for Personal Data (PCPD) recently announced the results of compliance checks on the collection of “cookies” by local banks in response to earlier media reports and a survey by the Hong Kong Monetary Authority (HKMA). According to media reports from September 2010, some local banks in Hong Kong … Continue Reading

Compliance and Enforcement in the Hospitality Industry Webinar Available

An August 2 webcast on Compliance and Enforcement in the Hospitality Industry  looked at the FTC proceedings in the Wyndham Hotels matter and identified some key takeaways, while considering how similar issues might play out in the European Union. (For those unable to follow the live webcast, the full presentation is now available online.) Some … Continue Reading

FCC Examining Privacy, Security Issues Raised by Stored Customer Information on Mobile Devices

By Brian Murray The Federal Communications Commission (“FCC”) is examining privacy and security issues raised by customer information stored on mobile communications devices. In a public notice released on May 25, 2012, the FCC sought comment on the privacy and data-security practices of mobile wireless service providers with respect to such information, as well as … Continue Reading

Hong Kong Privacy Commissioner Offers Guidance on Handling of Data Access Requests

By Simon Berry and Daisy Shen Questions often arise about the scope of a data user’s obligations to respond to data subject access requests.  Hong Kong’s Privacy Commissioner for Personal Data offers some guidance in a recently issued Guidance Note (Guidance on Proper Handling of Data Access Request and Charging of Data Access Request Fee … Continue Reading

Chinese Regulator Proposes New Rules Prohibiting Unauthorized Use of Personal Data by Internet Content Providers, Mobile Device Manufacturers

By Lijie Han China’s internet and telecoms industry regulator, the Ministry of Industry and Information Technology (MIIT), recently released two draft regulations for public comment, namely, the amended Measures on the Administration of Internet Information Services (IIS Measures) and the Notice Regarding Strengthening the Administration of Network Access for Smart Mobile Devices (Smart Mobile Notice). … Continue Reading

PL&B Annual Conference, Day 2: The Patriot Act, Distinguishing Fact from Fiction?

By Gail Crawford and Amy Taylor It seems somewhat fitting to blog about the USA Patriot Act on this Fourth of July. On the second day of the annual Privacy Laws & Business conference in Cambridge, Peter McLaughlin, senior counsel at Foley & Lardner, took to the floor with the aim of “distinguishing fact and fiction about the scope of the law and … Continue Reading

PL&B Annual Conference, Day 1: Privacy Challenges of New Technologies

By Gail Crawford and Amy Taylor Privacy professionals from more than 20 countries are gathered in Cambridge, England, to discuss privacy challenges in today’s world at the 25th annual Privacy Laws & Business conference. Professor Michael Birnhack, Professor of Law at Tel Aviv University and Visiting Associate Fellow at the Institute of Advanced Legal Studies, … Continue Reading

CNIL Offers Guidance on Aligning Cloud Services with Data Protection Requirements

The French Data Protection Authority (CNIL) has issued a working document setting out its recommendations to companies contemplating the use of cloud computing services. This is in part the result of a public consultation carried out by the CNIL from October to December 2011. The guidance includes a checklist applicable to both private and public … Continue Reading

UK Cookie Rules: Are You Compliant?

By Gail Crawford, Amy Taylor, and Ben Wright The UK Information Commissioner’s Office (ICO) 12-month grace period for enforcing compliance with the new cookie consent rules has now expired. If you are not yet compliant, you need to take action. Over the course of the 12-month grace period, we have seen guidance released from, amongst others, … Continue Reading

European Commission Adopts Privacy Reform Package

The European Commission adopted a proposal to reform European privacy law on 25 January 2012. According to the Commission the reform will “strengthen online privacy rights and boost Europe’s digital economy.” Time will tell whether the former is compatible with the latter. The proposal now moves to the European Parliament and to the Council representing … Continue Reading

Compromise on Draft European Data Protection Regulation in Reach

The Directorate General for Justice of the European Commission has in recent weeks worked to overcome criticism from other Directorates on its draft proposal to reform Europe’s privacy law. It now appears possible that the proposal for the reform is back on track for adoption at the Commissioner’s Meeting scheduled for 25 January 2012. From … Continue Reading

European Commission Reconsiders Approach to European Privacy Reform

Viviane Reding, the European Commission Vice President in charge of the reform of the European privacy law, has received negative opinions from a handful of Directorates-General in the European Commission on an internal draft of the General Data Protection Regulation. As a consequence, the draft will not be ready for the official publication that was … Continue Reading

First Draft of European Privacy Reform Leaked to the Public

A recent draft of the new European Data Protection Framework has leaked from the European Commission. It is still subject to internal discussions between the different Commissioners and Directorates-General, but is likely to be reasonably close to the official Commission draft expected to be published by the end of January 2012. According to the draft … Continue Reading

European Court of Justice Enforces Strict Harmonization

The European Court of Justice (ECJ) is challenging national legislators in the European Union who introduced privacy laws stricter than those provided for by the European Data Protection Directive (95/46/EC). In a decision issued on November 24, 2011, the ECJ declared a provision in the Spanish Organic Law 15/1999 invalid because it imposes additional requirements for … Continue Reading

SEC Guidance on Cybersecurity Disclosures

By Kevin Boyle and Kee-Min Ngiam The SEC’s Staff of the Division of Corporation Finance recently issued guidance to help clarify public reporting companies’ disclosure obligations in the area of cybersecurity risks and cyber incidents. The guidance, which does not change existing disclosure obligations for public companies, should help company officers responsible for security, privacy, … Continue Reading

New EU Privacy Rules Will Apply to All Online Businesses with EU Customers

European Union Justice Commissioner Viviane Reding has confirmed that we can expect to see a draft of the eagerly awaited new Data Privacy Directive in January. The new rules are likely to significantly strengthen the rights of individuals. According to a press release issued jointly last week by Reding and Germany’s Federal Minister for Consumer Protection, Isle … Continue Reading

Update on India’s New Data Privacy Rules

Our 27 June post on the new Indian data privacy regime discussed the key provision of the Information Technology (Amendment) Act 2008 and its implementing regulations, the new Rules.  It also considered some of the questions left unanswered by the Rules.  What categories of personal data do the Rules apply to?  How is the required … Continue Reading

After the Deadline: A Status Review of the Implementation of the New European Cookies Rules

Our May 26, 2011 blog post on the new European cookies rules introduced by the revised E-Privacy Directive marked the deadline for EEA Member States to implement the Directive into national law.  As of late August, only the UK, Denmark, Estonia, Finland, Ireland, Malta and Sweden have introduced laws fully implementing the amendments contained in … Continue Reading

The German Implementation of the New European Cookies Rules

On August 3, 2011, the German Parliament received a new Bill from the Federal Council of German States (Bundesrat) proposing a revision of the German Telemedia Act (Telemediengesetz).  As part of the revision, the Bill proposes to transform the cookie consent requirement of the revised European E-Privacy Directive. While it is doubtful that the Federal … Continue Reading