Global Privacy & Security Compliance Law Blog

Tag Archives: Privacy Regulators

European Data Protection Authorities Grant Grace Period Until End of January 2016

By Gail Crawford, Ulrich Wuermeling and Jennifer Archie The so called Article 29 Working Party met on October 15, 2015 to discuss the consequences of the Schrems Judgment of the European Court of Justice (ECJ). On October 16, 2015, the Working Party published a Statement summarizing their initial conclusions. The Working Party includes representatives of … Continue Reading

European Court of Justice: Safe Harbor Decision Is Invalid!

By Jennifer Archie, Gail Crawford and Ulrich Wuermeling On October 6, the European Court of Justice ruled that Decision 2000/520 of the European Commission, which stated that Safe Harbor-certified US companies provide adequate protection for personal data transferred to them from the EU (the Safe Harbor Adequacy Decision), is invalid (Case C-362/14 – Maximillian Schrems … Continue Reading

FCC Releases New Clarifications Regarding the TCPA

On July 10, the Federal Communications Commission (“FCC”) released the text of a Declaratory Ruling and Order, initially adopted on June 18, that provides various clarifications regarding the Telephone Consumer Protection Act of 1991 (“TCPA”) and the FCC’s existing rules. The proceeding that led to the Order attracted widespread attention and was the result of nearly … Continue Reading

FCC Finds Fault in User Agreement and Issues Stern Guidance for Telemarketing Calls

June is proving to be a very active month for the US Federal Communications Commission (FCC) in construing the Telephone Consumer Protection Act, including what sorts of consumer interactions are sufficient to meet the requirements for consent to receive marketing or other messages. This post reports on an extraordinary warning letter issued to PayPal, criticizing … Continue Reading

FCC Imposes Record Penalty for Data Breach

On Wednesday, April 8, the Federal Communications Commission (FCC) entered a consent decree and levied a $25 million civil penalty against AT&T to settle a data breach that exposed the information of nearly 280,000 customers.  This order comes on the heels of other recent FCC enforcement actions for privacy violations, demonstrating an invigorated effort by … Continue Reading

Snowden’s Legacy: Safe Harbor under fire at the CJEU

This week the Court of Justice of the European Union (‘CJEU’) heard a case that could destabilise data flows between the US and EU under the EU-US Safe Harbor Decision. In Schrems v Data Protection Commissioner(C-362/14), the same court that last year approved the “right to be forgotten” online heard evidence about the adequacy of … Continue Reading

California’s Privacy Laws on the Move

The State of California, long the most proactive U.S. state in enacting data privacy laws, has again modified its breach notification and data protection laws.  This week, Governor Jerry Brown signed two privacy bills into law:  SOPIPA (SB 1177), aimed at regulating the use of student data, and AB 1710, targeting data protection more broadly.  … Continue Reading

Microsoft Stands Up in Court for European Privacy Rights?

A Stored Communications Act (SCA) search warrant case arising out of a New York federal  narcotics trafficking investigation is being closely watched by EU data protection authorities, privacy advocates, multinational internet service providers, and law enforcement, among others, as the  parties pursue an expedited appeal to the Second Circuit Court of Appeals. Captioned In re Search … Continue Reading

Emergency UK Legislation Expands Government Powers to Retain and Intercept Data

On July 17th, the Data Retention and Investigatory Powers Act (DRIPA) came into effect in the United Kingdom reinstating the Government’s powers to require communication providers to retain traffic data (also known as metadata) and enabling the Government to serve warrants to intercept communications data on companies outside of the United Kingdom to the extent … Continue Reading

California’s New How-to Guide for Privacy Policies

By Kevin Boyle and Alex Stout On Wednesday, the Attorney General of California released a new privacy guide, titled Making Your Privacy Practices Public.  The guide doesn’t purport to be a restatement of California law (or other law) and expressly disclaims that, but it does present what the AG’s office views as a best practice … Continue Reading

The “Right to be Forgotten” Landmark Decision: Beyond the Headlines

By Larry Cohen and Gail Crawford While the popular press has been full of stories about the European Court of Justice’s (“ECJ”) ruling creating a “right to be forgotten” (ahead of the still pending Data Protection Regulation), we will focus on both the ruling as well as the specific questions referred to the ECJ that … Continue Reading

Walburg v. Nack: Recent Supreme Court Petition in TCPA Case Tees Up Important Constitutional Issues

By Matthew Murchison & Matthew Brill By all accounts, the number of class action lawsuits brought under the Telephone Consumer Protection Act against companies communicating by telephone, text, and fax has exploded in recent years.  These lawsuits—which rely on the private right of action at 47 U.S.C. § 227(b)(3) for violations of the statutory prohibitions … Continue Reading

Malaysian Personal Data Protection Act Comes Into Force

Guest Blogger Jillian Chia from Skrine, Kuala Lumpur, Malaysia & Gail Crawford With the Malaysian Personal Data Protection Act 2013 (“PDPA”) having come into force on 15 November 2013, Jillian Chia, Senior Associate at Skrine, provides an overview of the salient provisions in the Regulations and Orders. She notes that that there is a grace period for … Continue Reading

HIPAA Omnibus Final Rule Compliance Deadline is Today – 3 Things You Need to Know

By, Jeremy M. Alexander, Natalie E. Brown & Susan A. Ebersole The day all covered entities and business associates have been working toward is here—September 23, 2013, the deadline to comply with the changes in the HIPAA omnibus final rule, published on January 25, 2013.  Here is a review of the top three compliance categories … Continue Reading

Regulatory requirements for use of personal data for direct marketing in Hong Kong: An Update

By Simon Berry and Carmen Guo In recent weeks, many Hong Kong businesses have circulated emails to contacts in their customer databases, offering recipients the ability to “opt out” of future direct marketing. This is in response to the introduction of a new Part VI A (effective as of 1 April 2013) into Hong Kong’s … Continue Reading

FTC Issues Staff Report on Mobile Privacy Disclosures

By Jennifer Archie On Friday, Feb. 1, 2013, following the now expected series of public workshops and roundtables and well-timed enforcement actions, the Federal Trade Commission Staff issued a new 36-page staff report, Mobile Privacy Disclosures: Building Trust Through Transparency.  The Report summarizes past actions and guidance, and makes new recommendations for clearly and transparently … Continue Reading

Data Protection in the Kingdom of Saudi Arabia: A Primer

By Omar Elsayed Although some surveys of privacy law suggest otherwise, privacy requirements do in fact exist in the Kingdom of Saudi Arabia (KSA)and are very relevant to companies operating there or seeking to provide services to customers in KSA. Background The paramount body of law in KSA is the Sharīʿah. The Sharīʿah is comprised … Continue Reading

HHS Publishes Omnibus HIPAA/HITECH Final Rule

By Susan Ambler Ebersole HHS today published the long-awaited HIPAA/HITECH omnibus final rule.  A pre-publication version of the Rule was released on January 17.  The Rule is effective March 26, 2013, but covered entities and business associates have until September 23, 2013 to comply.  While Latham & Watkins is still engaged in a comprehensive review … Continue Reading

Proposed amendments to draft EU Data Privacy Regulation imposes major constraints on processing and export of Personal Data

Recently Jan Philipp Albrecht, rapporteur for the Civil Liberties, Justice and Home Affairs (LIBE) Committee, the lead committee considering the proposed draft General Data Protection Regulation, published the committee’s suggested amendments to the original draft regulation.  The reports runs to over 200 pages and contains over 350 separate amendments. Since the original draft regulation was … Continue Reading

Hong Kong Personal Data (Privacy) (Amendment) Ordinance Now in Effect

By Simon Berry and Daisy Shen The Personal Data (Privacy) (Amendment) Ordinance (Amendment Ordinance) came into operation on 1 October 2012, with the exception of those provisions relating to direct marketing and legal assistance which will take effect on a further date to be announced. The Amendment Ordinance introduces various amendments to the Personal Data … Continue Reading
LexBlog