Global Privacy & Security Compliance Law Blog

Tag Archives: Privacy Regulators

Proposed amendments to draft EU Data Privacy Regulation imposes major constraints on processing and export of Personal Data

Recently Jan Philipp Albrecht, rapporteur for the Civil Liberties, Justice and Home Affairs (LIBE) Committee, the lead committee considering the proposed draft General Data Protection Regulation, published the committee’s suggested amendments to the original draft regulation.  The reports runs to over 200 pages and contains over 350 separate amendments. Since the original draft regulation was … Continue Reading

Hong Kong Personal Data (Privacy) (Amendment) Ordinance Now in Effect

By Simon Berry and Daisy Shen The Personal Data (Privacy) (Amendment) Ordinance (Amendment Ordinance) came into operation on 1 October 2012, with the exception of those provisions relating to direct marketing and legal assistance which will take effect on a further date to be announced. The Amendment Ordinance introduces various amendments to the Personal Data … Continue Reading

California Limits Employer Access to Employee/Applicant Social Media

By Linda Inscoe and Joseph Farrell On September 27, 2012, California became the third state to enact legislation protecting employees, job applicants, university students and prospective students against coerced disclosure of usernames, passwords and other information related to personal social media accounts, such as Facebook, MySpace and Twitter accounts, text messages, private email accounts, blogs … Continue Reading

PL&B Annual Conference Review: The Draft EU Regulation, The Need for Proportionality

Do we need to regulate generally accepted, low risk forms of data processing that individuals are now comfortable with as part of daily life (e.g. on-line orders, payroll processing and employment contract administration) to the same standard as types of processing that intrude more clearly on an individual’s privacy (e.g. tracking user preferences, monitoring communications … Continue Reading

Insight into the ICO: 2011-12 Annual Report Overview

With data breaches and the new cookies rules never far from the press or industry agendas, and with a new European framework on the horizon, the past year has been a busy one for the Information Commissioner’s Office (ICO). Its Annual Report for 2011/12, along with a companion webcast, reflect this changing privacy landscape. Both offer … Continue Reading

FCC Examining Privacy, Security Issues Raised by Stored Customer Information on Mobile Devices

By Brian Murray The Federal Communications Commission (“FCC”) is examining privacy and security issues raised by customer information stored on mobile communications devices. In a public notice released on May 25, 2012, the FCC sought comment on the privacy and data-security practices of mobile wireless service providers with respect to such information, as well as … Continue Reading

California AG’s Office Establishes Privacy Enforcement Unit

By Jennifer Archie, Kevin Boyle and Ghaith Mahmood As the home of the largest online and mobile businesses and platforms, and no doubt seeking to maintain the  reputation of her state as one of those leading the nation in enactment and enforcement of privacy laws and regulations, California Attorney General Kamala D. Harris on Thursday announced the formation … Continue Reading

Chinese Regulator Proposes New Rules Prohibiting Unauthorized Use of Personal Data by Internet Content Providers, Mobile Device Manufacturers

By Lijie Han China’s internet and telecoms industry regulator, the Ministry of Industry and Information Technology (MIIT), recently released two draft regulations for public comment, namely, the amended Measures on the Administration of Internet Information Services (IIS Measures) and the Notice Regarding Strengthening the Administration of Network Access for Smart Mobile Devices (Smart Mobile Notice). … Continue Reading

PL&B Annual Conference, Day 1: Privacy Challenges of New Technologies

By Gail Crawford and Amy Taylor Privacy professionals from more than 20 countries are gathered in Cambridge, England, to discuss privacy challenges in today’s world at the 25th annual Privacy Laws & Business conference. Professor Michael Birnhack, Professor of Law at Tel Aviv University and Visiting Associate Fellow at the Institute of Advanced Legal Studies, … Continue Reading

CNIL Offers Guidance on Aligning Cloud Services with Data Protection Requirements

The French Data Protection Authority (CNIL) has issued a working document setting out its recommendations to companies contemplating the use of cloud computing services. This is in part the result of a public consultation carried out by the CNIL from October to December 2011. The guidance includes a checklist applicable to both private and public … Continue Reading

UK Cookie Rules: Are You Compliant?

By Gail Crawford, Amy Taylor, and Ben Wright The UK Information Commissioner’s Office (ICO) 12-month grace period for enforcing compliance with the new cookie consent rules has now expired. If you are not yet compliant, you need to take action. Over the course of the 12-month grace period, we have seen guidance released from, amongst others, … Continue Reading

NTIA Announces First Privacy Multistakeholder Meeting Pursuant to Obama Administration Privacy Blueprint

Focus on Mobile App Transparency Pursuant to the Obama Administration’s blueprint for consumer privacy released in February (and in accord with a request for comments published in March), the National Telecommunications and Information Administration (NTIA) has issued a notice setting July 12, 2012, as the date for the first meeting in its privacy multistakeholder process. Mobile app … Continue Reading

European Commission Adopts Privacy Reform Package

The European Commission adopted a proposal to reform European privacy law on 25 January 2012. According to the Commission the reform will “strengthen online privacy rights and boost Europe’s digital economy.” Time will tell whether the former is compatible with the latter. The proposal now moves to the European Parliament and to the Council representing … Continue Reading

Compromise on Draft European Data Protection Regulation in Reach

The Directorate General for Justice of the European Commission has in recent weeks worked to overcome criticism from other Directorates on its draft proposal to reform Europe’s privacy law. It now appears possible that the proposal for the reform is back on track for adoption at the Commissioner’s Meeting scheduled for 25 January 2012. From … Continue Reading

European Commission Reconsiders Approach to European Privacy Reform

Viviane Reding, the European Commission Vice President in charge of the reform of the European privacy law, has received negative opinions from a handful of Directorates-General in the European Commission on an internal draft of the General Data Protection Regulation. As a consequence, the draft will not be ready for the official publication that was … Continue Reading

First Draft of European Privacy Reform Leaked to the Public

A recent draft of the new European Data Protection Framework has leaked from the European Commission. It is still subject to internal discussions between the different Commissioners and Directorates-General, but is likely to be reasonably close to the official Commission draft expected to be published by the end of January 2012. According to the draft … Continue Reading

Unfair Software Design: Lessons from the FTC’s Proposed Frostwire Consent Judgment

A recent proposed FTC consent judgment sends a warning to avoid default program settings that compromise privacy when setup routines create the impression they do not. The FTC’s underlying complaint against Frostwire LLC, developer of P2P file-sharing applications, alleged that the firm’s software for the Android platform “was likely to cause a significant number of … Continue Reading

Update on India’s New Data Privacy Rules

Our 27 June post on the new Indian data privacy regime discussed the key provision of the Information Technology (Amendment) Act 2008 and its implementing regulations, the new Rules.  It also considered some of the questions left unanswered by the Rules.  What categories of personal data do the Rules apply to?  How is the required … Continue Reading

After the Deadline: A Status Review of the Implementation of the New European Cookies Rules

Our May 26, 2011 blog post on the new European cookies rules introduced by the revised E-Privacy Directive marked the deadline for EEA Member States to implement the Directive into national law.  As of late August, only the UK, Denmark, Estonia, Finland, Ireland, Malta and Sweden have introduced laws fully implementing the amendments contained in … Continue Reading

The German Implementation of the New European Cookies Rules

On August 3, 2011, the German Parliament received a new Bill from the Federal Council of German States (Bundesrat) proposing a revision of the German Telemedia Act (Telemediengesetz).  As part of the revision, the Bill proposes to transform the cookie consent requirement of the revised European E-Privacy Directive. While it is doubtful that the Federal … Continue Reading

Swiss Courts Raise the Bar for Data Processing Justification

A series of recent rulings by the Swiss Courts have raised the bar for data processing justification under Swiss law.  Whilst Switzerland is not part of the European Economic Area, and is therefore not subject to the European Data Protection Directive, its data privacy rules contain a number of similar, or at least recognisable, principles.  … Continue Reading

ICO Issues Further Guidance on its Monetary Penalties Powers

The UK’s data privacy regulator, the Information Commissioner’s Office (ICO) has recently issued further statutory guidance on its powers to impose monetary penalties.  This guidance builds on an earlier statutory guidance note issued by the ICO back in January 2010, by providing greater clarification on the key factors in the ICO decision process when imposing … Continue Reading

India’s Comprehensive New Data Rules

Kevin Boyle and Amy Taylor contributed to this post. Vast amounts of global personal data flow through India, including as a result of its major outsourced services industry.  For that reason, India’s recently adopted data privacy regulations, which implement the Information Technology (Amendment) Act 2008, have the potential for a profound impact on global businesses … Continue Reading