Recently Jan Philipp Albrecht, rapporteur for the Civil Liberties, Justice and Home Affairs (LIBE) Committee, the lead committee considering the proposed draft General Data Protection Regulation, published the committee’s suggested amendments to the original draft regulation. The reports runs to over 200 pages and contains over 350 separate amendments. Since the original draft regulation was … Continue Reading
By Simon Berry and Daisy Shen The Personal Data (Privacy) (Amendment) Ordinance (Amendment Ordinance) came into operation on 1 October 2012, with the exception of those provisions relating to direct marketing and legal assistance which will take effect on a further date to be announced. The Amendment Ordinance introduces various amendments to the Personal Data … Continue Reading
By Linda Inscoe and Joseph Farrell On September 27, 2012, California became the third state to enact legislation protecting employees, job applicants, university students and prospective students against coerced disclosure of usernames, passwords and other information related to personal social media accounts, such as Facebook, MySpace and Twitter accounts, text messages, private email accounts, blogs … Continue Reading
Do we need to regulate generally accepted, low risk forms of data processing that individuals are now comfortable with as part of daily life (e.g. on-line orders, payroll processing and employment contract administration) to the same standard as types of processing that intrude more clearly on an individual’s privacy (e.g. tracking user preferences, monitoring communications … Continue Reading
With data breaches and the new cookies rules never far from the press or industry agendas, and with a new European framework on the horizon, the past year has been a busy one for the Information Commissioner’s Office (ICO). Its Annual Report for 2011/12, along with a companion webcast, reflect this changing privacy landscape. Both offer … Continue Reading
By Brian Murray The Federal Communications Commission (“FCC”) is examining privacy and security issues raised by customer information stored on mobile communications devices. In a public notice released on May 25, 2012, the FCC sought comment on the privacy and data-security practices of mobile wireless service providers with respect to such information, as well as … Continue Reading
By Jennifer Archie, Kevin Boyle and Ghaith Mahmood As the home of the largest online and mobile businesses and platforms, and no doubt seeking to maintain the reputation of her state as one of those leading the nation in enactment and enforcement of privacy laws and regulations, California Attorney General Kamala D. Harris on Thursday announced the formation … Continue Reading
By Lijie Han China’s internet and telecoms industry regulator, the Ministry of Industry and Information Technology (MIIT), recently released two draft regulations for public comment, namely, the amended Measures on the Administration of Internet Information Services (IIS Measures) and the Notice Regarding Strengthening the Administration of Network Access for Smart Mobile Devices (Smart Mobile Notice). … Continue Reading
By Gail Crawford and Amy Taylor Privacy professionals from more than 20 countries are gathered in Cambridge, England, to discuss privacy challenges in today’s world at the 25th annual Privacy Laws & Business conference. Professor Michael Birnhack, Professor of Law at Tel Aviv University and Visiting Associate Fellow at the Institute of Advanced Legal Studies, … Continue Reading
The French Data Protection Authority (CNIL) has issued a working document setting out its recommendations to companies contemplating the use of cloud computing services. This is in part the result of a public consultation carried out by the CNIL from October to December 2011. The guidance includes a checklist applicable to both private and public … Continue Reading
By Gail Crawford, Amy Taylor, and Ben Wright The UK Information Commissioner’s Office (ICO) 12-month grace period for enforcing compliance with the new cookie consent rules has now expired. If you are not yet compliant, you need to take action. Over the course of the 12-month grace period, we have seen guidance released from, amongst others, … Continue Reading
Focus on Mobile App Transparency Pursuant to the Obama Administration’s blueprint for consumer privacy released in February (and in accord with a request for comments published in March), the National Telecommunications and Information Administration (NTIA) has issued a notice setting July 12, 2012, as the date for the first meeting in its privacy multistakeholder process. Mobile app … Continue Reading
Spokeo Consent Decree Serves as Important Caution to Buyers and Sellers of Social Media Reports on Consumers to Understand and Comply with FCRA By Jennifer Archie, Kevin Boyle and Kelsey McPherson As part of a settlement announced Monday, the FTC sends a reminder that the requirements of the Fair Credit Reporting Act (“FCRA”) apply to … Continue Reading
The European Commission adopted a proposal to reform European privacy law on 25 January 2012. According to the Commission the reform will “strengthen online privacy rights and boost Europe’s digital economy.” Time will tell whether the former is compatible with the latter. The proposal now moves to the European Parliament and to the Council representing … Continue Reading
The Directorate General for Justice of the European Commission has in recent weeks worked to overcome criticism from other Directorates on its draft proposal to reform Europe’s privacy law. It now appears possible that the proposal for the reform is back on track for adoption at the Commissioner’s Meeting scheduled for 25 January 2012. From … Continue Reading
Viviane Reding, the European Commission Vice President in charge of the reform of the European privacy law, has received negative opinions from a handful of Directorates-General in the European Commission on an internal draft of the General Data Protection Regulation. As a consequence, the draft will not be ready for the official publication that was … Continue Reading
A recent draft of the new European Data Protection Framework has leaked from the European Commission. It is still subject to internal discussions between the different Commissioners and Directorates-General, but is likely to be reasonably close to the official Commission draft expected to be published by the end of January 2012. According to the draft … Continue Reading
A recent proposed FTC consent judgment sends a warning to avoid default program settings that compromise privacy when setup routines create the impression they do not. The FTC’s underlying complaint against Frostwire LLC, developer of P2P file-sharing applications, alleged that the firm’s software for the Android platform “was likely to cause a significant number of … Continue Reading
Our 27 June post on the new Indian data privacy regime discussed the key provision of the Information Technology (Amendment) Act 2008 and its implementing regulations, the new Rules. It also considered some of the questions left unanswered by the Rules. What categories of personal data do the Rules apply to? How is the required … Continue Reading
Our May 26, 2011 blog post on the new European cookies rules introduced by the revised E-Privacy Directive marked the deadline for EEA Member States to implement the Directive into national law. As of late August, only the UK, Denmark, Estonia, Finland, Ireland, Malta and Sweden have introduced laws fully implementing the amendments contained in … Continue Reading
On August 3, 2011, the German Parliament received a new Bill from the Federal Council of German States (Bundesrat) proposing a revision of the German Telemedia Act (Telemediengesetz). As part of the revision, the Bill proposes to transform the cookie consent requirement of the revised European E-Privacy Directive. While it is doubtful that the Federal … Continue Reading
A series of recent rulings by the Swiss Courts have raised the bar for data processing justification under Swiss law. Whilst Switzerland is not part of the European Economic Area, and is therefore not subject to the European Data Protection Directive, its data privacy rules contain a number of similar, or at least recognisable, principles. … Continue Reading
The UK’s data privacy regulator, the Information Commissioner’s Office (ICO) has recently issued further statutory guidance on its powers to impose monetary penalties. This guidance builds on an earlier statutory guidance note issued by the ICO back in January 2010, by providing greater clarification on the key factors in the ICO decision process when imposing … Continue Reading
Kevin Boyle and Amy Taylor contributed to this post. Vast amounts of global personal data flow through India, including as a result of its major outsourced services industry. For that reason, India’s recently adopted data privacy regulations, which implement the Information Technology (Amendment) Act 2008, have the potential for a profound impact on global businesses … Continue Reading