Archives: Privacy & Data Protection

Subscribe to Privacy & Data Protection RSS Feed

Public comment for private matters: NTIA receives over 200 comments on proposed approach to protecting consumer privacy informed by GDPR, CCPA & more

By Samuel F. Cullari and Jim Barbuto on 28 November 2018 Posted in Privacy & Data Protection, Regulatory

On November 13, 2018, the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA) released comments it received from over 200 government, non-profit, academic, and private sector organizations on developing the Administration’s approach to consumer privacy.[1] Since September, the NTIA has sought public comments to specifically address a number of questions that focused on … Continue Reading

Regulatory framework for free flow of non-personal data formally adopted by European Parliament and the Council of the European Union

By Cynthia O’Donoghue and Nona Keyhani on 26 November 2018 Posted in Privacy & Data Protection

In September 2017, we published a blog that outlined the Commission’s proposal for a framework on this subject (you can view our blog here). In June 2018, we further reported that the European Parliament, Council of the European Union and the European Commission had reached a political agreement on the rules for the free flow … Continue Reading

Update on Facebook fan pages: What should organisations do after the release of Facebook’s co-controller agreement?

By Dr. Andreas Splittgerber, Sven Schonhofen and Dr. Thomas Fischl on 19 November 2018 Posted in Cookies, Tracking & Online Behavioral Advertising, In the Courts, Privacy & Data Protection, Social, Mobile, Analytics & Cloud (SMAC)

After another statement by the German Data Protection Authorities (German DPAs) of 5 September 2018 (Statement, available in English here), stating that the operation of a fan page as offered by Facebook was illegal, Facebook reacted “overnight” and released a co-controller agreement, the “Page Insights Controller Addendum” (Insights Addendum, available here). In a press release … Continue Reading

Guiding principles for AI development

By Cynthia O’Donoghue and Curtis McCluskey on 18 November 2018 Posted in Privacy & Data Protection

A meeting of data protection authorities from around the world has highlighted the development of artificial intelligence and machine learning technologies (AI) as a global phenomenon with the potential to affect all of humanity. A coordinated international effort was called for to develop common governance principles on the development and use of AI in accordance … Continue Reading

Get your update on IT & Data Protection Law in our Newsletter (Fall 2018 edition)

By Dr. Andreas Splittgerber and Sven Schonhofen on 15 November 2018 Posted in Global Data Transfers, In the Courts, Intellectual Property, Privacy & Data Protection, Social, Mobile, Analytics & Cloud (SMAC)

The Fall 2018 edition of the quarterly IT & Data Protection Newsletter by Reed Smith Germany has just been released. We provide updates on Facebook fan pages, the right to be forgotten, cease and desists by competitors under GDPR, spamming and customer satisfaction surveys, the German Network Enforcement Act, and more. The newsletter also includes … Continue Reading

EU and U.S. second annual review of Privacy Shield

By Cynthia O’Donoghue and Kelley Chittenden on 14 November 2018 Posted in Privacy & Data Protection

The European Union and the United States have now conducted the second annual review of Privacy Shield, a framework which regulates and facilitates the exchange of personal data across the Atlantic. The European Commission will publish its conclusions in a report at the end of this month. The EU-U.S. Privacy Shield mechanism EU organisations that … Continue Reading

European Parliament favours innovation-friendly blockchain regulation

By Cynthia O’Donoghue and Alexander Mackay on 8 November 2018 Posted in Privacy & Data Protection

The European Parliament has published a non-binding resolution on distributed ledger technologies and blockchains (blockchain technologies). What is distributed ledger technology? Best known as the technology behind bitcoin and other crypto-currencies, distributed ledger technology is, in its simplest form, a ledger of digital information maintained in decentralised form across a large network of computers. The … Continue Reading

Singapore to adopt new legislation on unsolicited commercial messages, and enhanced practical guidance framework for data protection

By Charmian Aw on 8 November 2018 Posted in Privacy & Data Protection

On 8 November, 2018, Singapore’s Personal Data Protection Commission (PDPC) issued its response to feedback received on a public consultation paper. In that consultation paper, the PDPC had proposed to: merge the Do Not Call provisions in the Personal Data Protection Act 2012 of Singapore (PDPA) and Spam Control Act into a single legislation to … Continue Reading

UK government releases IoT security code of practice

By Cynthia O’Donoghue on 31 October 2018 Posted in Privacy & Data Protection

The UK government has launched a Code of Practice (CoP) for the Internet of Things (IoT) security. This is aimed at improving baseline security and ensuring that devices that process personal data are General Data Protection Regulation (GDPR) compliant, as well as advancing an industry-wide ‘security by design’ approach. The CoP provides outcome-focused practical steps … Continue Reading

UK government launches Smart Data Review

By Cynthia O’Donoghue and Eleanor Brooks on 29 October 2018 Posted in Privacy & Data Protection

The UK government launched its Smart Data Review on 28 September 2018 (Review). The Review will look at how technology, such as online comparison tools and open banking, can be used to make it easier for consumers to get good deals on essential services and put an end to consumers paying unjustifiable ‘loyalty penalties’ for … Continue Reading

California pursues IoT data security regulations with new legislation

By Gerard Stegmaier, Wendell Bartnick and David Krone on 25 October 2018 Posted in Privacy & Data Protection

California enacted Internet of Things (IoT) legislation intended to help protect consumer privacy and safety from potential hacking of connected devices. Under the state legislation that may apply to any connected devices sold in California, manufacturers of connected devices are required to equip the devices with security options suitable to the nature of the device … Continue Reading

Singapore data protection commission fines carpooling service and LAN gaming centre

By Charmian Aw on 5 October 2018 Posted in Privacy & Data Protection, Regulatory

Two businesses have been fined a total of S$13,000 for breaching Singapore’s data protection law. GrabCar Facts The first decision involved a carpooling service operated by GrabCar through an app. Twenty drivers had their accounts suspended for flouting usage rules for the platform. They were allowed to submit an appeal, by filling a Google form … Continue Reading

ICO publishes Technology Strategy for 2018–2021

By Cynthia O’Donoghue and Eleanor Brooks on 5 October 2018 Posted in Privacy & Data Protection

The Information Commissioner’s Office (ICO) has published its Technology Strategy for 2018 to 2021. The Strategy, part of the ICO’s focus on adapting to rapidly developing technologies, outlines eight “technology goals” and the measures that will be implemented to achieve them. Technology goals Broadly, these goals include increased technology training for the ICO’s staff and … Continue Reading

Singapore’s Personal Data Protection Act provides guidelines for handling national identification

By Charmian Aw on 4 October 2018 Posted in Privacy & Data Protection

Beginning on September 1, 2019, all Singapore private sector organizations will be banned from collecting, using or releasing all national identity cards, copies or their numbers unless required under law or deemed necessary to verify an individual’s identity. If organizations violate the rules under the Singapore Personal Data Protection Act 2012 (PDPA), they could face … Continue Reading

FTC continues aggressive enforcement of Privacy Shield

By Cynthia O’Donoghue, Gerard Stegmaier and Kelley Chittenden on 28 September 2018 Posted in Global Data Transfers, Privacy & Data Protection

On Thursday, September 27, the Federal Trade Commission (FTC) announced settlements with four companies, IDmission, LLC, mResource LLC (doing business as Loop Works, LLC), SmartStart Employment Screening, Inc., and VenPath, Inc., following allegations that the companies falsely claimed to be certified under the EU-U.S. Privacy Shield. Specifically, the FTC alleged that IDmission, LLC misrepresented participation … Continue Reading

An interview with North Carolina AG Josh Stein

By Divonne Smoyer and Kimberly Chow on 27 September 2018 Posted in Privacy & Data Protection, Regulatory

Check out this month’s edition of The Privacy Advisor, a publication of the International Association of Privacy Professionals (IAPP), for Divonne Smoyer and Kimberly Chow’s Q&A with North Carolina Attorney General (AG) Josh Stein. Throughout his tenure as AG, Stein has shown a clear commitment to data privacy and security through his advocacy for strong … Continue Reading

The impact of a no-deal Brexit on data protection

By Cynthia O’Donoghue and Karen Lee Lust on 27 September 2018 Posted in Privacy & Data Protection

The government has published guidance for UK organisations on transfers of personal data in the event of a so-called no-deal Brexit. In particular, the guidance sets out actions for UK organisations to take to enable the continued flow of personal data between the UK and the European Union (EU) in such an event. While emphasising … Continue Reading