The European Data Protection Supervisor (“EDPS”) issued an Opinion on coherent enforcement of fundamental rights in the age of big data”. This is an update to the EDPS’ Preliminary Opinion in 2014 on “Privacy and competitiveness in the age of big data”. The Preliminary Opinion observed a tendency for EU rules of data protection, consumer protection, and antitrust enforcement and merger control to be applied in “silos”. The new Opinion develops the notion and suggests that the Digital Single Market Strategy provides an opportunity for a “coherent approach”, and makes recommendations to support this.

New data-driven technologies and services are important for economic growth, which have become reliant on the “covert tracking” of individuals who are likely unaware of the tracking. There is the danger that larger companies may be able to block smaller companies from entering the market. This might also have the knock-on effect of creating an imbalance between the providers and consumers which may ultimately impact on choice, innovation and the protection of their personal data.

When considering the rights and freedoms set out in the Charter of Fundamental Rights of the EU – including the right to privacy, the protection of personal data and freedom of expression – it has been recognised that these rights are “threatened by normative behaviour and standards that now prevail in cyberspace.” So the latest Opinion encourages regulators to engage in dialogue and share lessons learned to work collaboratively and uphold the interests of individuals and society in the ever-growing digital environment.
Continue Reading In the age of Big Data, the EDPS issues an Opinion on enforcement and upholding fundamental rights

The Federal Trade Commission is currently the most aggressive enforcement agency on privacy and data security. The agency kicked off 2016 with PrivacyCon on January 14, which put the spotlight on academic research on consumer privacy and security.

The conference, which drew 400 attendees to Southwest D.C. and 1,500 more streaming online, showcased 19 papers on topics ranging from mismatched consumer privacy expectations online to the costs and causes of cyber incidents, with many papers focusing on the technology of online tracking. While the papers presented do not necessarily reflect the view of the FTC, it is likely that they selected presenters and findings that are consistent with their enforcement priorities.
Continue Reading FTC’s PrivacyCon Highlights Consumer Privacy Perceptions and Targeting

The FTC unveiled a lengthy report, Big Data: A Tool for Inclusion or Exclusion? Understanding the Issues, warning companies about commercial uses of big data and the discriminatory impact it may have on low-income and underserved populations. “Big data” refers to the ubiquitous collection of massive amounts of consumer information by companies, which may be analyzed to reveal certain consumer patterns, trends, and associations.

While the term may conjure up an ominous feeling for some, big data has brought numerous advantages to society by efficiently and effectively matching products and services to consumers of all demographics. However, the FTC’s report warns that potential inaccuracies and biases might lead to detrimental effects on low-income and underserved populations, such as the misuse of personal information, reinforcing existing biases and disparities against certain populations, perpetuating fraud against vulnerable consumers, and weakening the overall effectiveness of consumer choice. While companies can design efficient big data algorithms that learn from human patterns and behavior, those algorithms may also “learn” to generate biased results.
Continue Reading FTC Warns Big Data Brings Big Consequences in New Report

A study published 22 September 2015 criticises the EU’s development of its Digital Single Market (‘DSM’) strategy for being overly commercially and economically driven, with little attention to the key legal and social challenges regarding privacy and personal data protection. The development of the DSM should not be at the expense of individuals’ privacy rights, say the authors. The study was commissioned by the European Parliament’s Civil Liberties, Justice and Home Affairs Committee.

The DSM strategy was unveiled earlier this year and is aimed at removing regulatory barriers so that digital services can operate seamlessly throughout the EU. However, despite promises made by the Commission and DSM Vice President to review the interplay between the e-Privacy Directive (2002/58/EC) and the DSM, the study finds that the strategy downplays the complexity of issues such as data anonymisation and minimisation in Big Data.Continue Reading Study reports draft EU Data Protection Regulation leaves gaps in protection when it comes to Big Data, Internet of Things and smart devices

On April 13, the Washington State Senate unanimously passed an amendment to the state’s data breach notification law. The amendment, which was requested by Washington Attorney General Bob Ferguson, and which we discussed in this previous post, passed the state house of representatives in March and is now awaiting the governor’s signature. The law

The federal government may be pushing a cybersecurity and data privacy agenda, but that doesn’t mean that the states are taking a back seat. The state attorneys general are maintaining their focus on issues relating to privacy and data security and expanding the scope of that focus to address the ever-evolving nature of those

In December 2014, the Korea Communications Commission (KCC) released the“Big Data Guidelines for Data Protection” (Guidelines). Aimed at Information and Communications Service Providers (ICSPs), they are designed to prevent the misuse of “publicly available information” to create and exploit new information. The Guidelines expressly permit ICSPs to collect and use “publicly available information”, within

The Dutch data protection authority, College Bescherming Persoonsgegevens (CBP), released a cease and desist order requiring Google to pay €60,000 per day, up to a maximum of €15 million, for violating Dutch data protection law, Wet bescherming persoonsgegevens(Wbp). Google has until the end of February 2015 to change the way it handles personal data.

The

On December 10, Oregon Attorney General Ellen Rosenblum testified in front of the joint Oregon Senate and House Judiciary Committee on the evolving nature of not only data collection and use, but also on cybersecurity incidents and hacking, and the need to amend the Oregon data breach notification law to provide enforcement authority to the