In a recent Q&A conducted by Divonne Smoyer and Karen Lee Lust with Connecticut Attorney General (AG) William Tong published in the IAPP Privacy Advisor, the AG discusses how he has continued Connecticut’s role as a privacy leader among the states, partnering with the U.S. Federal Trade Commission on data privacy-related matters and other compliance
data privacy
Tenn. Attorney General Slatery on state and federal consumer privacy in 2021 and beyond
In a recent Q&A with Tennessee Attorney General (AG) Herbert Slatery, the eight-year term AG discusses how he makes consumer protection, including privacy and cybersecurity issues, a top priority for Tennessee citizens and businesses. AG Slatery shares his thoughts on privacy on a multi-state state level, the prospect of standards of enforcement for technology companies,…
Nevada Attorney General Aaron Ford talks to Reed Smith about Nevada’s new data privacy law, consumer protection, and data breaches
In a recent Q&A with Nevada Attorney General (AG) Aaron Ford, the first term AG discusses Nevada’s new data privacy law (Senate Bill 220), which provides consumers with a right to opt out of the sale of their data. AG Ford also outlines his perspective on federal privacy law and his office’s data breach enforcement…
U.S. data privacy considerations in the time of COVID-19
As businesses and individuals across the globe struggle to adapt to a new normal of remote work and social distancing due to the COVID-19 (a/k/a novel coronavirus) pandemic, they should also be aware of a number of U.S. data privacy and data security implications arising from these changes. In addition, businesses must be cognizant of…
COVID-19 outbreak: Data privacy issue requirements on employee personal data differ in China, Hong Kong, and Singapore
On January 30, 2020, The World Health Organization (WHO) declared that the outbreak of novel coronavirus (COVID-19) is a “public health emergency of international concern.” This was, in part, an acknowledgement of the geographic spread of the virus and the need for intensified support for preparation and response, especially in vulnerable countries and regions. Further…
Novel coronavirus outbreak throws up data privacy questions for businesses in China, Hong Kong and Singapore
The World Health Organization (WHO) declared on January 30, 2020, that the outbreak of 2019 nCoV (novel coronavirus) is a “Public Health Emergency of International Concern.” Further information is available in the WHO statement. On January 31, 2020, the Centers for Disease Control and Prevention (CDC) in the United States also declared a public…
OCR releases new FAQs on use of health apps
The U.S. Department of Health and Human Services Office for Civil Rights (OCR) released a new set of Health Insurance Portability and Accountability Act (HIPAA) FAQs building upon prior guidance from OCR. The new FAQs discuss the applicability of HIPAA to covered entities and business associates that interact with health apps and explain when…
First sanction decision rendered by the CNIL under the GDPR: GDPR awareness 2.0 has begun
In an interview dated February 2018,[1] Isabelle Falque-Pierrotin, at the Head of the French data protection authority (CNIL), stated that the CNIL would adopt a flexible and pragmatic approach from May 2018 onwards when controlling compliance with data protection requirements. The first decision of sanction rendered by the CNIL on Monday January 21, 2019, which is to date the most severe sanction ever imposed to a web giant (‘GAFA’) under the GDPR, gives a sense of what that flexible approach might be in the eyes of the French regulator.
Background: a wave of awareness among users at the EU level shows a new face of data protection
In a notice dated November 2018,[2] the CNIL reported that the number of claims related to privacy issues had significantly increased (by 34 percent) since the adoption of GDPR in May 2018. The protection of personal data seems therefore to be becoming an ever more important issue, especially since nonprofit associations are able to collectively report breaches and issue claims on behalf of users to EU data protection authorities, pursuant to Article 80 of the GDPR.
The January 21, 2019 decision of the CNIL against Google recalls the admissibility of complaints filed by nonprofit associations, which have a mandate to represent users. The decision thus follows the collective complaints filed a few days after the entry into force of the GDPR, on May 25 and 28, 2018, by the organization None of your business and the French organization La Quadrature du Net.
As reflected by the length and documented character of the decision (31 pages), delivered in an extremely short time frame after an expeditive procedure (barely 10 weeks), the CNIL shows a clear willingness to implement a far-reaching control over GAFAs regarding the information given to users and consent management, highlighting that the GDPR is aimed at fighting any form of “forum shopping.”Continue Reading First sanction decision rendered by the CNIL under the GDPR: GDPR awareness 2.0 has begun
Joint Committee on Human Rights launches inquiry into Article 8 and the digital revolution
The Joint Committee on Human Rights has launched an inquiry into the right to privacy under Article 8 of the European Convention on Human Rights (ECHR) and the “Digital Revolution”. The inquiry will examine whether further safeguards to regulate the collection, use, tracking, retention and disclosure of personal data by private companies are required to protect human rights in the new digital age.
The key human right considered to be at risk is the right to private and family life under Article 8.
The Committee has also stated that freedom of expression (Article 10), freedom of assembly and association (Article 11) and prohibition of discrimination (Article 14) are also deemed to be at risk.
The Committee are now in the process of collecting written evidence of the threats posed to human rights by the processing of personal data by companies, and instances where those rights have been breached. The Committee have raised the following five questions and requested responses to be submitted online by 31 January 2019:
An interview with North Carolina AG Josh Stein
Check out this month’s edition of The Privacy Advisor, a publication of the International Association of Privacy Professionals (IAPP), for Divonne Smoyer and Kimberly Chow’s Q&A with North Carolina Attorney General (AG) Josh Stein. Throughout his tenure as AG, Stein has shown a clear commitment to data privacy and security through his advocacy for strong…