Tag Archives: data privacy

Illinois Federal Court Allows Biometric Data Privacy Suit to Proceed

An Illinois federal district court recently denied a request by online image publisher Shutterfly, Inc. and its subsidiary, ThisLife Inc., to dismiss a putative class action lawsuit alleging that the companies’ facial recognition-based system of photo-tagging violates the Illinois Biometric Information Privacy Act (BIPA). That law, which dates to 2008, prohibits companies from collecting and … Continue Reading

What is public can still be ‘private’: European Court of Human Rights halts journalists from re-publishing Finnish citizens’ public tax information

In a ruling by the European Court of Human Rights (“ECHR”) handed down in July 2015, the right to respect for individuals’ privacy balance trumped journalists’ right to freedom of expression. In the case of Satakunnan Markkinapörssi and Satamedia v. the Republic of Finland, it was decided that Finnish magazine, Veröporssi (“V”), could be prevented … Continue Reading

Employees Can’t Sue Hospital for Negligence, Breach of Contract, After Personal Data Breach

In a favorable decision for defendants in data breach litigation, the Pennsylvania Court of Common Pleas of Allegheny County held that the economic loss doctrine prevented the negligence claim of a group of former and current UPMC employees from going forward in their suit arising out of the theft of information from UPMC’s computer systems. … Continue Reading

Senators Trying to Hit the Brakes on Smart Cars, Citing Privacy and Security Concerns

On February 11, Sens. Ed Markey (D-Mass.) and Richard Blumenthal (D-Conn.) announced that they would introduce legislation intended to address the data privacy and security vulnerabilities with Internet-connected cars. The legislation, if passed, would require manufacturers to adhere to a number of security and privacy standards, including the following: Requirement that all wireless access points … Continue Reading

In Nevada Court, Millions of Dollars Wasted in the Name of Macau Data Privacy Law

Clark County Nevada District Judge Elizabeth Gonzalez is considering further sanction against Sands China Ltd. for redacting “personal information” from about 2,600 documents the company produced in 2013 as part of an ongoing wrongful termination suit first filed in 2010 by Steven Jacobs, the former president of Sands Macau. Jacobs alleges that he was wrongfully … Continue Reading

Russia sets a new deadline for data localisation, and removes Hong Kong and Switzerland from Adequate Privacy Protection List

The Russian Duma recently set a new deadline for companies to localise their data processing of Russian citizens on Russian soil, while the data protection authority published an order removing Hong Kong and Switzerland from its ‘adequate privacy protection list’. The Russian Duma has voted through, on a first reading, an accelerated effective date for … Continue Reading

Hong Kong Privacy Commissioner Ends 2014 with Special Interest in Mobile Apps

The Hong Kong Privacy Commissioner of Personal Data (the “Commissioner”) ended 2014 with a special interest in mobile applications (“apps”). In a media statement published 15 December 2014, the Commissioner reported that versions 4.3 and earlier of Google’s Android operating system contained a flaw that allowed others to read shared memory in mobile devices without … Continue Reading

Direct Marketing Association releases New Privacy Code of Practice

On 18 August, the Direct Marketing Association (‘DMA’) issued its new Privacy Code of Practice (‘Code’) to address customer concerns about data privacy. The Code is a result of an 18-month consultation with the Information Commissioner’s Office, the Department for Culture, Media & Sport and Ofcom. The Code focuses on five key principles: Put your … Continue Reading

European Commission releases technical standards on Radio Frequency Identification

In July, the EU introduced new technical standards (‘Standards’) to assist users of Radio Frequency Identification (‘RFID’) technology to comply with the EU Data Protection regime and the Commission’s 2009 recommendation on RFID. The Standards are the result of a long-term EU project which began with a public consultation in 2006. When RFID technology is … Continue Reading

Article 29 Working Party supports recognition of Processor BCRs in the Data Protection Regulation

In June, the Article 29 Working Party (‘Working Party’) wrote to the President of the European Commission, setting out its case for including a reference to Binding Corporate Rules for data processors (‘BCR-P’) in the forthcoming Data Protection Regulation. Binding Corporate Rules are one way in which data controllers or data processors in Europe can … Continue Reading

Ireland and the UK ban forced subject access requests

The practice of employers forcing employees or applicants to exercise subject access rights has been described by the UK’s Information Commissioner’s Office (‘ICO’) as a “clear perversion of an individual’s own rights”. It is now set to become a thing of the past in the UK and Ireland, as both jurisdictions bring laws into effect … Continue Reading

New Russian legislation requires local storage of citizens’ personal data

President Putin recently signed Federal Law No. 242-FZ (the “Law”) which amends Russia’s 2006 data protection statute and primary data security law (Laws 152-FZ and 149-FZ), to require domestic data storage of Russian citizens’ personal data. The Law will allow the websites that do not comply to be blocked from operating in Russia and recorded … Continue Reading

U.S. extraterritorial data warrants: yet another reason for swift Data Protection reform, says EU Commission

In May, we reported that a U.S. magistrate judge had upheld a warrant requiring Microsoft to disclose emails held on servers in Ireland to the U.S. authorities. The ruling has now attracted the attention of Brussels, with the Vice-President of the European Commission, Viviane Reding, voicing her concern. Microsoft had argued before the court that … Continue Reading

FTC Settlement with Snapchat – What Happens on Snapchat Stays on Snapchat?

Last Thursday, the Federal Trade Commission (FTC) announced that messaging app Snapchat agreed to settle charges that it deceived consumers with promises about the disappearing nature of messages sent through the app. The FTC case also alleged that the company deceived consumers over the amount of personal data the app collected, and the security measures … Continue Reading

Spain’s AEPD Publishes Draft Privacy Impact Assessment Guide

On 17 March, the Spanish data protection agency (la Agencia Española de Protección de Datos – AEPD) published a draft privacy impact assessment guide (Evaluación del Impacto en materia de Protección de Datos Personales). At the same time, the AEPD has initiated a public consultation, open until 25 April, to garner opinion and comments on … Continue Reading

Edward Snowden submits written testimony to the EU Civil Liberties Commission

When Edward Snowden alerted the media to the extent of global intelligence surveillance programmes in 2013, he sparked investigations and debate into the gathering of data by intelligence agencies worldwide. He is now contributing to the debate again, submitting written testimony (the Statement) to the investigation of the EU Committee on Civil Liberties (the Committee). … Continue Reading

Court Rules That Technical Violations of Michigan Video Rental Privacy Act Give Rise to $5,000 Per Person in Statutory Damages, Alleged Violation Enough to Stay in Federal Court

A Michigan federal judge has held that plaintiffs could proceed in federal court on their claims under the Video Rental Privacy Act (VRPA), a state law akin to the federal Video Privacy Protection Act (VPPA). The ruling came in three similar putative class actions that alleged Bauer Publishing Co., Hearst Communications, Inc, and Time, Inc., … Continue Reading

California Legislature Pushing Forward Multiple Data Privacy Bills

This post was also written by Sarah Woo and Joshua B. Marker. The California legislature is determined to be at the forefront in the development of data privacy law by drafting a number of data privacy protection bills that will impact companies’ obligations with respect to the disclosure, compilation, removal, or sharing of consumers’ personal information. … Continue Reading

President Signs Amendment to Video Privacy Protection Act, Ushering in a New Era for Widespread Sharing of Viewing Histories

This post was also written by Frederick Lah. On January 10, 2013, President Obama signed the Video Privacy Protection Act Amendments Act of 2012 (“VPPAA”), which makes it easier for companies to obtain consumer consent to share video viewing information. At the same time, the amendment left in place many of the pitfalls traditionally associated with the … Continue Reading

The Article 29 Working Party issues Opinion on the cookies

During its meeting in early June, the Article 29 Working Party (the “Working Party”) issued an Opinion on cookies that analyses the exemptions to the requirement for informed consent, and sets how the revised e-Privacy Directive impacts cookie usage. Article 5.3 of the amended ePrivacy Directive 2009/136/EC provides that cookies are exempt from the need … Continue Reading

Judge Narrows App Litigation, But Lets Plaintiffs Press On

This post was also written by Christopher G. Cwalina. A recent decision in ongoing litigation over mobile application practices shows how difficult the defense of privacy class actions can be. Even if the defense wins dismissal of some causes of action, the survival of any cause of action may force the defendant into costly discovery. On … Continue Reading

The UK Information Commissioner’s Office Has Received Numerous Complaints about Websites not adhering to the ‘Cookie’ law

The UK Information Commissioner’s Office (ICO) has received 169 complaints thus far about websites failing to comply with the cookie law that came into force May 26, V3.co.uk reports. UK Information Commissioner Christopher Graham stated that his office has received 169 complaints thus far about websites whose policies appear not to comply with the new … Continue Reading

The UK Information Commissioner’s Office issues the largest monetary penalty in its history to NHS hospital trust

This post was written by Cynthia O’Donoghue. The UK Information Commissioner’s Office (“ICO”) has issued its largest-ever fine of £325,000 GBP ($503,705 USD) to Brighton and Sussex University Hospitals NHS Trust following the discovery of highly sensitive personal data belonging to tens of thousands of patients and staff, including information relating to sexual health and … Continue Reading

The French Data Protection Authority unveils its agenda and targets for inspections in 2012

This post was written by Cynthia O’Donoghue. The French Data Protection Authority (the “CNIL”) issued a press release 19 April 2012 detailing its planned enforcement agenda for the coming year. The CNIL announced that it intends to conduct around 450 on-site inspections during 2012, with particular focus on six specific themes. The CNIL will also … Continue Reading
LexBlog