Tag Archives: data privacy

President Signs Amendment to Video Privacy Protection Act, Ushering in a New Era for Widespread Sharing of Viewing Histories

This post was also written by Frederick Lah. On January 10, 2013, President Obama signed the Video Privacy Protection Act Amendments Act of 2012 (“VPPAA”), which makes it easier for companies to obtain consumer consent to share video viewing information. At the same time, the amendment left in place many of the pitfalls traditionally associated with the … Continue Reading

The Article 29 Working Party issues Opinion on the cookies

During its meeting in early June, the Article 29 Working Party (the “Working Party”) issued an Opinion on cookies that analyses the exemptions to the requirement for informed consent, and sets how the revised e-Privacy Directive impacts cookie usage. Article 5.3 of the amended ePrivacy Directive 2009/136/EC provides that cookies are exempt from the need … Continue Reading

Judge Narrows App Litigation, But Lets Plaintiffs Press On

This post was also written by Christopher G. Cwalina. A recent decision in ongoing litigation over mobile application practices shows how difficult the defense of privacy class actions can be. Even if the defense wins dismissal of some causes of action, the survival of any cause of action may force the defendant into costly discovery. On … Continue Reading

The UK Information Commissioner’s Office Has Received Numerous Complaints about Websites not adhering to the ‘Cookie’ law

The UK Information Commissioner’s Office (ICO) has received 169 complaints thus far about websites failing to comply with the cookie law that came into force May 26, V3.co.uk reports. UK Information Commissioner Christopher Graham stated that his office has received 169 complaints thus far about websites whose policies appear not to comply with the new … Continue Reading

The UK Information Commissioner’s Office issues the largest monetary penalty in its history to NHS hospital trust

This post was written by Cynthia O’Donoghue. The UK Information Commissioner’s Office (“ICO”) has issued its largest-ever fine of £325,000 GBP ($503,705 USD) to Brighton and Sussex University Hospitals NHS Trust following the discovery of highly sensitive personal data belonging to tens of thousands of patients and staff, including information relating to sexual health and … Continue Reading

The French Data Protection Authority unveils its agenda and targets for inspections in 2012

This post was written by Cynthia O’Donoghue. The French Data Protection Authority (the “CNIL”) issued a press release 19 April 2012 detailing its planned enforcement agenda for the coming year. The CNIL announced that it intends to conduct around 450 on-site inspections during 2012, with particular focus on six specific themes. The CNIL will also … Continue Reading

Vermont Strengthens Data Breach Notification Law

This post was also written by Frederick Lah. Vermont has recently updated its data breach notification law, Vt. Stat. Tit. 9, Ch. 62, sections 2430 and 2435, to make it one of the stronger data breach notification laws in the country. The new law became effective May 8, 2012. There are three main changes in the … Continue Reading

Reed Smith hosts seminar on “Taming the e-Beast: What you need to know about Records Management, Data Protection and E-Disclosure in this Electronic Age”

This post was also written by Rosanne Kay. Reed Smith hosted a seminar in its London office to discuss issues companies face arising from poor Records Management, Data Protection, E-Disclosure and the Proposed EU General Data Protection Regulation. Speakers included the UK Information Commissioner’s Office Head of Strategic Liaison, Jonathan Bamford, and Reed Smith London … Continue Reading

Sedona Conference® International Principles on Discovery, Disclosure & Data Protection – a new set of “Three Ps” for litigants and data privacy practitioners to apply in the real world

This post was written by Nick Tyler. Last month we highlighted a resolution of the American Bar Association urging U.S. courts to: “consider and respect…the data protection and privacy laws of any…foreign sovereign, and the interests of any person who is subject to, or benefits from, such laws”, in the context of the onerous legal requirements … Continue Reading

The Article 29 Working Party tells two online advertising groups that their proposed code of conduct for data tracking is still not satisfactory and is contrary to EU privacy laws

The Article 29 Working Party has again told two online advertising groups, the Interactive Advertising Bureau (“IAB”) and the European Advertising Standards Alliance (“EASA”), that their proposed code of conduct for data tracking was still unsuitable as it failed to satisfy the requirements of EU privacy laws, and suggested adoption of the standards unveiled by … Continue Reading

German Court ‘Un-Friends’ Facebook: Ruling on Friend Finder, User’s IP Rights and Data Use Policy

On March 6, 2012, the Regional Court of Berlin issued a ruling on a case initiated by the Verbraucherzentrale Bundesverband, the Federation of German Consumer Organisations, against Facebook Ireland Limited. The court took this rare opportunity to object to several key features of Facebook’s user experience and actions: The court criticized that users are not … Continue Reading

A Seasonal Reminder for Your New Year’s To-Do List – Implement Your Cookie Action Plan for a “Good Enough” Solution!

This post was also written by Nick Tyler. On Christmas Day, organisations operating in the UK will have just five months to get their act together and comply fully with the new EU-wide rules on cookies. See earlier Client Alerts:  ‘What Cookies Are In Your Jar?’ – ICO’s guidance on compliance with new EU cookie law … Continue Reading

Leaked proposed EU Commission Data Protection Regulation has potential to open eyes and make mouths water!

The European Commission’s new draft data protection regulation was leaked to the press earlier this month. The proposal includes repeal of the present EU Data Protection Directive 95/46 and recommends a General Data Protection Regulation, as well as a Police and Criminal Justice Data Protection Directive. The Commission appears to have made good its threats … Continue Reading

Even Data Privacy Obligations are Bigger in Texas

This post was also written by John L. Hines, Jr., Amy S. Mushahwar and Frederick Lah. Earlier this year, Texas Governor Rick Perry signed into law Texas House Bill (H.B. 300), which presents more stringent requirements for health privacy, data breach notification obligations, and increased fines for violations. The law will become effective September 1, 2012. The … Continue Reading

Predictions on the New EU Data Protection Law

Richard Thomas, the former UK Information Commissioner predicted that the European Commission will issue a regulation rather than a directive as part of the overhaul of the EU data protection directive. Under EU law a regulation has immediate legal effect whereas a directive requires the EU member states to enact implementing legislation. The issuance of … Continue Reading

A busy week in Europe: Do Not Track, Children’s Internet Privacy, Data Breach Notification and Transfers of Passenger Record Data

Hasn’t it been a busy week in Europe? The regulators seems to be falling over one another in a race to the top of privacy regulation. Targeted are web browsers and ‘do-not-track’ mechanisms, children’s internet privacy, banks, and the U.S.’s request for passenger data. The European Commissioner Nellie Kroes came close to threatening the advertising … Continue Reading

Case for National Breach Notification Standard – Federal Action to Follow?

On June 9, 2011, Citigroup confirmed that its online banking platform Citi Account Online had suffered a data breach involving the names, credit card numbers, addresses, and email details of approximately 200,000 customers.  While Citi has already notified the Office of the Comptroller of the Currency in accordance with FDIC Guidance, financial institutions responding to … Continue Reading

Does “Public” Privacy Exist?

This post was also written by John Hines, and Frederick Lah. Just how much privacy are we entitled to in public places, such as public highways and buses, classrooms, restaurants, or even on the Internet? While we expect to lose some sense of privacy when we move into public spaces, does this mean that we should … Continue Reading

Judge Rules IP Address Does Not Identify User

This post was also written by Chris Cwalina and Frederick Lah. In VPR Internationale v. Does 1-1017 (C.D. Ill.), Judge Baker opined that Internet Protocol (“IP”) addresses do not — by themselves — qualify as personal information, capable of accurately identifying an individual. While this decision is a landmark ruling for the mass-BitTorrent lawsuits in … Continue Reading

Canadian Court Finds Reasonable Expectation of Privacy on Work Computers

This post was also written by Frederick Lah. Standards for determining whether an employee has privacy rights with respect to an employer-issued communications device continue to develop. The analysis continues to be grounded in a detailed, fact-specific analysis of what the employee has been told, and permitted to do, by the employer. Recently, the Court of … Continue Reading

FTC and Google – Proposed Settlement Over “Buzz”

This post was written by Christopher G. Cwalina, Amy S. Mushahwar, and Frederick Lah. Google, Inc. agreed to a proposed consent order over charges that it used deceptive tactics and violated its privacy promises to consumers when it launched its social network, Google Buzz. The Agency alleged in its Complaint that Google’s information practices violated Section … Continue Reading

FTC Brings Enforcement Action against Text Messaging Spammer

This post was written by Kevin Xu and John Hines. On February 22, 2011, the Federal Trade Commission (“FTC”) filed a complaint against Phillip A. Flora (“Flora”) for an operation that allegedly blasted consumers with millions of illegal spam text messages, including many messages that deceptively advertised a mortgage modification website called “Loanmod-gov.net.” The FTC … Continue Reading

Asian Data Privacy Update

Asian countries continue to focus on developing their data protection legislation. The Philippines Congress recently finished its second reading of House Bill 1554 which will introduce a unified and special law relating to data protection and privacy. Singapore, which already has some sectoral laws and a voluntary data protection model code, is now calling for … Continue Reading