This post was also written by Frederick Lah. On January 10, 2013, President Obama signed the Video Privacy Protection Act Amendments Act of 2012 (“VPPAA”), which makes it easier for companies to obtain consumer consent to share video viewing information. At the same time, the amendment left in place many of the pitfalls traditionally associated with the … Continue Reading
During its meeting in early June, the Article 29 Working Party (the “Working Party”) issued an Opinion on cookies that analyses the exemptions to the requirement for informed consent, and sets how the revised e-Privacy Directive impacts cookie usage. Article 5.3 of the amended ePrivacy Directive 2009/136/EC provides that cookies are exempt from the need … Continue Reading
This post was also written by Christopher G. Cwalina. A recent decision in ongoing litigation over mobile application practices shows how difficult the defense of privacy class actions can be. Even if the defense wins dismissal of some causes of action, the survival of any cause of action may force the defendant into costly discovery. On … Continue Reading
The UK Information Commissioner’s Office (ICO) has received 169 complaints thus far about websites failing to comply with the cookie law that came into force May 26, V3.co.uk reports. UK Information Commissioner Christopher Graham stated that his office has received 169 complaints thus far about websites whose policies appear not to comply with the new … Continue Reading
This post was written by Cynthia O’Donoghue. The UK Information Commissioner’s Office (“ICO”) has issued its largest-ever fine of £325,000 GBP ($503,705 USD) to Brighton and Sussex University Hospitals NHS Trust following the discovery of highly sensitive personal data belonging to tens of thousands of patients and staff, including information relating to sexual health and … Continue Reading
This post was written by Cynthia O’Donoghue. The French Data Protection Authority (the “CNIL”) issued a press release 19 April 2012 detailing its planned enforcement agenda for the coming year. The CNIL announced that it intends to conduct around 450 on-site inspections during 2012, with particular focus on six specific themes. The CNIL will also … Continue Reading
This post was also written by Frederick Lah. Vermont has recently updated its data breach notification law, Vt. Stat. Tit. 9, Ch. 62, sections 2430 and 2435, to make it one of the stronger data breach notification laws in the country. The new law became effective May 8, 2012. There are three main changes in the … Continue Reading
This post was also written by Rosanne Kay. Reed Smith hosted a seminar in its London office to discuss issues companies face arising from poor Records Management, Data Protection, E-Disclosure and the Proposed EU General Data Protection Regulation. Speakers included the UK Information Commissioner’s Office Head of Strategic Liaison, Jonathan Bamford, and Reed Smith London … Continue Reading
This post was written by Nick Tyler. Last month we highlighted a resolution of the American Bar Association urging U.S. courts to: “consider and respect…the data protection and privacy laws of any…foreign sovereign, and the interests of any person who is subject to, or benefits from, such laws”, in the context of the onerous legal requirements … Continue Reading
The Article 29 Working Party has again told two online advertising groups, the Interactive Advertising Bureau (“IAB”) and the European Advertising Standards Alliance (“EASA”), that their proposed code of conduct for data tracking was still unsuitable as it failed to satisfy the requirements of EU privacy laws, and suggested adoption of the standards unveiled by … Continue Reading
On March 6, 2012, the Regional Court of Berlin issued a ruling on a case initiated by the Verbraucherzentrale Bundesverband, the Federation of German Consumer Organisations, against Facebook Ireland Limited. The court took this rare opportunity to object to several key features of Facebook’s user experience and actions: The court criticized that users are not … Continue Reading
This post was also written by Nick Tyler. On Christmas Day, organisations operating in the UK will have just five months to get their act together and comply fully with the new EU-wide rules on cookies. See earlier Client Alerts: ‘What Cookies Are In Your Jar?’ – ICO’s guidance on compliance with new EU cookie law … Continue Reading
The European Commission’s new draft data protection regulation was leaked to the press earlier this month. The proposal includes repeal of the present EU Data Protection Directive 95/46 and recommends a General Data Protection Regulation, as well as a Police and Criminal Justice Data Protection Directive. The Commission appears to have made good its threats … Continue Reading
This post was also written by John L. Hines, Jr., Amy S. Mushahwar and Frederick Lah. Earlier this year, Texas Governor Rick Perry signed into law Texas House Bill (H.B. 300), which presents more stringent requirements for health privacy, data breach notification obligations, and increased fines for violations. The law will become effective September 1, 2012. The … Continue Reading
Richard Thomas, the former UK Information Commissioner predicted that the European Commission will issue a regulation rather than a directive as part of the overhaul of the EU data protection directive. Under EU law a regulation has immediate legal effect whereas a directive requires the EU member states to enact implementing legislation. The issuance of … Continue Reading
Hasn’t it been a busy week in Europe? The regulators seems to be falling over one another in a race to the top of privacy regulation. Targeted are web browsers and ‘do-not-track’ mechanisms, children’s internet privacy, banks, and the U.S.’s request for passenger data. The European Commissioner Nellie Kroes came close to threatening the advertising … Continue Reading
The Information Commissioner’s Office (ICO) told attendees of the British Banker’s Association conference today that they need to get it right on data protection. Banks were reminded that data protection is not only about keeping data secure, it is about ensuring individuals remain in control of data the banks hold about them. Two years ago … Continue Reading
On June 9, 2011, Citigroup confirmed that its online banking platform Citi Account Online had suffered a data breach involving the names, credit card numbers, addresses, and email details of approximately 200,000 customers. While Citi has already notified the Office of the Comptroller of the Currency in accordance with FDIC Guidance, financial institutions responding to … Continue Reading
This post was also written by John Hines, and Frederick Lah. Just how much privacy are we entitled to in public places, such as public highways and buses, classrooms, restaurants, or even on the Internet? While we expect to lose some sense of privacy when we move into public spaces, does this mean that we should … Continue Reading
This post was also written by Chris Cwalina and Frederick Lah. In VPR Internationale v. Does 1-1017 (C.D. Ill.), Judge Baker opined that Internet Protocol (“IP”) addresses do not — by themselves — qualify as personal information, capable of accurately identifying an individual. While this decision is a landmark ruling for the mass-BitTorrent lawsuits in … Continue Reading
This post was also written by Frederick Lah. Standards for determining whether an employee has privacy rights with respect to an employer-issued communications device continue to develop. The analysis continues to be grounded in a detailed, fact-specific analysis of what the employee has been told, and permitted to do, by the employer. Recently, the Court of … Continue Reading
This post was written by Christopher G. Cwalina, Amy S. Mushahwar, and Frederick Lah. Google, Inc. agreed to a proposed consent order over charges that it used deceptive tactics and violated its privacy promises to consumers when it launched its social network, Google Buzz. The Agency alleged in its Complaint that Google’s information practices violated Section … Continue Reading
This post was written by Kevin Xu and John Hines. On February 22, 2011, the Federal Trade Commission (“FTC”) filed a complaint against Phillip A. Flora (“Flora”) for an operation that allegedly blasted consumers with millions of illegal spam text messages, including many messages that deceptively advertised a mortgage modification website called “Loanmod-gov.net.” The FTC … Continue Reading
Asian countries continue to focus on developing their data protection legislation. The Philippines Congress recently finished its second reading of House Bill 1554 which will introduce a unified and special law relating to data protection and privacy. Singapore, which already has some sectoral laws and a voluntary data protection model code, is now calling for … Continue Reading
