Tag Archives: data

Article 29 Working Party update on GDPR implementation

The Article 29 Working Party (WP29) discussed a number of important issues during its April plenary meeting on 17 April 2018. In its summary press release, the WP29 gave an update on the issues it discussed. Implementation of the General Data Protection Regulation (GDPR) and adopted guidelines WP29 formally adopted guidelines on consent and transparency … Continue Reading

European Commission VP comments on harmonisation and monetising user data, and guidance on the direct application of the GDPR is issued

On 28 February 2018, Andrus Ansip, the European Commission (Commission) Vice President and commissioner responsible for the Digital Single Market strategy, commented that all companies should be able to monetise user data, in the same way that social media companies do. Mr Ansip’s comments reflect the aims of the General Data Protection Regulation (GDPR) to … Continue Reading

UK government publishes the Digital Charter and reaffirms creation of the Centre for Data Ethics and Innovation

Earlier this year the UK Department for Digital, Culture, Media & Sport published its new Digital Charter. This short document outlines a UK rolling programme of work designed to make the UK a friendly environment to start-up and grow digital businesses. It is also designed to make the UK a safe place to be online. … Continue Reading

Warning light: The FTC is monitoring the connected car marketplace

In a recently published “Staff Perspective,” the Federal Trade Commission (FTC) appears to be staying true to the regulatory humility approach Acting Chairman Maureen K. Ohlhausen underscored in her opening remarks to the connected cars and autonomous vehicles workshop the FTC co-hosted with the National Highway Traffic Safety Administration (NHTSA) last summer. The Consumer Protection … Continue Reading

More Data Vulnerabilities, Cyber Breaches Detected in Healthcare Exchanges

Government audits continue to reveal that millions of people’s personally identifiable information is at risk. Continuous audit reports by the Office of the Inspector General (OIG) of The Department of Health and Human Services (HHS) reveal that online health care insurance exchanges could be the next juicy target for hackers looking for consumers’ personal information. … Continue Reading

Ofgem’s Smart Meter Network Decision: UK gas and electricity consumer privacy gets broader protection

In February 2015, Ofgem (the UK’s Office of Gas and Electricity Markets) published its Decision on Extending the Smart Meter Framework to Remote Meters (the Decision). This confirms that, following a public consultation, the privacy requirements embedded in the supplier licence terms and which will apply to suppliers’ use of customer data from “smart meters” … Continue Reading

NHS Advocates Selling Confidential Patient Data For Secondary Purposes

Latest plans announced by the UK’s Health and Social Care Information Centre (HSCIC) have resulted in a flurry of media controversy condemning NHS England (NHS) for advocating the sale of patient data to third parties for profitable gain. HSCIC, together with the NHS, has pioneered a new scheme, known as the ‘care.data’. From March 2014, … Continue Reading

State Attorneys General Maintain Sharp Focus on Privacy

Though the National Association of Attorneys General (NAAG) Presidential Initiative “Privacy in a Digital Age” expired in June 2013 when a new NAAG president took over, the state attorneys general have maintained their sharp focus on all things privacy, with no signs that that focus will shift anytime soon. Most recent case in point: a … Continue Reading

Office for the Australian Information Commissioner (OAIC) Publishes Draft Guidelines Interpreting New Privacy Principles

The Office for the Australian Information Commissioner (OAIC) has published initial draft guidelines which provide a good indication as to how to interpret the first five of thirteen Australian Privacy Principles (APPS) that will form the foundation of the Privacy Amendment (Enhancing Privacy Protection) Act 2012 which will become effective from 12 March 2014. APP … Continue Reading

Court Grants Final Approval to Class Action Settlement Over AOL’s 2006 Anonymization Failure; Big Data Precursor Settles for Millions

After nearly seven years of litigation, two class actions, and millions of dollars in legal and settlement fees, AOL hopes that it can finally put its infamous anonymization failure incident behind it. On May 24, 2013, a Virginia federal judge gave final approval to a class action settlement between AOL and a class of more … Continue Reading

Latin American Update: Costa Rica and Peru bring Data Protection regulations into force

This post was written by Cynthia O’Donoghue. Costa Rica’s 2011 data protection law came into force March 5, 2013, and Peru’s laws took effect April 22, 30 days after it published regulations. While this imposes new obligations on businesses operating or looking to do business in these countries, as with other data protection laws modelled … Continue Reading

The first European Parliament vote on the new data protection regime will be delayed

This post was written by Cynthia O’Donoghue. The date of the first binding vote by the Civil Liberties, Justice and Home Affairs Committee (LIBE) on the proposed General Data Protection Regulation (Regulation), which was initially planned for April-May 2013, has been postponed a second time. During the meeting on May 6, LIBE decided to delay … Continue Reading

More News on COPPA…

This post was also written by Frederick Lah. One day after the FTC issued its second report on privacy concerns with mobile apps for kids, “Mobile Apps for Kids: Disclosures Still Not Making the Grade“, a consumer privacy group filed a complaint with the FTC against a mobile game-maker for alleged violations of COPPA.  The complaint, … Continue Reading

Data Protection Concessions for SME’s hinted at by EU Justice Commissioner

This post was written by Cynthia O’Donoghue. Viviane Reding, Vice-President of the European Commission, EU Justice Commissioner, told ministers from the European Union Member States at a Justice and Home Affairs Council meeting in Luxembourg that in an effort not to overburden small and medium-sized enterprises (SMEs), she is prepared to offer them some concessions … Continue Reading

EU Announces Plans for a Cyber-Security Bill

This post was written by Cynthia O’Donoghue. At an Information Security Conference on 4 November 2012, the EU Commissioner for a Digital Agenda, Neelie Kroes, revealed plans to introduce legislation involving the implementation of a high level of network and information security across the EU, effectively extending the obligations to adopt risk management measures to … Continue Reading

France: The CNIL amends its regulation concerning the processing of client/prospect data and imposes differentiated data retention periods

This post was written by Daniel Kadar. A new regulation of the CNIL, dated 12 June 2012 and published on 13 July 2012, modifies the ways and means of collecting and processing client/prospect-related data. The regulation, issued as an amendment to the “Simplified Norm No. 48” [http://www.cnil.fr/en-savoir-plus/deliberations/deliberation/delib/184/], broadens the possibility for data controllers to make … Continue Reading

FERC Issues Order to Investigate Possible Violations of its Cyber Security Protocols for the Electric Grid

This post was also written by Amy Mushahwar. The Federal Energy Regulatory Commission (FERC) issued an order on July 20, 2012 to investigate whether any Authorized Certification Authorities (ACAs) had violated the North American Energy Standards Board (NAESB) Public Key Infrastructure (PKI) Standards, which outline various security requirements and specifications for the electric grid.1  The Order requires all … Continue Reading

Changes in State Data Privacy Laws to Become Effective Soon

This post was also written by Frederick Lah. We previously reported on Texas House Bill 300 that was signed into law last year.  The new law presents stricter requirements for health privacy and data breach notification obligations.  That law is set to become effective September 1, 2012.  Two types of entities will be primarily affected by the law: “Covered … Continue Reading

Electric Grid Cyber Threat Concerns Raised Last Week During an Intense Push for General Cybersecurity Legislation

This post was also written by Amy Mushahwar. Since three cyber security bills passed the House in April (H.R.2096, H.R.3523, and H.R.3834), all eyes have been on Washington for cyber security developments in the Senate. This past week there were several. The week began with a hearing on Tuesday, July 17, by the U.S. Senate … Continue Reading

Article 29 Working Party adopts a “general positive stance” in its Opinion on the new EU Data Privacy Regulation and Directive

This post was written by Cynthia O’Donoghue. In the Article 29 Working Party’s Opinion on the new EU data protection reforms, the Working Party has carefully studied both the Regulation and the Directive, and has given its first general reaction. The Working Party welcomed the provisions intended to clarify and strengthen the rights of individuals, including … Continue Reading

Does Google Remember Too Much? Spain’s National Court Tests the “Right to be Forgotten”

In the midst of discussions on Google’s revised privacy policy and its compliance with EU legislation, Spain’s highest court, the Audiencia Nacional de España, has referred a case up to the European Court of Justice (ECJ) to decide on whether Spanish citizens can lawfully demand that Google delete information about them from its search engine, … Continue Reading

Obama Administration Finalizes Its Privacy Framework: DOC Steams Ahead with Privacy Regulatory Blueprint in the Absence of Federal Privacy Legislation

This post was also written by Christopher G. Cwalina and Amy S. Mushahwar. Today, in a ceremony with much fanfare, Secretary of Commerce John Bryson and Federal Trade Commission Chairman John Liebowitz outlined the Obama administration’s privacy blueprint for a “consumer bill of rights.” Shortly thereafter, the Department of Commerce released its long-awaited consumer privacy … Continue Reading

Privacy Ratings: Do They Mean Anything?

This post was also written by Chris Cwalina, Nick Tyler and Frederick Lah. Consumers increasingly demand transparency into how companies use their personal information. We’ve seen a number of responses to this. One has been legislative; for example, the accounting requirement under the Dodd-Frank Act and California’s Shine the Light Act. For our previous analysis of … Continue Reading

U.S. lawyers urge courts to respect EU data privacy laws – ‘Hobson’s Choice’ just got harder!

This post was also written by Nick Tyler and Regis Stafford. The American Bar Association (ABA) this week passed an important resolution urging all courts in the U.S. to: “consider and respect…the data protection and privacy laws of any…foreign sovereign, and the interests of any person who is subject to, or benefits from such laws, with … Continue Reading
LexBlog