Tag Archives: Privacy & Management

FTC Report Offers Privacy and Security Guidance for ‘Internet of Things’

This post was written by Frederick Lah. On Tuesday, January 27, the FTC issued a 71-page Staff Report on the privacy and security issues with the Internet of Things. As we’ve noted in our previous blog posts, the Internet of Things (“IoT”) refers to the growing ability of everyday devices to monitor and communicate information … Continue Reading

European Banking Authority Releases Internet Payment Guidelines

The European Banking Authority (EBA) released ‘Final guidelines on the security of internet payments’ (Guidelines). These Guidelines are based on the work published by the European Forum on the Security of Retail Payments (SecuRe Pay) and set the minimum security requirements that Payment Services Providers (PSPs) in the EU will be expected to implement by … Continue Reading

N.Y. AG Seeks To Have the ‘Strongest, Most Comprehensive’ Data Security Law in Nation

Last week, New York Attorney General Eric Schneiderman announced that he would propose a new data security law in his state that would require companies to take increased safeguards for the protection of personal information. The bill, if passed, would broaden the scope of information that companies would be responsible for protecting, and would require … Continue Reading

Turkish Parliament Approves E-Commerce Law

Turkey’s Parliament has approved Law No. 6563 on the Regulation of Electronic Commerce (Law) aimed at creating a more secure, transparent and accessible e-commerce environment. The Law is expected to come into force 1 May 2015. The Law covers electronic communications, liabilities of service providers, contracts concluded electronically, and the information provided to consumers, as … Continue Reading

OECD Releases Guidance for Digital Consumer Products

The Organisation for Economic Cooperation and Development (OECD) released Consumer Policy Guidance on Intangible Digital Content Products (Guidance) for protecting online consumers of digital content. With the expansion of the Internet and mobile devices, digital content has grown considerably. The OECD recognizes that this has brought consumers considerable benefits, “including ready access to a wide … Continue Reading

FTC Chairwoman Rings in the New Year with ‘Internet of Things’ Warning

While hundreds of tech companies are racing to develop the newest in Internet-connected “smart” devices, Federal Trade Commission (“FTC”) Chairwoman Edith Ramirez is sending a reminder to those companies of their responsibilities to consumers. At the 2015 Consumer Electronics Show held in Las Vegas, January 6-9, Chairwoman Ramirez highlighted some best practices to address the … Continue Reading

New Jersey Requires Encryption for Health Insurance Carriers; May Open Door to Class Action Suits over Violations Under State Consumer Protection Law

Gov. Chris Christie has signed into law S. 562, which, as its title states, “Requires health insurance carriers to encrypt certain information.” Violation of this new law constitutes a facial violation of the New Jersey Consumer Fraud Act, a powerful consumer remedies statute. The NJCFA can be enforced by the state attorney general, or by … Continue Reading

Cybersecurity Risks Are Higher than Ever and Are Proving Costly

Cybersecurity is an increasing concern for companies. Last April, the UK Department for Business, Innovation & Skills (BIS) published the 2014 information security breaches survey: technical report. The report comprises the findings from two online questionnaires completed by 1,125 respondents, and contains a number of important cyber-attack statistics for both large organisations and small businesses. … Continue Reading

Russia sets a new deadline for data localisation, and removes Hong Kong and Switzerland from Adequate Privacy Protection List

The Russian Duma recently set a new deadline for companies to localise their data processing of Russian citizens on Russian soil, while the data protection authority published an order removing Hong Kong and Switzerland from its ‘adequate privacy protection list’. The Russian Duma has voted through, on a first reading, an accelerated effective date for … Continue Reading

White House Previews Ambitious (if Familiar) Privacy and Cybersecurity Proposals for 2015

On January 20, 2015, President Obama will address Congress with his annual State of the Union report. On Monday, the president spoke at the Federal Trade Commission, providing a “sneak peek” of the privacy and cybersecurity agenda that he intends to set. Of the United States, the president remarked: “We pioneered the Internet, but we … Continue Reading

EU Art. 29 Confirms Cookie Rules Apply to Digital Fingerprinting

The Article 29 Data Protection Working Party (Working Party) released Opinion 9/2014 on ePrivacy Directive 2002/58/EC (amended in 2009), stating that the consent and transparency mechanisms apply to digital fingerprinting of devices (Opinion). The Working Party issued the opinion to clarify that consent was required and to end “surreptitious tracking” of users in light of … Continue Reading

EU Commission Publishes Work Program for 2015

The European Commission’s work program for 2015 covers 10 actions for 2015, including a “connected digital single market” across the EU. As part of the Digital Single Market Package, the Commission aims to conclude negotiations on the European data protection reform and the Regulation, and to propose changes to deal with existing challenges in the … Continue Reading

Presidency of the Council of Ministers publishes amendments to ‘one stop shop’ of the draft EU Data Protection Regulation

In October 2013, we reported on the move towards a ‘One Stop Shop’ (OSS) approach to EU Data Protection. The OSS principle aims to create consistency for international organisations to process personal data in multiple member states through the appointment of a single competent authority to monitor the data-controller’s activities across all EU Member States. … Continue Reading

EU Art. 29 Working Party Announces Cooperation Procedure for EU Model Clauses

The Article 29 Data Protection Working Party (Working Party) released a Working Document setting forth a co-operation procedure for issuing common opinions on “Contractual clauses” considered as compliant with the EC Model Clauses (Working Document). The aim of this Working Document is to facilitate the use of the EU model clauses across multiple jurisdictions in … Continue Reading

Hong Kong Privacy Commissioner Ends 2014 with Special Interest in Mobile Apps

The Hong Kong Privacy Commissioner of Personal Data (the “Commissioner”) ended 2014 with a special interest in mobile applications (“apps”). In a media statement published 15 December 2014, the Commissioner reported that versions 4.3 and earlier of Google’s Android operating system contained a flaw that allowed others to read shared memory in mobile devices without … Continue Reading

European Commission and EU Art 29 dispel the myths on the ECJ’s decision in Google Spain

In May 2014, we reported on the implications of the landmark decision in Google Spain which recognises the right for individuals to have links about themselves de-listed from search results. In response to the complaints received, the Article 29 Working Party (Art 29 WP) published a report on work being carried out to handle complaints, … Continue Reading

Dutch Data Protection Authority Threatens Google with a €15 million fine

The Dutch data protection authority, College Bescherming Persoonsgegevens (CBP), released a cease and desist order requiring Google to pay €60,000 per day, up to a maximum of €15 million, for violating Dutch data protection law, Wet bescherming persoonsgegevens(Wbp). Google has until the end of February 2015 to change the way it handles personal data. The … Continue Reading

EDPS publishes Guidelines on data protection in EU financial services regulation

The European Data Protection Supervisor published ‘Guidelines on data protection in EU financial services regulation’ (Guidelines) to be used as a “practical toolkit for ensuring that EU data protection rules are integrated when developing EU financial policies and rules.” The Guidelines address the processing of personal information involved in supervising financial markets, particularly through the … Continue Reading

EU Art. 29 Assesses Cybercrime Assessment

The Article 29 Data Protection Working Party (Working Party) sent a letter to the Council of Europe discussing its first assessment of several cybercrime scenarios presented at the 2014 Cybercrime@Octopus conference (Conference). The scenarios that sought to create “discussion on the consequences of data protection legislation and principles when obtaining such data in a criminal … Continue Reading

EU Art. 29 Working Party Opinion on the Internet of Things

The EU Article 29 Working Party (WP29) has issued an Opinion on ‘Recent Developments on the Internet of Things’ (Opinion). The Opinion stresses the privacy and security challenges generated by the development of the Internet of Things (IoT), while acknowledging the benefits of IoT to individual lives, and the prospect of significant economic growth within … Continue Reading

ISO develops the first privacy-specific cloud standard

Earlier in 2014, the International Standards Organisation (ISO) developed a new voluntary standard, ISO 27018 (Standard), establishing commonly accepted control objectives and guidelines to protect personal information for a public cloud computing environment. The need to create trust in cloud solutions led to the development of the Standard, in accordance with one of the key … Continue Reading

UK Government releases ‘Bring Your Own Device’ Guidance

In early October, the UK government updated a collection of guidance notes they had issued on ‘bring your own device’ initiatives (BYOD). Given the increase in employees using their personal devices to connect to their employers’ systems, employers in both the private and public sector will welcome this guidance. The ‘BYOD Guidance: Executive Summary’ describes … Continue Reading

UK ICO to endorse privacy seal schemes

The UK Information Commissioner’s Office (ICO) signalled its commitment to approving third-party “privacy seal” schemes following its recent public consultation. The first UK schemes should be operational by 2016. The consultation comes in anticipation of the European Commission’s revised data protection framework proposals, which may include provisions intended to encourage the adoption of privacy seals, … Continue Reading

OWASP releases the results of its Privacy Risks Project

The Open Web Application Security Project (OWASP) published its findings on the ‘Top 10 Privacy Risks’ for 2014. The aim, according to one of the developers of OWASP, was to build a top-10 list of both technical and organisational risks to “help people with developing web applications, or a social network.” The OWASP is an … Continue Reading
LexBlog