Tag Archives: privacy

In privacy we (anti)trust: Regulators worldwide consider competition law as tool for consumer protection

On February 26, 2019, the Federal Trade Commission’s (FTC) Bureau of Competition announced a new Technology Task Force, which will monitor anticompetitive conduct in U.S. technology markets “to ensure consumers benefit from free and fair competition.” With the consumer protection agency already a chief arbiter of privacy enforcement in the tech sector, the new task … Continue Reading

First annual report of the European Data Protection Supervisor since GDPR

On 26 February 2019, the European Data Protection Supervisor (EDPS), Giovanni Buttarelli, published his first annual report since the General Data Protection Regulation (GDPR) came into force last year. This is a short overview of some of the key themes in the EDPS’s annual report: Overview of 2018: GDPR: This is the first annual report of … Continue Reading

New guidelines for building management corporations in Singapore

On 11 March 2019, the Personal Data Protection Commission of Singapore (PDPC) issued a set of advisory guidelines for management corporations of strata title plans (MCSTs), which were developed in consultation with Singapore’s Building and Construction Authority. The guidelines provide guidance to MCSTs on complying with Singapore’s Personal Data Protection Act (PDPA), and some key … Continue Reading

California Attorney General proposes expanded CCPA Private Right of Action following State Assembly Hearing on possible 2019 amendments to the landmark privacy law

BREAKING: California Attorney General Xavier Becerra (AG) announced a proposed series of amendments to the California Consumer Privacy Act (CCPA) that would: Expand consumers’ private right of action to include all alleged violations of their rights under the CCPA; Eliminate businesses’ 30-day opportunity to “cure” alleged violations prior to being subject to civil enforcement by … Continue Reading

Singapore considers introduction of data portability

On 25 February 2019, Minister for Communications and Information announced that Singapore is considering, as part of an ongoing review of the Personal Data Protection Act (PDPA), introducing a data portability requirement that would confer greater control and rights by data subjects over the movement of their personal data across service providers. In connection with … Continue Reading

Illinois Biometric Information Privacy Act violation does not require an allegation of actual harm

Illinois Biometric Information Privacy Act, 740 ILCS 14/1 et seq. (BIPA) stands out among state biometrics statutes nationwide in that it includes a private right of action for anyone “aggrieved” by a private entity’s failure to comply with BIPA’s compliance requirements. The Illinois Supreme Court recently ruled that a plaintiff may assert that they are … Continue Reading

No-deal Brexit: EU regulators issue data transfer guidance

On 12 February 2019, the European Data Protection Board (EDPB) met for its seventh plenary session. You can see our blog on the full session here. At this session, the EDPB adopted two information notes. The information notes offer guidance on data protection issues in the event of a no-deal Brexit, namely: data transfers generally … Continue Reading

Updates from the European Data Protection Board

The European Data Protection Board (EDPB) met for its seventh plenary session on 12 February 2019. The session covered many areas of discussion, outlined in the agenda. The four main areas covered, and highlighted in the EDPB’s press release, were: 1. Work programme: The EDPB adopted a two-year work programme, covering 2019-2020. The work programme … Continue Reading

President prioritizes research, development, and deployment of artificial intelligence technology

The President has made artificial intelligence technology a policy priority. On February 11, 2019, the President issued an Executive Order to direct most federal executive agencies to promote and protect American advancements in artificial intelligence while working with private industry. The order recognized that public trust in artificial intelligence is an important factor in the … Continue Reading

Comprehensive data privacy legislation introduced in Massachusetts – includes private right of action without a need to prove harm

Massachusetts state Senator Cynthia Creem has introduced a consumer data privacy bill, SD 341, that would give Massachusetts consumers the right to sue in the event their personal information or biometric data is improperly collected or distributed or for any other potential violation of the new law. Under SD 341, and similar to Illinois’s Biometric … Continue Reading

Financial penalty imposed for failure to protect personal data on website

On 22 January 2019, Singapore’s Personal Data Protection Commission issued its grounds of decision against COURTS (Singapore) Pte Ltd (Courts), a consumer electronics and furniture retailer in Singapore. The facts of the case were as follows: A complaint was brought by an individual who discovered that his contact number and address were disclosed in an … Continue Reading

“Worst breach of personal data in Singapore’s history” attracts highest penalties totalling S$1 million

On 14 January 2019, Singapore’s Personal Data Protection Commission issued its grounds of decision against Singapore Health Services Pte. Ltd. (SingHealth) and Integrated Health Information Systems Pte. Ltd. (IHiS) for what has been coined the “worst breach of personal data in Singapore’s history”. The unprecedented cyber attack on SingHealth’s patient database system led to the … Continue Reading

First two Singapore data protection enforcement decisions issued in 2019

On January 3, 2019, Singapore’s Personal Data Protection Commission issued two grounds of decision against Bud Cosmetics and AIG Asia Pacific Insurance Pte Ltd & Toppan Forms (S) Pte Ltd. Bud Cosmetics The facts of this case were as follows: Bud Cosmetics is an organic and natural skincare retailer with retail outlets in Singapore and … Continue Reading

Four Singapore organisations found to be in breach of obligation to protect personal data

On 13 December 2018, the Singapore data protection commission issued four separate decisions against the following organisations, for breaches of the protection obligation under section 24 of the Personal Data Protection Act 2012 (PDPA): Funding Societies Pte Ltd WTS Automotive Services Pte Ltd Institute of Singapore Chartered Accountants SLF Green Maid Agency Funding Societies The … Continue Reading

Rise of AI poses new regulatory challenges

Companies that employ algorithms, machine learning and artificial intelligence (AI) in their day-to-day business may face increased attention from federal antitrust and consumer protection regulators in the future. On November 13–14,  the Federal Trade Commission (FTC) addressed this topic in their hearings on “Competition and Consumer Protection in the 21st Century.” The panelists, an assembly … Continue Reading

European Data Protection Board – Fifth plenary session: EU-Japan draft adequacy decision, DPIA lists and guidelines on accreditation

The European Data Protection Board (EDPB) met for its fifth plenary session on 4 and 5 December 2018. The EDPB published a press release, highlighting the three main areas of discussion: EU-Japan draft adequacy decision. The EDPB adopted an opinion on the European Commission’s draft adequacy decision. In adopting its opinion, the EDPB focused on the … Continue Reading

Public comment for private matters: NTIA receives over 200 comments on proposed approach to protecting consumer privacy informed by GDPR, CCPA & more

On November 13, 2018, the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA) released comments it received from over 200 government, non-profit, academic, and private sector organizations on developing the Administration’s approach to consumer privacy.[1] Since September, the NTIA has sought public comments to specifically address a number of questions that focused on … Continue Reading

Singapore data protection commission issues warning for “heat of the moment” disclosure of personal data

On November 28, 2018, Singapore’s Personal Data Protection Commission (commission) issued its grounds of decision against Big Bubble Centre (respondent), a sole-proprietorship in the scuba-diving business. The facts of the case were as follows: The complainant was an individual who had worked for the respondent and claimed that he was not paid wages for such … Continue Reading

European Data Protection Board update

The European Data Protection Board (EDPB) met for its fourth plenary session on 16 November 2018. The session covered many areas of discussion, outlined in the session’s agenda. The EDPB published a press release, highlighting the three main areas of discussion. EU-Japan draft adequacy decision. The EDPB discussed the draft adequacy decision, which it received … Continue Reading

Singapore to adopt new legislation on unsolicited commercial messages, and enhanced practical guidance framework for data protection

On 8 November, 2018, Singapore’s Personal Data Protection Commission (PDPC) issued its response to feedback received on a public consultation paper. In that consultation paper, the PDPC had proposed to: merge the Do Not Call provisions in the Personal Data Protection Act 2012 of Singapore (PDPA) and Spam Control Act into a single legislation to … Continue Reading

ICO takes action against organisations for failure to pay new data protection fee

On 26 September 2018 the Information Commissioner’s Office (ICO) began formal enforcement action against 34 organisations that have failed to pay their data protection fees. Notices of intent have been served on both private and public sector organisations, including the NHS, government organisations, and businesses in recruitment, finance and accountancy. They have until 17 October … Continue Reading

AGs emphasize consumer protection and privacy expertise in FTC comments

The Federal Trade Commission (FTC) will be holding a series of hearings this fall on “Competition and Consumer Protection in the 21st Century,” with the goal of reflecting on the agency’s powers, and state attorneys general (AGs) want to make sure their voices are heard. A bipartisan group of 29 state AGs filed comments with … Continue Reading

EU’s GDPR applied to promotion marketing

The European Union’s General Data Protection Regulation (GDPR) is underway, and companies and organizations around the world are analyzing its effects on how they collect, use, store and disclose data. U.S.-based sponsors of sweepstakes, contests, instant win games and other promotions opening entry to or targeting Europeans need to be mindful of the GDPR rules … Continue Reading

Article 29 Working Party adopts finalized guidelines on transparency under GDPR

The Article 29 Working Party (WP29) adopted, on 11 April 2018, finalized guidelines on transparency (the Guidelines) under the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR), following its public consultation. Technology Law Dispatch looked at the draft guidance on transparency earlier this year, so this blog focuses on the key issues and what is … Continue Reading
LexBlog