Tag Archives: privacy

Upcoming first annual review of the EU-U.S. Privacy Shield

During the week of 18 September 2017, the European Commission and the Article 29 Working Party (“WP29”) will undertake the first annual review of the EU-U.S. Privacy Shield (“Privacy Shield”). The meetings will take place in the United States. As for the U.S. side, the U.S. Department of Commerce will conduct the review, and it … Continue Reading

German Parliament to adopt WiFi Act and Hate Speech Act this week

In two last-minute decisions, the German Parliament (Bundestag) will likely adopt the WiFi Act (Entwurf eines Drittes Gesetz zur Änderung des Telemediengesetzes) and the Hate Speech Act (Entwurf eines Gesetzes zur Verbesserung der Rechtsdurchsetzung in sozialen Netzwerken) in the last session of the current legislative term. The parliament will vote on both bills on 30 … Continue Reading

Get your update on IT & Privacy Law (Germany)

The Summer 2017 Edition of the quarterly IT & Privacy Newsletter by Reed Smith Germany has just been released. We cover the German GDPR Implementation Act, new case law on processing on the basis of legitimate interests, marketing consent, and provider liability, as well as the paper on Google Analytics by the Hamburg data protection … Continue Reading

ICO’s Strategic Plan for the ‘New Frontier’ of Data Protection

The ICO recently published its Information Rights Strategic Plan for 2017 – 2021  (the ‘Plan’). Within it, the ICO Commissioner, Elizabeth Denham, asserts that we are on the “edge of a new frontier,” and that the data protection landscape is about to be reshaped by the “game changing” General Data Protection Regulation (the ‘GDPR’). Noting … Continue Reading

Data Privacy and Security Legal Reform, and Plaintiffs’ Bar White Paper the Focus of IAPP Panel

A panel on legal reform in the area of privacy and data security at this week’s IAPP Summit provided an opportunity for a discussion between businesses and regulators, as well as for the launch of a white paper on the activities of the plaintiffs’ bar in this area that Reed Smith prepared for the U.S. … Continue Reading

State Attorneys General Gather to Discuss Privacy Enforcement

A panel at a meeting of the National Association of Attorneys General highlighted data breaches and privacy in the context of new technology, signalling that state regulators are focused on consumer protection in this area. The panel at the Southern Regional Meeting in Charlottesville on April 4 was devoted to emerging technologies, privacy concerns, and … Continue Reading

NIST Publishes Introduction to Privacy Engineering and Risk Management to Assist Agencies and Organizations in Designing Privacy-Compliant Systems

On January 4, 2017, the National Institute of Standards and Technology (“NIST”) published the final version of NIST IR 8062 “An Introduction to Privacy Engineering and Risk management in Federal Systems.”  The report introduces the concept of applying systems engineering practices to privacy and provides a new model for conducting privacy risk assessments on systems. … Continue Reading

“Sorry, Santa, the Kids’ Data Is Stuck In Russia!” ~ Plus LinkedIn Not Feeling the Love from Russia

LinkedIn has become the first major company to have access to its website in Russia blocked by the Russian Data Protection Authority, Roskomnadzor, following earlier Moscow Court decisions on 4 August and 10 November. Russia’s data localisation law came into effect in September 2015 and requires websites collecting personal data of Russian citizens to store … Continue Reading

Data Protection Authorities gather for the 38th International Privacy Conference

Data Protection Authorities (“DPAs”) from across the world gathered in Marrakesh for the 38th International Privacy Conference. This event is held annually for the purpose of debating topical data protection issues. The debates this year centred on data privacy being central to: sustainable development, government access to personal data, the role of technology, adequacy, localisation … Continue Reading

CJEU says dynamic IP addresses can constitute personal data

The Court of Justice of the European Union (“CJEU”) has ruled that dynamic IP addresses can constitute personal data. Dynamic IP addresses, registered by a website provider when an individual accesses its website, shall constitute personal data where the operator has the legal means to combine the data with additional data (held by the internet … Continue Reading

In the age of Big Data, the EDPS issues an Opinion on enforcement and upholding fundamental rights

The European Data Protection Supervisor (“EDPS”) issued an Opinion on “coherent enforcement of fundamental rights in the age of big data”. This is an update to the EDPS’ Preliminary Opinion in 2014 on “Privacy and competitiveness in the age of big data”. The Preliminary Opinion observed a tendency for EU rules of data protection, consumer … Continue Reading

ICO Responds to the ePrivacy Directive Consultation

In April, we reported that the European Commission had opened a public consultation seeking the views of various stakeholders on the current wording of, and possible changes to, the Privacy and Electronic Communications Directive (2002/58/EC as amended) (“ePrivacy Directive”). The retrospective evaluation was necessary to ensure the ePrivacy Directive is fit for the digital age, … Continue Reading

Galloway v Frazer & Others – A glimpse to the future of data protection litigation

On 27 January, the High Court of Northern Ireland granted British MP George Galloway leave to serve proceedings on Google Inc. out of the jurisdiction. The application was based on a variety of claims including libel, harassment, misuse of private information, and unlawful data processing under the Data Protection Act 1998 (the Act). The claims … Continue Reading

WiFi Privacy: Network Analytics Guidance Issued by ICO

The Information Commissioner’s Office (ICO) has issued guidance to help wireless (WiFi) operators understand their duties under the Data Protection Act 1998 (DPA) when collecting and using location and other analytics information. When a device’s WiFi functionality is enabled, it broadcasts ‘probe requests’ to find WiFi networks that are within range. If the device discovers … Continue Reading

South Korea Sharpens the Teeth of Its Privacy Law

The Act on the Promotion of Information Communication Network Utilization and Information Protection (“PICNUIA”) has been amended to include potential punitive damages for South Korean businesses that provide services over the internet. From 23 September this year, any serious data breach experienced by such businesses will lead to financial liability of up to three times … Continue Reading

Spokeo, Palatine Cases Discuss Negligible Harm from Privacy Breaches, Could Put Damper on Suits

A recent argument and non-decision at the Supreme Court could have significant effects on plaintiffs’ lawsuits under consumer data protection and privacy laws. Last week, the Court heard arguments on the standard of harm for establishing standing under the Fair Credit Reporting Act, and declined to review a Driver’s Privacy Protection Act case in which … Continue Reading

Consumer Trust should be at the heart of the Digital Economy

A recent report summary produced by the Organisation for Economic Cooperation and Development (‘OECD’) highlighted that many countries are placing too much emphasis on developing their digital economies and are neglecting the privacy of individuals as a result. Drawing from surveys undertaken in most of the OECD’s 34 member countries, the OECD found that two-thirds … Continue Reading

More Data Vulnerabilities, Cyber Breaches Detected in Healthcare Exchanges

Government audits continue to reveal that millions of people’s personally identifiable information is at risk. Continuous audit reports by the Office of the Inspector General (OIG) of The Department of Health and Human Services (HHS) reveal that online health care insurance exchanges could be the next juicy target for hackers looking for consumers’ personal information. … Continue Reading

Study reports draft EU Data Protection Regulation leaves gaps in protection when it comes to Big Data, Internet of Things and smart devices

A study published 22 September 2015 criticises the EU’s development of its Digital Single Market (‘DSM’) strategy for being overly commercially and economically driven, with little attention to the key legal and social challenges regarding privacy and personal data protection. The development of the DSM should not be at the expense of individuals’ privacy rights, say … Continue Reading

UK ICO Annual Report highlights 100% success rate for monetary penalties imposed

The ICO, the UK’s data protection authority, published its 2014-2015 annual report. Most noticeably, the ICO announced that they had enforced no successful appeals against Monetary Penalty Notices. The ICO can impose civil monetary penalties of up to £500,000 for serious breaches of the Data Protection Act 1998, but this can be reduced by 20% … Continue Reading

Drones and their data protection implications: Guidance provided by Article 29 Working Party

The Article 29 Working Party has published an Opinion (01/2015) about the data protection and privacy issues in relation to the utilisation of drones. The Working Party acknowledges the social and economic benefits of drones within the aviation market and the opportunities that could develop for law enforcement agencies, but emphasises that risks and threats … Continue Reading

47 Attorneys General to Congress: Federal Breach Legislation Should Not Preempt the States

On July 7, 2015, attorneys general from 47 states and territories sent a letter to Congressional leaders urging them to consider federal data breach notification legislation that does not preempt the states. The move comes on the heels of a data breach announcement made by the Office of Personnel Management, and renewed interest on the … Continue Reading
LexBlog