The Article 29 Working Party (WP29) discussed a number of important issues during its April plenary meeting on 17 April 2018. In its summary press release, the WP29 gave an update on the issues it discussed. Implementation of the General Data Protection Regulation (GDPR) and adopted guidelines WP29 formally adopted guidelines on consent and transparency … Continue Reading
In preparation for the EU’s General Data Protection Regulation (GDPR), which comes into effect May 25, Facebook announced it is launching a range of new privacy tools in an effort to “put people in more control over their privacy.” Interestingly, last week Mark Zuckerberg clarified that he intends to implement Europe’s GDPR across its entire … Continue Reading
In a published decision, a unanimous panel of the Appellate Division rejected “the notion that plaintiffs – in alleging an invasion of privacy in an office building’s bathroom – could only claim the presence of a hidden recording device by demonstrating their images were actually captured.” Jaime Friedman et al. v. Teodoro Martinez et al., case … Continue Reading
The Regional Court of Berlin held in a judgment of 16 January 2018 (docket no. 16 O 341/15, German language version of the judgment available here) that Facebook’s default privacy settings and parts of their terms and conditions were invalid. This judgment provides important guidance on consent and transparency. Background The Federation of German Consumer … Continue Reading
On 20 February 2018, The Data Protection (Charges and Information) Regulations 2018 (the Regulations) were laid before the UK parliament. The Regulations affect what businesses have to pay when registering their data protection arrangements with the Information Commissioner’s Office (ICO). On 21 February 2018, the ICO issued a guide for data controllers about the proposed … Continue Reading
Massachusetts Attorney General (AG) Maura Healey has announced that the state will offer an online portal where businesses can more easily report that they have experienced a data breach. Massachusetts will also offer consumers an electronic database to view reported breaches, similar to the online repositories operated by California, Maryland and other states. Affected companies … Continue Reading
On November 29, many interested audience members packed into the Supreme Court to witness oral argument on the issue of whether the Fourth Amendment demands that the government obtain a warrant in order to acquire long-term, cell-site location information (CSLI) from wireless service providers, in what could be one of the most influential privacy decisions … Continue Reading
On November 20-21, 2017, Tether, the company behind USDT, a digital token backed by fiat currencies like the dollar and euro, disclosed that a hack resulted in the loss of $30.95 million worth of tokens. The Tether hack illuminates the privacy, reputational, financial and recovery risks associated with issuing, owning and storing digital currencies. These … Continue Reading
On October 30, 2017, Sears Holding Management Corporation (“Sears”) petitioned the Federal Trade Commission (“FTC”) to reopen and modify the settlement to which they agreed in 2009. At that time, Sears agreed to a consent order to resolve the FTC’s complaint that Sears allegedly did not adequately disclose the scope of its collection of “online … Continue Reading
The Fall 2017 Edition of the quarterly IT & Privacy Newsletter by Reed Smith Germany has just been released. We cover the regulation on cross-border portability of online content services and new case law on employee monitoring, marketing consent, influencer advertising, choice of law and venue clauses in T&Cs, and platform provider liability. You can … Continue Reading
On October 11, 2017, the House passed a bill that would provide guidance to small businesses on how to deal with cybersecurity issues. This legislation passed on the heels of a similar Senate bill that was approved just weeks before on September 28. The NIST Small Business Cybersecurity Act (H.R. 2105) would require the Department … Continue Reading
During the week of 18 September 2017, the European Commission and the Article 29 Working Party (“WP29”) will undertake the first annual review of the EU-U.S. Privacy Shield (“Privacy Shield”). The meetings will take place in the United States. As for the U.S. side, the U.S. Department of Commerce will conduct the review, and it … Continue Reading
The Federal Trade Commission has published a new guide that seeks to make compliance with the Children’s Online Privacy Protection Act (COPPA) as easy as 1, 2, 3, 4, 5, 6. Drawing from its detailed FAQs, the FTC has developed an even more streamlined, six-step DIY instruction manual designed for busy businesses that want a … Continue Reading
In two last-minute decisions, the German Parliament (Bundestag) will likely adopt the WiFi Act (Entwurf eines Drittes Gesetz zur Änderung des Telemediengesetzes) and the Hate Speech Act (Entwurf eines Gesetzes zur Verbesserung der Rechtsdurchsetzung in sozialen Netzwerken) in the last session of the current legislative term. The parliament will vote on both bills on 30 … Continue Reading
The Summer 2017 Edition of the quarterly IT & Privacy Newsletter by Reed Smith Germany has just been released. We cover the German GDPR Implementation Act, new case law on processing on the basis of legitimate interests, marketing consent, and provider liability, as well as the paper on Google Analytics by the Hamburg data protection … Continue Reading
The ICO recently published its Information Rights Strategic Plan for 2017 – 2021 (the ‘Plan’). Within it, the ICO Commissioner, Elizabeth Denham, asserts that we are on the “edge of a new frontier,” and that the data protection landscape is about to be reshaped by the “game changing” General Data Protection Regulation (the ‘GDPR’). Noting … Continue Reading
A panel on legal reform in the area of privacy and data security at this week’s IAPP Summit provided an opportunity for a discussion between businesses and regulators, as well as for the launch of a white paper on the activities of the plaintiffs’ bar in this area that Reed Smith prepared for the U.S. … Continue Reading
A panel at a meeting of the National Association of Attorneys General highlighted data breaches and privacy in the context of new technology, signalling that state regulators are focused on consumer protection in this area. The panel at the Southern Regional Meeting in Charlottesville on April 4 was devoted to emerging technologies, privacy concerns, and … Continue Reading
On January 4, 2017, the National Institute of Standards and Technology (“NIST”) published the final version of NIST IR 8062 “An Introduction to Privacy Engineering and Risk management in Federal Systems.” The report introduces the concept of applying systems engineering practices to privacy and provides a new model for conducting privacy risk assessments on systems. … Continue Reading
LinkedIn has become the first major company to have access to its website in Russia blocked by the Russian Data Protection Authority, Roskomnadzor, following earlier Moscow Court decisions on 4 August and 10 November. Russia’s data localisation law came into effect in September 2015 and requires websites collecting personal data of Russian citizens to store … Continue Reading
Data Protection Authorities (“DPAs”) from across the world gathered in Marrakesh for the 38th International Privacy Conference. This event is held annually for the purpose of debating topical data protection issues. The debates this year centred on data privacy being central to: sustainable development, government access to personal data, the role of technology, adequacy, localisation … Continue Reading
The Court of Justice of the European Union (“CJEU”) has ruled that dynamic IP addresses can constitute personal data. Dynamic IP addresses, registered by a website provider when an individual accesses its website, shall constitute personal data where the operator has the legal means to combine the data with additional data (held by the internet … Continue Reading
The European Data Protection Supervisor (“EDPS”) issued an Opinion on “coherent enforcement of fundamental rights in the age of big data”. This is an update to the EDPS’ Preliminary Opinion in 2014 on “Privacy and competitiveness in the age of big data”. The Preliminary Opinion observed a tendency for EU rules of data protection, consumer … Continue Reading
In April, we reported that the European Commission had opened a public consultation seeking the views of various stakeholders on the current wording of, and possible changes to, the Privacy and Electronic Communications Directive (2002/58/EC as amended) (“ePrivacy Directive”). The retrospective evaluation was necessary to ensure the ePrivacy Directive is fit for the digital age, … Continue Reading
