Tag Archives: privacy

Data Privacy and Security Legal Reform, and Plaintiffs’ Bar White Paper the Focus of IAPP Panel

A panel on legal reform in the area of privacy and data security at this week’s IAPP Summit provided an opportunity for a discussion between businesses and regulators, as well as for the launch of a white paper on the activities of the plaintiffs’ bar in this area that Reed Smith prepared for the U.S. … Continue Reading

State Attorneys General Gather to Discuss Privacy Enforcement

A panel at a meeting of the National Association of Attorneys General highlighted data breaches and privacy in the context of new technology, signalling that state regulators are focused on consumer protection in this area. The panel at the Southern Regional Meeting in Charlottesville on April 4 was devoted to emerging technologies, privacy concerns, and … Continue Reading

NIST Publishes Introduction to Privacy Engineering and Risk Management to Assist Agencies and Organizations in Designing Privacy-Compliant Systems

On January 4, 2017, the National Institute of Standards and Technology (“NIST”) published the final version of NIST IR 8062 “An Introduction to Privacy Engineering and Risk management in Federal Systems.”  The report introduces the concept of applying systems engineering practices to privacy and provides a new model for conducting privacy risk assessments on systems. … Continue Reading

“Sorry, Santa, the Kids’ Data Is Stuck In Russia!” ~ Plus LinkedIn Not Feeling the Love from Russia

LinkedIn has become the first major company to have access to its website in Russia blocked by the Russian Data Protection Authority, Roskomnadzor, following earlier Moscow Court decisions on 4 August and 10 November. Russia’s data localisation law came into effect in September 2015 and requires websites collecting personal data of Russian citizens to store … Continue Reading

Data Protection Authorities gather for the 38th International Privacy Conference

Data Protection Authorities (“DPAs”) from across the world gathered in Marrakesh for the 38th International Privacy Conference. This event is held annually for the purpose of debating topical data protection issues. The debates this year centred on data privacy being central to: sustainable development, government access to personal data, the role of technology, adequacy, localisation … Continue Reading

CJEU says dynamic IP addresses can constitute personal data

The Court of Justice of the European Union (“CJEU”) has ruled that dynamic IP addresses can constitute personal data. Dynamic IP addresses, registered by a website provider when an individual accesses its website, shall constitute personal data where the operator has the legal means to combine the data with additional data (held by the internet … Continue Reading

In the age of Big Data, the EDPS issues an Opinion on enforcement and upholding fundamental rights

The European Data Protection Supervisor (“EDPS”) issued an Opinion on “coherent enforcement of fundamental rights in the age of big data”. This is an update to the EDPS’ Preliminary Opinion in 2014 on “Privacy and competitiveness in the age of big data”. The Preliminary Opinion observed a tendency for EU rules of data protection, consumer … Continue Reading

ICO Responds to the ePrivacy Directive Consultation

In April, we reported that the European Commission had opened a public consultation seeking the views of various stakeholders on the current wording of, and possible changes to, the Privacy and Electronic Communications Directive (2002/58/EC as amended) (“ePrivacy Directive”). The retrospective evaluation was necessary to ensure the ePrivacy Directive is fit for the digital age, … Continue Reading

Galloway v Frazer & Others – A glimpse to the future of data protection litigation

On 27 January, the High Court of Northern Ireland granted British MP George Galloway leave to serve proceedings on Google Inc. out of the jurisdiction. The application was based on a variety of claims including libel, harassment, misuse of private information, and unlawful data processing under the Data Protection Act 1998 (the Act). The claims … Continue Reading

WiFi Privacy: Network Analytics Guidance Issued by ICO

The Information Commissioner’s Office (ICO) has issued guidance to help wireless (WiFi) operators understand their duties under the Data Protection Act 1998 (DPA) when collecting and using location and other analytics information. When a device’s WiFi functionality is enabled, it broadcasts ‘probe requests’ to find WiFi networks that are within range. If the device discovers … Continue Reading

South Korea Sharpens the Teeth of Its Privacy Law

The Act on the Promotion of Information Communication Network Utilization and Information Protection (“PICNUIA”) has been amended to include potential punitive damages for South Korean businesses that provide services over the internet. From 23 September this year, any serious data breach experienced by such businesses will lead to financial liability of up to three times … Continue Reading

Spokeo, Palatine Cases Discuss Negligible Harm from Privacy Breaches, Could Put Damper on Suits

A recent argument and non-decision at the Supreme Court could have significant effects on plaintiffs’ lawsuits under consumer data protection and privacy laws. Last week, the Court heard arguments on the standard of harm for establishing standing under the Fair Credit Reporting Act, and declined to review a Driver’s Privacy Protection Act case in which … Continue Reading

Consumer Trust should be at the heart of the Digital Economy

A recent report summary produced by the Organisation for Economic Cooperation and Development (‘OECD’) highlighted that many countries are placing too much emphasis on developing their digital economies and are neglecting the privacy of individuals as a result. Drawing from surveys undertaken in most of the OECD’s 34 member countries, the OECD found that two-thirds … Continue Reading

More Data Vulnerabilities, Cyber Breaches Detected in Healthcare Exchanges

Government audits continue to reveal that millions of people’s personally identifiable information is at risk. Continuous audit reports by the Office of the Inspector General (OIG) of The Department of Health and Human Services (HHS) reveal that online health care insurance exchanges could be the next juicy target for hackers looking for consumers’ personal information. … Continue Reading

Study reports draft EU Data Protection Regulation leaves gaps in protection when it comes to Big Data, Internet of Things and smart devices

A study published 22 September 2015 criticises the EU’s development of its Digital Single Market (‘DSM’) strategy for being overly commercially and economically driven, with little attention to the key legal and social challenges regarding privacy and personal data protection. The development of the DSM should not be at the expense of individuals’ privacy rights, say … Continue Reading

UK ICO Annual Report highlights 100% success rate for monetary penalties imposed

The ICO, the UK’s data protection authority, published its 2014-2015 annual report. Most noticeably, the ICO announced that they had enforced no successful appeals against Monetary Penalty Notices. The ICO can impose civil monetary penalties of up to £500,000 for serious breaches of the Data Protection Act 1998, but this can be reduced by 20% … Continue Reading

Drones and their data protection implications: Guidance provided by Article 29 Working Party

The Article 29 Working Party has published an Opinion (01/2015) about the data protection and privacy issues in relation to the utilisation of drones. The Working Party acknowledges the social and economic benefits of drones within the aviation market and the opportunities that could develop for law enforcement agencies, but emphasises that risks and threats … Continue Reading

47 Attorneys General to Congress: Federal Breach Legislation Should Not Preempt the States

On July 7, 2015, attorneys general from 47 states and territories sent a letter to Congressional leaders urging them to consider federal data breach notification legislation that does not preempt the states. The move comes on the heels of a data breach announcement made by the Office of Personnel Management, and renewed interest on the … Continue Reading

Italy Releases Draft Declaration of Internet Rights

Italy’s Chamber of Deputies has proposed a ‘Draft Declaration of Internet Rights’ (Declaration), acknowledging both the way in which the internet has changed interactions and the way it has erased borders, but also noting that the EU’s protection of personal data is a necessary reference for governing operation of the internet. The Declaration is now open … Continue Reading

Update on State Attorneys General: Connecticut Creates a Permanent Privacy Department; NAAG Covers Big Data, Cybersecurity, and Cloud Computing; and States Amend Breach Laws

The federal government may be pushing a cybersecurity and data privacy agenda, but that doesn’t mean that the states are taking a back seat. The state attorneys general are maintaining their focus on issues relating to privacy and data security and expanding the scope of that focus to address the ever-evolving nature of those issues. … Continue Reading

Ofgem’s Smart Meter Network Decision: UK gas and electricity consumer privacy gets broader protection

In February 2015, Ofgem (the UK’s Office of Gas and Electricity Markets) published its Decision on Extending the Smart Meter Framework to Remote Meters (the Decision). This confirms that, following a public consultation, the privacy requirements embedded in the supplier licence terms and which will apply to suppliers’ use of customer data from “smart meters” … Continue Reading

Article 29 Working Party issues its Cookie Sweep Combined Analysis – Report

On 3 February, the Article 29 Data Protection Working Party published its ‘Cookie Sweep Combined Analysis – Report’. The sweep was undertaken by the WP29 in partnership with eight of the European data protection regulators, including the UK’s ICO, France’s CNIL and Spain’s AEPD, in order to assess the current steps taken by website operators … Continue Reading

China’s State Administration for Industry and Commerce Releases Measures Defining Consumer Personal Information

In January, China’s State Administration for Industry and Commerce (SAIC) released its ‘Measures on Penalties for Infringing Upon the Rights and Interests of Consumers’ (Measures) which are due to take effect March 15, 2015. These Measures flesh out China’s Consumer Rights Protection Law (CRPL) which was amended in March 2014 and provides guidance as to … Continue Reading

EU Art. 29 Working Party Letter on Health Data and Apps

The EU Article 29 Working Party (“WP29”) has published a letter to the European Commission (“EC”) on the scope of health data in relation to lifestyle and well-being apps, following the EC’s Working Document on mHealth and the outcome of its public consultation, which generated interest in strong privacy and security tools, and strengthened enforcement … Continue Reading
LexBlog