Tag Archives: privacy

Updates from the European Data Protection Board

The European Data Protection Board (EDPB) met for its seventh plenary session on 12 February 2019. The session covered many areas of discussion, outlined in the agenda. The four main areas covered, and highlighted in the EDPB’s press release, were: 1. Work programme: The EDPB adopted a two-year work programme, covering 2019-2020. The work programme … Continue Reading

President prioritizes research, development, and deployment of artificial intelligence technology

The President has made artificial intelligence technology a policy priority. On February 11, 2019, the President issued an Executive Order to direct most federal executive agencies to promote and protect American advancements in artificial intelligence while working with private industry. The order recognized that public trust in artificial intelligence is an important factor in the … Continue Reading

Comprehensive data privacy legislation introduced in Massachusetts – includes private right of action without a need to prove harm

Massachusetts state Senator Cynthia Creem has introduced a consumer data privacy bill, SD 341, that would give Massachusetts consumers the right to sue in the event their personal information or biometric data is improperly collected or distributed or for any other potential violation of the new law. Under SD 341, and similar to Illinois’s Biometric … Continue Reading

Financial penalty imposed for failure to protect personal data on website

On 22 January 2019, Singapore’s Personal Data Protection Commission issued its grounds of decision against COURTS (Singapore) Pte Ltd (Courts), a consumer electronics and furniture retailer in Singapore. The facts of the case were as follows: A complaint was brought by an individual who discovered that his contact number and address were disclosed in an … Continue Reading

“Worst breach of personal data in Singapore’s history” attracts highest penalties totalling S$1 million

On 14 January 2019, Singapore’s Personal Data Protection Commission issued its grounds of decision against Singapore Health Services Pte. Ltd. (SingHealth) and Integrated Health Information Systems Pte. Ltd. (IHiS) for what has been coined the “worst breach of personal data in Singapore’s history”. The unprecedented cyber attack on SingHealth’s patient database system led to the … Continue Reading

First two Singapore data protection enforcement decisions issued in 2019

On January 3, 2019, Singapore’s Personal Data Protection Commission issued two grounds of decision against Bud Cosmetics and AIG Asia Pacific Insurance Pte Ltd & Toppan Forms (S) Pte Ltd. Bud Cosmetics The facts of this case were as follows: Bud Cosmetics is an organic and natural skincare retailer with retail outlets in Singapore and … Continue Reading

Four Singapore organisations found to be in breach of obligation to protect personal data

On 13 December 2018, the Singapore data protection commission issued four separate decisions against the following organisations, for breaches of the protection obligation under section 24 of the Personal Data Protection Act 2012 (PDPA): Funding Societies Pte Ltd WTS Automotive Services Pte Ltd Institute of Singapore Chartered Accountants SLF Green Maid Agency Funding Societies The … Continue Reading

Rise of AI poses new regulatory challenges

Companies that employ algorithms, machine learning and artificial intelligence (AI) in their day-to-day business may face increased attention from federal antitrust and consumer protection regulators in the future. On November 13–14,  the Federal Trade Commission (FTC) addressed this topic in their hearings on “Competition and Consumer Protection in the 21st Century.” The panelists, an assembly … Continue Reading

European Data Protection Board – Fifth plenary session: EU-Japan draft adequacy decision, DPIA lists and guidelines on accreditation

The European Data Protection Board (EDPB) met for its fifth plenary session on 4 and 5 December 2018. The EDPB published a press release, highlighting the three main areas of discussion: EU-Japan draft adequacy decision. The EDPB adopted an opinion on the European Commission’s draft adequacy decision. In adopting its opinion, the EDPB focused on the … Continue Reading

Public comment for private matters: NTIA receives over 200 comments on proposed approach to protecting consumer privacy informed by GDPR, CCPA & more

On November 13, 2018, the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA) released comments it received from over 200 government, non-profit, academic, and private sector organizations on developing the Administration’s approach to consumer privacy.[1] Since September, the NTIA has sought public comments to specifically address a number of questions that focused on … Continue Reading

Singapore data protection commission issues warning for “heat of the moment” disclosure of personal data

On November 28, 2018, Singapore’s Personal Data Protection Commission (commission) issued its grounds of decision against Big Bubble Centre (respondent), a sole-proprietorship in the scuba-diving business. The facts of the case were as follows: The complainant was an individual who had worked for the respondent and claimed that he was not paid wages for such … Continue Reading

European Data Protection Board update

The European Data Protection Board (EDPB) met for its fourth plenary session on 16 November 2018. The session covered many areas of discussion, outlined in the session’s agenda. The EDPB published a press release, highlighting the three main areas of discussion. EU-Japan draft adequacy decision. The EDPB discussed the draft adequacy decision, which it received … Continue Reading

Singapore to adopt new legislation on unsolicited commercial messages, and enhanced practical guidance framework for data protection

On 8 November, 2018, Singapore’s Personal Data Protection Commission (PDPC) issued its response to feedback received on a public consultation paper. In that consultation paper, the PDPC had proposed to: merge the Do Not Call provisions in the Personal Data Protection Act 2012 of Singapore (PDPA) and Spam Control Act into a single legislation to … Continue Reading

ICO takes action against organisations for failure to pay new data protection fee

On 26 September 2018 the Information Commissioner’s Office (ICO) began formal enforcement action against 34 organisations that have failed to pay their data protection fees. Notices of intent have been served on both private and public sector organisations, including the NHS, government organisations, and businesses in recruitment, finance and accountancy. They have until 17 October … Continue Reading

AGs emphasize consumer protection and privacy expertise in FTC comments

The Federal Trade Commission (FTC) will be holding a series of hearings this fall on “Competition and Consumer Protection in the 21st Century,” with the goal of reflecting on the agency’s powers, and state attorneys general (AGs) want to make sure their voices are heard. A bipartisan group of 29 state AGs filed comments with … Continue Reading

EU’s GDPR applied to promotion marketing

The European Union’s General Data Protection Regulation (GDPR) is underway, and companies and organizations around the world are analyzing its effects on how they collect, use, store and disclose data. U.S.-based sponsors of sweepstakes, contests, instant win games and other promotions opening entry to or targeting Europeans need to be mindful of the GDPR rules … Continue Reading

Article 29 Working Party adopts finalized guidelines on transparency under GDPR

The Article 29 Working Party (WP29) adopted, on 11 April 2018, finalized guidelines on transparency (the Guidelines) under the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR), following its public consultation. Technology Law Dispatch looked at the draft guidance on transparency earlier this year, so this blog focuses on the key issues and what is … Continue Reading

Article 29 Working Party update on GDPR implementation

The Article 29 Working Party (WP29) discussed a number of important issues during its April plenary meeting on 17 April 2018. In its summary press release, the WP29 gave an update on the issues it discussed. Implementation of the General Data Protection Regulation (GDPR) and adopted guidelines WP29 formally adopted guidelines on consent and transparency … Continue Reading

Facebook announces plan to implement GDPR globally

In preparation for the EU’s General Data Protection Regulation (GDPR), which comes into effect May 25, Facebook announced it is launching a range of new privacy tools in an effort to “put people in more control over their privacy.” Interestingly, last week Mark Zuckerberg clarified that he intends to implement Europe’s GDPR across its entire … Continue Reading

New Jersey Appellate Division allows some video surveillance claims to proceed, even though plaintiffs cannot identify themselves in the recovered recording

In a published decision, a unanimous panel of the Appellate Division rejected “the notion that plaintiffs – in alleging an invasion of privacy in an office building’s bathroom – could only claim the presence of a hidden recording device by demonstrating their images were actually captured.” Jaime Friedman et al. v. Teodoro Martinez et al., case … Continue Reading

German court issues important judgment on consent and transparency in Facebook case

The Regional Court of Berlin held in a judgment of 16 January 2018 (docket no. 16 O 341/15, German language version of the judgment available here) that Facebook’s default privacy settings and parts of their terms and conditions were invalid. This judgment provides important guidance on consent and transparency. Background The Federation of German Consumer … Continue Reading

New data protection fees for UK businesses – Draft Data Protection (Charges and Information) Regulations 2018 and ICO guide published

On 20 February 2018, The Data Protection (Charges and Information) Regulations 2018 (the Regulations) were laid before the UK parliament. The Regulations affect what businesses have to pay when registering their data protection arrangements with the Information Commissioner’s Office (ICO). On 21 February 2018, the ICO issued a guide for data controllers about the proposed … Continue Reading

Massachusetts Attorney General announces new data breach reporting tool and database

Massachusetts Attorney General (AG) Maura Healey has announced that the state will offer an online portal where businesses can more easily report that they have experienced a data breach. Massachusetts will also offer consumers an electronic database to view reported breaches, similar to the online repositories operated by California, Maryland and other states. Affected companies … Continue Reading

Nation on Hold for Supreme Court Carpenter v. United States Decision

On November 29, many interested audience members packed into the Supreme Court to witness oral argument on the issue of whether the Fourth Amendment demands that the government obtain a warrant in order to acquire long-term, cell-site location information (CSLI) from wireless service providers, in what could be one of the most influential privacy decisions … Continue Reading
LexBlog