On November 27, 2013, the European Commission published an analysis of the EU-U.S. Safe Harbor Framework, as well as other EU-U.S. data transfer agreements. The analysis includes the following documents:
On November 15, 2013, the U.S. Government Accountability Office (“GAO”) released a report (the “Report”) finding that the current federal statutory privacy scheme contains “gaps” and “does not fully reflect” the Fair Information Practice Principles (“FIPPs”). The Report focused primarily on companies that gather and resell consumer personal information, and on the use of consumer personal information for marketing purposes.
Brazilian lawmakers, including José Eduardo Cardozo, the Minister of Justice of Brazil, and Ideli Salvatti, the Secretariat of Institutional Relations, held several consensus-building meetings with party leaders over the past two weeks to reach a voting agreement on the Marco Civil da Internet (“Marco Civil”), a draft bill introduced in the Brazilian Congress in 2011. The Marco Civil would establish Brazil’s first set of Internet regulations, including requirements regarding personal data protection and net neutrality.
As reported by Bloomberg BNA, Mexico’s Federal Institute for Access to Information and Data Protection (“IFAI”) recently issued data security guidelines that implement the security provisions of the Federal Law for the Protection of Personal Data Held by Private Parties (Reglamento de la Ley Federal de Protección de Datos Personales en Posesión de los Particulares).
On November 15, 2013, the Supreme Court of Canada declared the Alberta Personal Information Protection Act (“PIPA”) invalid because the legislation interfered with the right to freedom of expression in the labor context under Section 2(b) of the Canadian Charter of Rights and Freedoms (the “Canadian Charter”). The case arose in the context of a labor union representing employees of a casino in Alberta. During a lawful strike, the union recorded and photographed individuals crossing the union’s picket line near the main entrance of the casino. The union had posted a sign that the images of persons crossing the picket line might be placed on a website. A number of individuals who were recorded crossing the picket line filed complaints under PIPA with the Alberta Information and Privacy Commissioner, who appointed an adjudicator to determine whether the union had contravened PIPA by collecting and disclosing personal information about individuals without their consent. Under PIPA, organizations cannot collect, use or disclose personal information without the individual’s consent, unless an exception applies.
On November 12, 2013, two companies (the “Defendants”) that provide consumer background reports to third parties, including criminal record checks agreed to an $18.6 million settlement stemming from allegations that they violated the Fair Credit Reporting Act (“FCRA”) when providing these reports to prospective employers.
On November 4, 2013, the China Insurance Regulatory Commission, which is the Chinese regulatory and administrative authority for the insurance sector, issued the Interim Measures for the Management of the Authenticity of Information of Life Insurance Customers (the “Measures”). The Measures require life insurance companies and their agents to ensure the authenticity of personal data of life insurance policy holders. To help achieve this objective, the Measures impose rules for the collection, recording, management and use of the personal data of policy holders.
On November 19, 2013, the Federal Trade Commission held a workshop in Washington, D.C. to discuss The Internet of Things: Privacy & Security in a Connected World. FTC Chair Edith Ramirez and FTC Senior Attorney Karen Jagielski provided the opening remarks. Chairwoman Ramirez raised three key issues for workshop participants to consider:
On November 19, 2013, Hunton & Williams’ Global Privacy and Cybersecurity practice group hosted the second webcast in its Hunton Global Privacy Update series. The program focused on the latest updates regarding the EU General Data Protection Regulation (“Proposed Regulation”), including a discussion of the European Parliament’s recent approval of its Compromise Text for the Proposed Regulation.
The Luxembourg data protection authority (Commission nationale pour la protection des donées, “CNPD”) has stated that it will not investigate complaints relating to the alleged involvement of Microsoft Luxembourg (“Microsoft”) and Skype Software S.a.r.l. and Skype Communications S.a.r.l. (collectively, “Skype”) in the PRISM surveillance program. The PRISM surveillance program involves the transfer of EU citizens’ data to the U.S. National Security Agency (the “NSA”).
On November 14, 2013, the Minister of the Malaysian Communications and Multimedia Commission (the “Minister”) announced that Malaysia’s Personal Data Protection Act 2010 (the “Act”) would be going into effect as of November 15, marking the end of years of postponements. The following features of the law are of particular significance:
On November 13, 2013, the Federal Trade Commission announced that it denied a proposal submitted by AssertID, Inc. for a mechanism to obtain verifiable parental consent in accordance with the new Children’s Online Privacy Protection Rule (the “COPPA Rule”) that came into effect July 1, 2013.
On November 4, 2013, the data protection authority (“DPA”) of the German state of Rhineland-Palatinate announced two sets of recommendations for mobile payment systems, including contactless payments. The recommendations were prepared in conjunction with the state consumer protection agency, the Ministry of Justice for Rhineland-Palatinate, the mobile payment industry and research organizations.
On November 13, 2013, Google entered into a $17 million settlement agreement with the attorneys general from 37 states and the District of Columbia related to allegations that the company bypassed users’ cookie-blocking settings on Apple’s Safari browser in 2011 and 2012. The settlement requires Google to refrain from bypassing cookie controls in the future and requires Google to maintain a page on its site informing users about cookies and how to manage them. Last year, Google agreed to a $22.5 million settlement with the Federal Trade Commission in connection with similar ...
As reported in the Hunton Employment & Labor Perspectives Blog:
In a lawsuit filed in the United States District Court for the Northern District of Texas on November 4, 2013, Texas Attorney General Greg Abbott sought injunctive and declaratory relief against the Equal Employment Opportunity Commission (“EEOC”) on the grounds that the agency’s April 2012 Enforcement Guidance on the Consideration of Arrest and Conviction Records in Employment Decisions “purports to preempt the State’s sovereign power to enact and abide by state-law hiring practices.” In particular, the complaint argues against the EEOC’s prohibition against blanket “no felons” hiring policies. The Texas AG’s complaint highlights key failures and shortcomings of the EEOC’s recent investigative actions, and provides detailed examples of the “real world” effect of the guidance on the state’s hiring decisions.
On October 27, 2013, the South Korean Ministry of Security and Public Administration indicated that the government will issue certifications to private and public organizations that meet certain requirements of the Personal Information Protection Act. According to The Korea Times, organizations will be able to apply for the certification with the National Information Society Agency (“NISA”) beginning on November 28, 2013. The number of requirements that an organization will be assessed against will depend on the size of the organization. The Korea Times reports ...
As we reported on October 8, 2013, the Information Commissioner’s Office (“ICO”) has announced it is reviewing its Privacy Notices Code of Practice (the “Code”) to assess whether it should be updated. In anticipation of the November 30th closing date for comments on the Code, today the ICO’s Head of Policy Delivery posted a request for feedback on the ICO’s blog.
On November 26, 2013, Kazakhstan’s new data privacy law, On Personal Data and Their Protection, will come into effect. The law was passed on May 21, 2013. Kazakhstan is the second country in Central Asia to enact a data privacy law, joining the Kyrgyz Republic, which passed the Law on Personal Data in 2008.
On November 2, 2013, Hunton & Williams partner Paul M. Tiao was featured on the Voice of America discussing the importance of the National Security Agency restoring trust among industry and foreign government allies. In the feature, “Next NSA Chief to Face Challenges, Change,” Tiao talked about some of the difficulties that will confront the NSA Director’s successor, and why government surveillance is likely to continue.
Search
Recent Posts
Categories
- Behavioral Advertising
- Centre for Information Policy Leadership
- Children’s Privacy
- Cyber Insurance
- Cybersecurity
- Enforcement
- European Union
- Events
- FCRA
- Financial Privacy
- General
- Health Privacy
- Identity Theft
- Information Security
- International
- Marketing
- Multimedia Resources
- Online Privacy
- Security Breach
- U.S. Federal Law
- U.S. State Law
- U.S. State Privacy
- Workplace Privacy
Tags
- Aaron Simpson
- Accountability
- Adequacy
- Advertisement
- Advertising
- American Privacy Rights Act
- Anna Pateraki
- Anonymization
- Anti-terrorism
- APEC
- Apple Inc.
- Argentina
- Arkansas
- Article 29 Working Party
- Artificial Intelligence
- Australia
- Austria
- Automated Decisionmaking
- Baltimore
- Bankruptcy
- Belgium
- Biden Administration
- Big Data
- Binding Corporate Rules
- Biometric Data
- Blockchain
- Bojana Bellamy
- Brazil
- Brexit
- British Columbia
- Brittany Bacon
- Brussels
- Business Associate Agreement
- BYOD
- California
- CAN-SPAM
- Canada
- Cayman Islands
- CCPA
- CCTV
- Chile
- China
- Chinese Taipei
- Christopher Graham
- CIPA
- Class Action
- Clinical Trial
- Cloud
- Cloud Computing
- CNIL
- Colombia
- Colorado
- Commodity Futures Trading Commission
- Compliance
- Computer Fraud and Abuse Act
- Congress
- Connecticut
- Consent
- Consent Order
- Consumer Protection
- Cookies
- COPPA
- Coronavirus/COVID-19
- Council of Europe
- Council of the European Union
- Court of Justice of the European Union
- CPPA
- CPRA
- Credit Monitoring
- Credit Report
- Criminal Law
- Critical Infrastructure
- Croatia
- Cross-Border Data Flow
- Cross-Border Data Transfer Flow
- Cyber Attack
- Cybersecurity
- Cybersecurity and Infrastructure Security Agency
- Data Brokers
- Data Controller
- Data Localization
- Data Privacy Framework
- Data Processor
- Data Protection Act
- Data Protection Authority
- Data Protection Impact Assessment
- Data Transfer
- David Dumont
- David Vladeck
- Delaware
- Denmark
- Department of Commerce
- Department of Health and Human Services
- Department of Homeland Security
- Department of Justice
- Department of the Treasury
- Department of Treasury
- Disclosure
- District of Columbia
- Do Not Call
- Do Not Track
- Dobbs
- Dodd-Frank Act
- DPIA
- E-Privacy
- E-Privacy Directive
- Ecuador
- Ed Tech
- Edith Ramirez
- Electronic Communications Privacy Act
- Electronic Privacy Information Center
- Elizabeth Denham
- Employee Monitoring
- Encryption
- ENISA
- EU Data Protection Directive
- EU Member States
- European Commission
- European Data Protection Board
- European Data Protection Supervisor
- European Parliament
- Facial Recognition
- Facial Recognition Technology
- FACTA
- Fair Information Practice Principles
- Federal Aviation Administration
- Federal Bureau of Investigation
- Federal Communications Commission
- Federal Data Protection Act
- Federal Trade Commission
- FERC
- FinTech
- Florida
- Food and Drug Administration
- Foreign Intelligence Surveillance Act
- France
- Franchise
- Fred Cate
- Freedom of Information Act
- Freedom of Speech
- Fundamental Rights
- GDPR
- Geofencing
- Geolocation
- Georgia
- Germany
- Global Privacy Assembly
- Global Privacy Enforcement Network
- Gramm Leach Bliley Act
- Hacker
- Hawaii
- Health Data
- Health Information
- HIPAA
- HITECH Act
- Hong Kong
- House of Representatives
- Hungary
- Illinois
- India
- Indiana
- Indonesia
- Information Commissioners Office
- Information Sharing
- Insurance Provider
- Internal Revenue Service
- International Association of Privacy Professionals
- International Commissioners Office
- Internet
- Internet of Things
- IP Address
- Ireland
- Israel
- Italy
- Jacob Kohnstamm
- Japan
- Jason Beach
- Jay Rockefeller
- Jenna Rode
- Jennifer Stoddart
- Jersey
- Jessica Rich
- John Delionado
- John Edwards
- Kentucky
- Korea
- Latin America
- Laura Leonard
- Law Enforcement
- Lawrence Strickling
- Legislation
- Legislature
- Liability
- Lisa Sotto
- Litigation
- Location-Based Services
- London
- Madrid Resolution
- Maine
- Malaysia
- Marketing
- Markus Heyder
- Maryland
- Massachusetts
- Mexico
- Microsoft
- Minnesota
- Mobile App
- Mobile Device
- Montana
- Morocco
- MySpace
- Natascha Gerlach
- National Institute of Standards and Technology
- National Labor Relations Board
- National Science and Technology Council
- National Security
- National Security Agency
- National Telecommunications and Information Administration
- Nebraska
- NEDPA
- Netherlands
- Nevada
- New Hampshire
- New Jersey
- New Mexico
- New York
- New Zealand
- Nigeria
- Ninth Circuit
- North Carolina
- Norway
- Obama Administration
- OECD
- Office for Civil Rights
- Office of Foreign Assets Control
- Ohio
- Online Behavioral Advertising
- Opt-In Consent
- Oregon
- Outsourcing
- Pakistan
- Parental Consent
- Paul Tiao
- Payment Card
- PCI DSS
- Penalty
- Pennsylvania
- Personal Data
- Personal Health Information
- Personal Information
- Personally Identifiable Information
- Peru
- Philippines
- Phyllis Marcus
- Poland
- PRISM
- Privacy By Design
- Privacy Policy
- Privacy Rights
- Privacy Rule
- Privacy Shield
- Protected Health Information
- Ransomware
- Record Retention
- Red Flags Rule
- Rhode Island
- Richard Thomas
- Right to Be Forgotten
- Right to Privacy
- Risk-Based Approach
- Rosemary Jay
- Russia
- Safe Harbor
- Sanctions
- Schrems
- Scott Kimpel
- Securities and Exchange Commission
- Security Rule
- Senate
- Serbia
- Service Provider
- Singapore
- Smart Grid
- Smart Metering
- Social Media
- Social Security Number
- South Africa
- South Carolina
- South Korea
- Spain
- Spyware
- Standard Contractual Clauses
- State Attorneys General
- Steven Haas
- Stick With Security Series
- Stored Communications Act
- Student Data
- Supreme Court
- Surveillance
- Sweden
- Switzerland
- Taiwan
- Targeted Advertising
- Telecommunications
- telemarketing
- Telephone Consumer Protection Act
- Tennessee
- Terry McAuliffe
- Texas
- Text Message
- Thailand
- Transparency
- Transportation Security Administration
- Trump Administration
- United Arab Emirates
- United Kingdom
- United States
- Unmanned Aircraft Systems
- Uruguay
- Utah
- Vermont
- Video Privacy Protection Act
- Video Surveillance
- Virginia
- Viviane Reding
- Washington
- WeProtect Global Alliance
- Whistleblowing
- Wireless Network
- Wiretap
- ZIP Code