Category Archives: Online Privacy

An English-Language Primer on Germany’s GDPR Implementation Statute: Part 4 of 5

Written by
Over the past year, the German government has been working on legislation to implement the EU’s General Data Protection Regulation (GDPR).  On July 6, 2017, Germany did so by passing a statute titled the Data Protection Amendments and Implementation Act. The Act repeals Germany’s venerated Federal Data Protection Act (Bundesdatenschutzgesetz, or BDSG) and replaces it with an entirely new BDSG, aptly referred to as the “BDSG-New.” Germany becomes the first EU Member State to pass a GDPR implementation statute. Given Germany’s reputation as one of, if not the, most serious privacy jurisdiction [...] Read more

David Keating, Jan Dhont and Karen Sanzaro to Speak at the 2017 Privacy + Security Forum

Written by
David Keating, partner and co-leader of the firm’s Privacy & Data Security practice, Jan Dhont, Brussels partner and head of the firm’s European Privacy and Data Protection practice, and Karen Sanzaro, counsel in the Technology & Privacy Group, will be speakers at the 2017 Privacy + Security Forum in Washington, DC, taking place on October 4-6, 2017. David Keating will be speaking during the session on “Emerging Consumer Tracking and Analytics Technologies.” This session will explore recent regulatory and enforcement developments in this area and discuss practical approaches [...] Read more

FTC Updates Data Security Guidance for Businesses

Written by
In June, the Federal Trade Commission released a new guide for businesses on implementing sound data security protections and procedures. In “Protecting Personal Information: A Guide For Business,” the FTC offers “10 practical lessons” based on the numerous enforcement actions brought by the FTC. The guide offers insight into the thinking of this key federal regulator. Key points from the guide: “Start with Security.” Build information security considerations into business processes so that they are part of “the decisionmaking in every department of your business.” The FTC [...] Read more

Fourth Circuit Court of Appeals Allows Wikimedia Upstream Suit to Proceed

Written by
On May 23, 2017, the Fourth Circuit Court of Appeals issued its opinion on Wikimedia foundation v. NSA/CSS. The Court vacated and remanded the NSA’s previously successful motion to dismiss Wikimedia’s Fourth and First Amendment claims against the NSA’s Upstream surveillance program, while a 2-1 majority upheld the dismissal of the eight other organizations joined as co-plaintiffs. The Court held that Wikimedia’s complaint contained sufficient factual allegations to determine Article III standing and that the District Court misapplied Clapper v. Amnesty International USA’s analysis of [...] Read more

May 30 is Fast Approaching – Are You Ready for Compliance with the Amended Act on Protection of Personal Information in Japan?

Written by
Japan’s Act on Protection of Personal Information currently in force (“Current APPI”) dates back to 2003.  It was originally enacted on May 30, 2003, and came into effect in 2005.  Ten years later, the National Diet passed extensive reforms to modernize the Current APPI in September, 2015.  Although the Amended Act on Protection of Personal Information (“Amended APPI”) has been partly in effect, it will come fully into effect on May 30, 2017. It is important to note that the Amended APPI applies to “personal information handling business operators” which is defined as a person [...] Read more

Smart Television Manufacturer Settles by Paying $ 2.2 Million to the FTC and the State of New Jersey

Written by
The FTC and the State of New Jersey recently announced a settlement with Vizio, Inc., in the amount of $2.2 million for tracking consumer behavior using its smart television devices. The complaint alleged that Vizio acted unfairly by collecting, storing (indefinitely) and sharing consumer data with third parties without consent and in an unexpected manner. Further, the complaint alleged that Vizio had misrepresented the functionality of the feature in their smart televisions that collected such data (also known as “Smart Interactivity”). It was also alleged that these practices were an unconscionable [...] Read more

ECJ Declares IP Addresses are Personal Data

Written by
Today, the European Court of Justice (ECJ) issued its long-awaited decision in Breyer v. Germany.  Breyer addresses the question of whether IP addresses are “personal data” for purposes of EU data protection law.  As is widely known, personal data is any information that would permit a particular individual to be identified, whether directly or in combination with other information.  Until the present, there has been widespread agreement that static IP addresses are personal data.  In contrast, there has been little agreement on whether dynamic IP addresses constitute personal data.  While [...] Read more

Supreme Court Denies Cert in Leading Case on Internet Tracking and Analytics

Written by
The Supreme Court recently declined to review In re Google Inc. Cookie Placement Consumer Privacy Litigation—a consolidated class action alleging that Google and third-party advertisers evaded web browser privacy settings, causing cookies to be placed on plaintiffs’ computers. 806 F.3d 125 (3d Cir. 2015), cert. denied sub nom. Gourley v. Google, Inc., 84 U.S.L.W. 3531 (U.S. Oct. 3, 2016) (No. 15-1141). Given the Court’s denial of review, significant questions remain regarding the applicability of the Wiretap Act to internet communications. The Third Circuit’s opinion offers guidance [...] Read more

FTC Issues Warning Letters to 28 Companies Claiming Participation in the APEC CBPR System

Written by
On July 14, 2016, the Federal Trade Commission (FTC) announced that it had issued warning letters to 28 companies regarding their claim of participation in the Asia Pacific Economic Cooperation Cross Border Privacy Rule (APEC CBPR) system.  The APEC CBPR system is a voluntary, enforceable mechanism that certifies a company’s compliance with the principles in the APEC CBPR and facilitates privacy-respecting transfers of data among APEC member economies.  The warning letter states the FTC’s records do not indicate these companies have taken the requisite steps to be able to claim participation [...] Read more

Art. 29 Working Party Issues Formal Opinion Opposing Privacy Shield

Written by
Several hours after holding a closely-watched press conference we reported on yesterday, the Article 29 Working Party (“Art. 29 WP”) released its highly anticipated formal opinion on the adequacy of Privacy Shield. Background The European Commission has put forth a draft “adequacy decision” in which it declares that on the basis of Privacy Shield, the United States offers data protection that is essentially equivalent to that offered in the EU.  If adopted, this adequacy decision would permit data transfers to US companies that agree to abide by the Privacy Shield principles.  The [...] Read more