Category Archives: Privacy Policy

FTC Staff Releases Report on Cross-Device Tracking

Written by
The Federal Trade Commission (FTC) recently released its staff report on Cross-Device Tracking. Cross-device tracking refers to the tracking of consumer activity across multiple devices such as smartphones, desktops, tablets and other connected devices. It helps companies understand consumer behavior better. The tracking can be deterministic (where a user logs into multiple devices affirmatively identifying the device as his/hers) or probabilistic (companies infer cross-device activity using factors like common IP address). Benefits include account security, fraud detection, targeted advertising [...] Read more

FTC Issues Warning Letters to 28 Companies Claiming Participation in the APEC CBPR System

Written by
On July 14, 2016, the Federal Trade Commission (FTC) announced that it had issued warning letters to 28 companies regarding their claim of participation in the Asia Pacific Economic Cooperation Cross Border Privacy Rule (APEC CBPR) system.  The APEC CBPR system is a voluntary, enforceable mechanism that certifies a company’s compliance with the principles in the APEC CBPR and facilitates privacy-respecting transfers of data among APEC member economies.  The warning letter states the FTC’s records do not indicate these companies have taken the requisite steps to be able to claim participation [...] Read more

FTC Approves Final Order Prohibiting Misrepresentation about Vipvape’s Participation in APEC Cross Border Privacy Program

Written by
On June 29, 2016, the Federal Trade Commission (FTC) announced it had approved a final order resolving the complaint against Vipvape, a manufacturer of hand-held vaporizers.  The complaint alleged Vipvape misrepresented its practices on the website related to Vipvape’s participation in the Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules (CBPR) system when, if fact, Vipvape was not certified to participate in the APEC CBPR system. In the Analysis of Proposed Consent Order to Aid Public Comment, the FTC explained that the APEC CBPR system is a voluntary, enforceable mechanism [...] Read more

GDPR Published Today, Commencing Two-Year Countdown to Application

Written by and
One of the most important EU legislative initiatives in recent years, and a landmark in privacy regulation worldwide, the GDPR is set to replace the Data Protection Directive (95/46/EC) of 1995.  After the Council of Ministers accelerated the voting timetable for GDPR passage and the Parliament approved the GDPR in an up-or-down vote, all eyes were on the GDPR’s publication to begin setting compliance timetables. Today, the final and as-approved version of the GDPR was published in the EU’s Official Journal.  The Official Journal version of the GDPR can be downloaded here. With that, [...] Read more

GDPR Approved by Parliament, Set to Become EU Law

Written by
Last week, we reported that the Council of Ministers accelerated the timetable for passage of the General Data Protection Regulation (GDPR).  The European Parliament followed suit and approved the GDPR this morning. As a result, the GDPR is now officially adopted and will become the law of the land in the EU.  The GDPR will be published either this month or next in the Official Journal of the European Union.  Twenty days after its publication, it will enter into force – i.e. either in May or June 2016.  As soon as the GDPR enters into force, its two-year clock for bringing business operations [...] Read more

Art. 29 Working Party Issues Formal Opinion Opposing Privacy Shield

Written by
Several hours after holding a closely-watched press conference we reported on yesterday, the Article 29 Working Party (“Art. 29 WP”) released its highly anticipated formal opinion on the adequacy of Privacy Shield. Background The European Commission has put forth a draft “adequacy decision” in which it declares that on the basis of Privacy Shield, the United States offers data protection that is essentially equivalent to that offered in the EU.  If adopted, this adequacy decision would permit data transfers to US companies that agree to abide by the Privacy Shield principles.  The [...] Read more

Art. 29 Working Party Announces it Will Not Support Privacy Shield at Press Conference

Written by
Early this afternoon, the Article 29 Working Party (“Art. 29 WP”) held a press conference at which it presented its forthcoming opinion on the adequacy of the US-EU Privacy Shield. As background, the European Commission has put forth a draft “adequacy decision” in which it declares that on the basis of Privacy Shield, the United States offers data protection that is essentially equivalent to that offered in the EU.  Such an adequacy decision would permit data transfers to US companies that agree to abide by the Privacy Shield principles.  However, an important part of the approval [...] Read more

EU Council Issues New Consolidated GDPR and Accelerates GDPR’s Legislative Timetable

Written by
Yesterday evening, the Council of Ministers issued a new consolidated version of the General Data Protection Regulation (GDPR).  This is the first “clean” version of the GDPR that (a) incorporates all revisions agreed upon from the time of the Commission’s original 2012 proposal to the December 2015 trilogue compromise text; and (b) numbers individual provisions as can be anticipated in the final adopted version of the GDPR.  The new consolidated text can be accessed here. The new GDPR text follows closely on the heels of the Council accelerating the timetable for the GDPR’s passage.  [...] Read more

EU Privacy Leaders Discuss US-EU Privacy Shield at Event Co-Hosted by A&B Partner

Written by
On March 22, 2016, the International Association of Privacy Professional (IAPP) hosted a podium discussion in Brussels on the new EU-US Privacy Shield.  Alston & Bird partner Jan Dhont co-hosted the event, which featured two top-notch privacy luminaries from EU legislative and oversight bodies: Mr. Giovanni Buttarelli, the present European Data Protection Supervisor (EDPS). Mr. Bruno Gencarelli, Head of the Data Protection Unit within the European Commission’s Directorate-General for Justice and Consumers. Mr. Gencarelli—who served as one of the Commission’s Privacy Shield negotiators—opened [...] Read more

FTC PrivacyCon Event Examines Cutting-Edge Research and Current Policies Regarding Privacy and Data Security

Written by , and
The Federal Trade Commission held its PrivacyCon event, featuring nineteen presentations showcasing original research regarding important consumer privacy and security issues by leading academics from universities and think tanks from around the world. A full video recording of the webcast is available here. The conference took place in Washington on Jan. 14, 2016, and included discussion about the policy implications of the research being conducted with thought leaders from academia, research, consumer advocacy, and industry. FTC Commissioner Julie Brill succinctly outlined the top concerns [...] Read more