Category Archives: Privacy

UK will soon introduce a new Data Protection Bill

Written by
The UK Department for Culture, Media & Sport is planning to present a new Data Protection Bill to the Parliament in early September. This new Bill will replace the current UK Data Protection Act 1998 and will effectively incorporate the EU General Data Protection Regulation (“GDPR”) in the UK legal system. The new Data Protection Bill is one of the main goals of the recently elected government, as also expressed in the Queen’s Speech in June. Its primary aim is to ensure that the UK upholds the same data protection principles as the rest of the EU once it leaves the Union, which will [...] Read more

Data Processing at Work: New Challenges towards Compliance

Written by
The Article 29 Working Party (“WP29”) recently issued an opinion that discusses the processing of employee personal information (Opinion 02/2017). WP29 focuses on the use of new technologies by employers and assesses requirements in light of the upcoming General Data Protection Regulation (“GDPR”). Consent and legal bases to process personal information The WP29 has historically asserted that employees’ consent should not be a legal basis for processing employees’ personal information. The power imbalance between employer and employee leads to an uneven situation where consent [...] Read more

FTC Updates Data Security Guidance for Businesses

Written by
In June, the Federal Trade Commission released a new guide for businesses on implementing sound data security protections and procedures. In “Protecting Personal Information: A Guide For Business,” the FTC offers “10 practical lessons” based on the numerous enforcement actions brought by the FTC. The guide offers insight into the thinking of this key federal regulator. Key points from the guide: “Start with Security.” Build information security considerations into business processes so that they are part of “the decisionmaking in every department of your business.” The FTC [...] Read more

Data Monetization and State Privacy Laws

Written by
On June 8, magazine publisher Trusted Media Brands, Inc. settled a class action lawsuit for $8.2 million after purportedly disclosing the personal information and magazine choices of customers to third parties.  The lawsuit, Taylor v. Trusted Media Brands, Inc., No. 7:16-cv-01812 (S.D.N.Y. June 8, 2017), alleged that the publisher’s actions violated Michigan’s Video Rental Privacy Act (VRPA), demonstrating the sometimes hidden legal risks of data monetization. VRPA, inspired by the federal Video Privacy Protection Act, was passed in 1988 and applies to the purchase, rental, or borrowing [...] Read more

Facebook Fined for WhatsApp Data Linking Fallout

Written by
On 18 May 2017, the European Commission (“Commission”) fined Facebook €110 million ($122 million) for misrepresentations made in its application for competition clearance of the company’s acquisition of WhatsApp. In its merger application, Facebook claimed that it would be unable to automatically match Facebook users’ accounts and WhatsApp users’ accounts for marketing and other purposes. However, in August 2016, WhatsApp introduced functionality enabling the linking of WhatsApp users’ phone numbers with Facebook users’ identities. This is the first time since the new Merger Regulation [...] Read more

French CNIL Releases GDPR Compliance Toolkit

Written by
On March 15, 2017, the French data protection authority (CNIL) released its six step- GDPR compliance program together with GDPR-tailored templates for use by companies, the “GDPR Toolkit.” The GDPR Toolkit is helpful for companies because it provides guidance that companies may directly include in their privacy programs. Companies with sophisticated privacy programs may also use the GDPR Toolkit as a reality check against CNIL and, more generally, European data protection authorities’ standards and expectations for GDPR compliance. Click here to access the Toolkit. [...] Read more

Working Party welcomes the draft ePrivacy Regulation, yet expresses grave concerns

Written by
The Working Party recently issued its first Opinion for 2017, focusing on the EU Commission’s proposed ePrivacy Regulation (WP 247, Opinion 01/2017). The Commission’s proposal, which was published in January this year, aims to modernize the existing ePrivacy Directive (2002/58/EC as amended by 2009/136/EC) which concerns the protection of personal data in the context of electronic communication services. In its Opinion, the Working Party overall welcomed the proposed regulation, yet expressed several points of concern and suggested amendments. The congratulations… In welcoming the regulation, [...] Read more

May 30 is Fast Approaching – Are You Ready for Compliance with the Amended Act on Protection of Personal Information in Japan?

Written by
Japan’s Act on Protection of Personal Information currently in force (“Current APPI”) dates back to 2003.  It was originally enacted on May 30, 2003, and came into effect in 2005.  Ten years later, the National Diet passed extensive reforms to modernize the Current APPI in September, 2015.  Although the Amended Act on Protection of Personal Information (“Amended APPI”) has been partly in effect, it will come fully into effect on May 30, 2017. It is important to note that the Amended APPI applies to “personal information handling business operators” which is defined as a person [...] Read more

ICO Seeks Extra Resources for GDPR Enforcement

Written by
On March 13, 2017, Elizabeth Denham, head of the UK data protection authority (“ICO”) publicly expressed her intention to massively recruit new personnel in an effort to be ready for the European (“EU”) general data protection regulation (“GDPR”). In a statement released on its website, the ICO announced its plan to recruit new personnel by May 2018, in light of the new responsibilities and enforcement powers granted to the ICO under the GDPR. Ms. Denham later told the press the ICO would hire approximately 200 persons. Interestingly, the ICO statement comes on the same day the [...] Read more

Germany Proposes Bill Requiring Social Network Takedowns – with € 50 Million Fines

Written by
Recent media reports indicated that Germany was considering legislation that would fine social networks for failing to combat fake news and hate speech.  Today, German Justice Minister Heiko Maas introduced a “Draft Law to Improve Law Enforcement in Social Networks” (abbreviated as the Network Enforcement Act (Netzwerkdurchsetzungsgesetz), or “NetzDG”).  The NetzDG aims to curb “hate-based criminality” in large social networks that have the potential to drive public opinion, and to improve law enforcement access to evidence held by social networks.  The Justice Department’s NetzDG [...] Read more