“To Harmonize or Not To Harmonize: That Is the Question.” With the the GDPR fast approaching on May 25, 2018, European Member States are getting ready with the implementation of national legislation. Although the GDPR is a regulation, and directly applicable in all Member States, it has left room for country-specific legislation in several different regards (such as the processing of employee data or individual rights restrictions). Most Member States still only have draft legislation at this point, but the expectation (or at least intention) is that each country will have adopted legislation [...] Read more
About this time last January, the European Parliament released its proposal for a new ePrivacy Regulation. The intent of the ePrivacy Regulation is to replace the current ePrivacy regime – which consists of an ePrivacy Directive and a patchwork of local implementing legislation – with a uniform set of directly-applicable EU-wide rules. Since the Parliament released its ePrivacy Regulation draft, both the European Council and the European Parliament have reviewed it and released their own revised drafts.
The ePrivacy Regulation contains a number of important rules for companies. Traditionally, [...] Read more
On October 18, 2017, the Article 29 Working Party (the “WP29”) published Guidelines clarifying the new profiling and automated decision-making provisions of the General Data Protection Regulation (“GDPR”). European Union regulatory authorities and the WP29 consider that technological developments that facilitate the creation of individual profiles, such as big data analytics, AI and machine learning, have created new risks to data protection. As the majority of industries (insurance, marketing and finance, and even healthcare) already apply and use these new techniques today, the WP29 [...] Read more
David Keating, partner and co-leader of the firm’s Privacy & Data Security practice, Jan Dhont, Brussels partner and head of the firm’s European Privacy and Data Protection practice, and Karen Sanzaro, counsel in the Technology & Privacy Group, will be speakers at the 2017 Privacy + Security Forum in Washington, DC, taking place on October 4-6, 2017.
David Keating will be speaking during the session on “Emerging Consumer Tracking and Analytics Technologies.” This session will explore recent regulatory and enforcement developments in this area and discuss practical approaches [...] Read more
The FTC and the State of New Jersey recently announced a settlement with Vizio, Inc., in the amount of $2.2 million for tracking consumer behavior using its smart television devices.
The complaint alleged that Vizio acted unfairly by collecting, storing (indefinitely) and sharing consumer data with third parties without consent and in an unexpected manner. Further, the complaint alleged that Vizio had misrepresented the functionality of the feature in their smart televisions that collected such data (also known as “Smart Interactivity”). It was also alleged that these practices were an unconscionable [...] Read more
In follow up to our previous blog, California AG Kamala Harris Issues Privacy Policy Guidance: Making Your Privacy Practices Public Contains Draft Tips for Website and Online Service Privacy Policies, regarding the release of the AG’s report, please see our recently released client advisory providing a detailed analysis of the new privacy guidance: California Attorney General Kamala Harris Releases Long-Anticipated Guidance Regarding Privacy Policy Notices . As conceived, the Report is designed to apply to all businesses, regardless of the country or state in which they operate, based on the [...] Read more
Today, California Attorney General Kamala Harris released her long-anticipated guidance on privacy policies for companies collecting information from California residents in a report entitled Making Your Privacy Practices Public (the “Report”). While the Report exceeds existing law in many respects, affected companies should take heed to review the report and be familiar with its contents as it sets forth a blue print for how the CA AG’s office views “best practices” in connection with privacy policy drafting in the areas of “Big Data,” behavioral tracking, data security, and the [...] Read more
Today, Paul Martino and Dominique Shelton, partners in Alston and Bird’s Privacy and Security practice and respective members of the firm’s Legislative & Public Policy and Litigation and Trial Practice groups, co-authored the Law360 article, “Inside Calif.’s Proposed Guidance For Do-Not-Track Law.” In the article, Martino and Shelton address the potential impact of the meeting held for interested stakeholders on December 10, 2013, by the Privacy Enforcement and Protection Unit of the California Office of the Attorney General (“CA AG”) to discuss the AG’s proposed guidance [...] Read more
On December 10, 2013, the Privacy Enforcement and Protection Unit of the California Office of the Attorney General (CA AG) held a meeting in San Francisco for interested stakeholders to discuss best practices in light of the Assembly’s enactment of A.B. 370, California’s new do-not-track disclosure law that goes into effect on January 1, 2014. A.B. 370 amended the California Online Privacy Protection Act (CalOPPA) to require operators of websites, online services and mobile applications to amend their privacy policies as of the new year to either (1) disclose how they respond to do-not-track [...] Read more
Yesterday, the Federal Trade Commission announced three main topics that will be the focus of its Spring 2014 privacy seminars. The areas to be examined are: (1) Mobile Device Tracking; (2) Alternative Scoring Products; and (3) Consumer Generated and Controlled Health Data.
The Mobile Device Tracking seminar, which is open to the public, will take place on February 19, 2014 from 10:00 to 12:00 at FTC Conference Center, 601 New Jersey Ave., NW, Washington, DC. As the FTC defines it, mobile device tracking is the tracking of consumers in retail and other businesses using signals from the consumers’ [...] Read more
