Under a Vermont law that recently came into effect, data brokers that process information regarding Vermont residents are now subject to registration and security requirements. Included in the new law are three notable components: (1) a broad statutory definition of a “data broker,” (2) an annual registration requirement for data brokers, and (3) reporting on data broker security breaches.
Definition of a “Data Broker”
The law takes a technology-neutral approach to its definition of a “data broker,” instead defining the term based on the normal functions of the business. The statute [...] Read more
The GDPR entered into force on May 25, 2018. One of the GDPR’s core going-forward obligations is the duty to conduct Data Protection Impact Assessments (DPIAs) over processing activities that create a “high risk” to individuals’ privacy. DPIAs constitute an important aspect of GDPR compliance, as they arguably replace the notifications of processing systems and activities to European Data Protection Authorities (DPAs) which pre-GDPR privacy law often obligated companies to make. Instead of notifying DPAs, the GDPR now requires companies to internally conduct DPIAs that document “high [...] Read more
“To Harmonize or Not To Harmonize: That Is the Question.” With the the GDPR fast approaching on May 25, 2018, European Member States are getting ready with the implementation of national legislation. Although the GDPR is a regulation, and directly applicable in all Member States, it has left room for country-specific legislation in several different regards (such as the processing of employee data or individual rights restrictions). Most Member States still only have draft legislation at this point, but the expectation (or at least intention) is that each country will have adopted legislation [...] Read more
Peter Swire, Alston & Bird Senior Counsel and Nancy J. and Lawrence P. Huang Professor of Law and Ethics at the Georgia Institute of Technology’s Scheller College of Business, recently participated in a policy hearing held by the European Political Strategy Centre, the in-house think tank of the European Commission. Swire joined five other experts in answering a series of questions posed by the Centre’s moderators on how Europe can build its data economy to compete globally, protect fundamental privacy rights, and guard against anti-competitive behavior.
In his remarks, Swire pointed [...] Read more
The European Data Protection Supervisor (“EDPS”), Giovanni Buttarelli, has published an opinion on Mobile Health (“mHealth”); a rapidly evolving sector that stems from the convergence of healthcare and information communication technology. mHealth includes mobile applications designed to provide health-related services through smart devices by processing personal information about an individual’s health, well-being, and lifestyle.
The opinion discusses the growing ubiquity of mHealth, which in large part is due to the proliferation of smartphones and wearable computing devices. [...] Read more
Ending a four-year battle that has helped define the parameters of the Video Privacy Protection Act’s (VPPA) application to new technologies, on March 31, 2015, Northern District of California Magistrate Judge Laurel Beeler dismissed with prejudice the In re: Hulu Privacy Litigation. In doing so, Judge Beeler found that there was simply no evidence that Hulu knowingly disclosed plaintiffs’ video viewing selections and personal identification information (PII) to a third party. Many companies and privacy professionals were following this case closely because of the significant potential exposure [...] Read more
On October 1, Alston & Bird Partner Dominique Shelton and entrepreneur Maria Fernandez presented a panel on Omnichannel retailing, a marketing method that mixes physical and digital channels to create an innovative and unified customer experience, at the National Retail Federation’s 2014 Shop.org Summit in Seattle, Washington. The Panel, titled “The Threat to Omnichannel Innovation: How Comfortable Is Your Customer Now?” covered emerging regulatory threats to Omnichannel tools, such as detecting facial responses to product displays, and heat mapping technology that tracks consumer behavior [...] Read more
The Federal Trade Commission has released a final program for its September workshop, “Big Data: A Tool for Inclusion or Exclusion?” During the workshop, speakers with a wide range of experience and expertise in the privacy field will present on the various issues and opportunities that arise from the relationship between big data and consumers. The workshop will begin at 9 a.m. and run throughout the day on September 15, 2014 at the Constitution Center, located at 400 7th St SW, Washington, DC 20024.
The agenda is as follows:
9:00 a.m. ET: Opening remarks
9:15 a.m. ET: Presentation: [...] Read more
The Center for Digital Democracy (“CDD”), a private consumer privacy advocate, recently filed a complaint and “request for investigation” before the Federal Trade Commission (“FTC”) accusing 30 U.S. companies of violating provisions of the Safe Harbor framework. The 118-page complaint, filed August 14th, urges the FTC to take legal action against the companies, including Adobe Systems, AOL, and Salesforce.
Administered by the Department of Commerce and primarily enforced by the FTC, the Safe Harbor program facilitates data transfers between E.U. and U.S. companies who have agreed [...] Read more
On May 30, 2014, comScore Inc. announced that it has reached a $14 million settlement in the largest class ever certified in an Internet privacy lawsuit, composed of users who claim that comScore installed analytics software on their computers and sold their personal data to media outlets without their knowledge or consent. ComScore, a publicly-traded company, faced upwards of $1 billion in liability under various federal statutes aimed at protecting consumer privacy. This made it one of the largest (if not the largest) privacy class action certified in the country.
Background on ComScore Lawsuit [...] Read more
