Big Data

Vermont Data Broker Law Now in Effect

Written by

Under a Vermont law that recently came into effect, data brokers that process information regarding Vermont residents are now subject to registration and security requirements. Included in the new law are three notable components: (1) a broad statutory definition of a “data broker,” (2) an annual registration requirement for data brokers, and (3) reporting on data broker security breaches. Definition of a “Data Broker” The law takes a technology-neutral approach to its definition of a “data broker,” instead defining the term based on the normal functions of the business. The statute [...] Read more

German DPAs Issue DPIA Blacklists; Many Companies Likely to be Affected

Written by

The GDPR entered into force on May 25, 2018.  One of the GDPR’s core going-forward obligations is the duty to conduct Data Protection Impact Assessments (DPIAs) over processing activities that create a “high risk” to individuals’ privacy.  DPIAs constitute an important aspect of GDPR compliance, as they arguably replace the notifications of processing systems and activities to European Data Protection Authorities (DPAs) which pre-GDPR privacy law often obligated companies to make.  Instead of notifying DPAs, the GDPR now requires companies to internally conduct DPIAs that document “high [...] Read more

Privacy & Data Security Team Launches Unique GDPR Tracker Website

Written by

“To Harmonize or Not To Harmonize: That Is the Question.” With the the GDPR fast approaching on May 25, 2018, European Member States are getting ready with the implementation of national legislation. Although the GDPR is a regulation, and directly applicable in all Member States, it has left room for country-specific legislation in several different regards (such as the processing of employee data or individual rights restrictions). Most Member States still only have draft legislation at this point, but the expectation (or at least intention) is that each country will have adopted legislation [...] Read more

Swire Discusses European Data Economy at European Political Strategy Centre Policy Hearing

Written by

Peter Swire, Alston & Bird Senior Counsel and Nancy J. and Lawrence P. Huang Professor of Law and Ethics at the Georgia Institute of Technology’s Scheller College of Business, recently participated in a policy hearing held by the European Political Strategy Centre, the in-house think tank of the European Commission. Swire joined five other experts in answering a series of questions posed by the Centre’s moderators on how Europe can build its data economy to compete globally, protect fundamental privacy rights, and guard against anti-competitive behavior. In his remarks, Swire pointed [...] Read more

European Data Protection Supervisor Releases Opinion on Mobile Health

Written by

The European Data Protection Supervisor (“EDPS”), Giovanni Buttarelli, has published an opinion on Mobile Health (“mHealth”); a rapidly evolving sector that stems from the convergence of healthcare and information communication technology.  mHealth includes mobile applications designed to provide health-related services through smart devices by processing personal information about an individual’s health, well-being, and lifestyle. The opinion discusses the growing ubiquity of mHealth, which in large part is due to the proliferation of smartphones and wearable computing devices.  [...] Read more

Court Finds Hulu Did Not “Knowingly” Disclose PII in Violation of VPPA, Grants Summary Judgment

Written by , , and

Ending a four-year battle that has helped define the parameters of the Video Privacy Protection Act’s (VPPA) application to new technologies, on March 31, 2015, Northern District of California Magistrate Judge Laurel Beeler dismissed with prejudice the In re: Hulu Privacy Litigation. In doing so, Judge Beeler found that there was simply no evidence that Hulu knowingly disclosed plaintiffs’ video viewing selections and personal identification information (PII) to a third party. Many companies and privacy professionals were following this case closely because of the significant potential exposure [...] Read more

Alston & Bird’s Dominique Shelton Presents Panel On Omnichannel Innovation At National Retail Federation’s Shop.org Summit 2014 In Seattle, WA

Written by

On October 1, Alston & Bird Partner Dominique Shelton and entrepreneur Maria Fernandez presented a panel on Omnichannel retailing, a marketing method that mixes physical and digital channels to create an innovative and unified customer experience, at the National Retail Federation’s 2014 Shop.org Summit in Seattle, Washington. The Panel, titled “The Threat to Omnichannel Innovation: How Comfortable Is Your Customer Now?” covered emerging regulatory threats to Omnichannel tools, such as detecting facial responses to product displays, and heat mapping technology that tracks consumer behavior [...] Read more

FTC Announces Final Agenda for September Big Data Workshop

Written by

The Federal Trade Commission has released a final program for its September workshop, “Big Data: A Tool for Inclusion or Exclusion?” During the workshop, speakers with a wide range of experience and expertise in the privacy field will present on the various issues and opportunities that arise from the relationship between big data and consumers. The workshop will begin at 9 a.m. and run throughout the day on September 15, 2014 at the Constitution Center, located at 400 7th St SW, Washington, DC 20024. The agenda is as follows: 9:00 a.m. ET: Opening remarks 9:15 a.m. ET: Presentation: [...] Read more

CDD Urges FTC to Investigate 30 Companies for Alleged Safe Harbor Violations

Written by

The Center for Digital Democracy (“CDD”), a private consumer privacy advocate, recently filed a complaint and “request for investigation” before the Federal Trade Commission (“FTC”) accusing 30 U.S. companies of violating provisions of the Safe Harbor framework. The 118-page complaint, filed August 14th, urges the FTC to take legal action against the companies, including Adobe Systems, AOL, and Salesforce. Administered by the Department of Commerce and primarily enforced by the FTC, the Safe Harbor program facilitates data transfers between E.U. and U.S. companies who have agreed [...] Read more

ComScore Reaches $14 Million Settlement in Electronic Privacy Class Action

Written by and

On May 30, 2014, comScore Inc. announced that it has reached a $14 million settlement in the largest class ever certified in an Internet privacy lawsuit, composed of users who claim that comScore installed analytics software on their computers and sold their personal data to media outlets without their knowledge or consent. ComScore, a publicly-traded company, faced upwards of $1 billion in liability under various federal statutes aimed at protecting consumer privacy. This made it one of the largest (if not the largest) privacy class action certified in the country. Background on ComScore Lawsuit [...] Read more