The European Commission has announced an agreement today with the United States Department of Commerce to replace the invalidated Safe Harbor agreement on transatlantic data flows with a new EU-U.S. “Privacy Shield.” The Privacy Shield aims to address the requirements set out by the European Court of Justice in its Oct. 6, 2015 ruling by imposing stronger obligations on companies, providing stronger monitoring and enforcement by the DOC and Federal Trade Commission , and making commitments regarding access to information on the part of public authorities. In announcing the agreement, Vice-President Ansip noted his belief that the Privacy Shield will benefit both European businesses and citizens, and will prove to be a “much better” solution for transatlantic data flows.
Anyone reading this blog already knows that cybersecurity is a team sport. No longer does the IT security department bear sole responsibility for protecting a company’s data and systems. Today companies are setting up enterprise-wide councils to oversee cybersecurity that include lawyers, risk managers, technical professionals, and other leaders. And if a breach occurs, that […]
The Colombian Data Protection Authority (the Superintendence of Industry and Commerce, or SIC) has issued regulations requiring all data controllers that are (i) private legal entities registered in Chambers of Commerce in Colombia (i.e., incorporated in Colombia) or (ii) partially government owned corporations (“sociedades de economía mixta”) to register their databases by November 8th, 2016. The regulations were issued on November 3, 2015, and the National Database Registry (the “Registry”) required by Colombian data protection laws was enabled on November 9, 2015. Read our post to learn about the registration requirements and potential penalties for noncompliance.
Data privacy and security regulators don’t always agree. Take a look at the Federal Trade Commission for example. In recent years, FTC commissioners have disagreed about the role that cost-benefit analyses should play and the types of consumer harms that should be considered in the FTC’s data privacy and security enforcement actions. For organizations that rely on the collection and use of consumer information, understanding the different viewpoints at the FTC and how those viewpoints may influence future enforcement is vital to evaluating risk. On Thursday, November 5, 2015, the Future of Privacy Forum will look at those issues as it celebrates its new home and its new partnership with Washington & Lee University School Law by hosting a panel discussion addressing the Future of Section 5 of the FTC Act. Panelists David Vladeck (former FTC Consumer Bureau Director David Vladeck) and James Cooper (former Acting Director of the Office of Policy Planning) will look at key Section 5 issues.
Next Tuesday, the Court of Justice of the European Union is scheduled to publish its decision in Maximillian Schrems v. Data Protection Commissioner, in which it is expected to rule on the validity of the U.S.-EU Safe Harbor Framework. Last week’s opinion of the CJEU’s Advocate General emphatically found Safe Harbor to be inadequate under EU law on the basis that access to Safe Harbor data by U.S. intelligence services is too wide and disproportionate, and that Safe Harbor does not contain appropriate guarantees to prevent this level of access. While the AG’s opinion is not binding on the CJEU, the short turn-around implies that the CJEU will not vary significantly from the opinion.
Austin, Texas is renowned for its live music scene, clean air, college vibe … and of course its technology conferences. Two Hogan Lovells lawyers—Bret Cohen and Lisa Ellman—have made the list of finalists for panels at the South by Southwest group of conferences this upcoming March, to talk about Student Privacy and Domestic Drone Policy. Don’t let the audience miss out on these presentations: view this post to help vote for “Practical Student Privacy” and “Game of Drones: Innovators and Poilcymakers Unite.
Across the country, we’re in the midst of “Unmanned Aircraft Systems ever” – industries from media, agriculture and energy to insurance, real estate and construction are seeking FAA approvals to fly UAS here in the United States. UAS technology has improved at a rapid pace, and offer a vast array of safety and efficiency benefits to companies for a wide variety of uses. But while the benefits from commercial uses of UAS are great, many have also been vocal with their privacy concerns. It may very well be that for industry to succeed, various stakeholders will need to engage in a national conversation surrounding these issues.
Emerging technologies, such as cloud computing and the “smart city,” have the potential to greatly advance our quality of life. The use, retention, and storage of data that go along with them, however, have raised citizen concerns about privacy risks. The National Institute of Standards and Technology addresses these concerns in a new draft report titled Privacy Risk Management for Federal Information Systems, which was released on May 29, 2015. The report introduces NIST’s Privacy Risk Management Framework, which anticipates and addresses privacy risk resulting from the processing of personal information. NIST intends that the framework will lay the foundation for establishing a common vocabulary that facilitates better understanding of (and communication about) privacy risks and how to effectively implement privacy principles. Although the report is directed at federal systems, the principles outlined may be useful for any business that processes personal information. The NIST report focuses on the development of two key pillars of the PRMF: privacy engineering objectives and a Privacy Risk Model.
Two federal appeals courts recently published significant opinions that redefine the scope of government access to phone records, setting the stage for a complex debate in Congress over the future of bulk data collection under the Patriot Act. The pair of decisions, along with the outcome of a legislative debate that has roiled Congress this month, will define the permissible boundaries for government surveillance and contribute to the ongoing debate over government access to digital information in all forms. We summarize both decisions as well as the congressional debate below.
FCC Chairman Wheeler has announced that he is circulating a proposal to address more than twenty pending petitions seeking clarity regarding the scope requirements under the U.S. Telephone Consumer Protection Act. He authored a blog post on the proposal and also released a fact sheet
Hogan Lovells is pleased to announce that its Privacy and Information Management practice has been named “Privacy & Data Security Team of the Year” by Chambers USA. Hogan Lovells was bestowed with the accolade at the Chambers USA Awards Ceremony and Dinner at Cipriani in New York City on 19 May.
This Wednesday December 3rd, Hogan Lovells partner Christopher Wolf will be moderating a panel hosted by the Future of Privacy Forum and the International Association of Privacy Professionals entitled: “Device encryption: Too Much Privacy for Consumers?” The panel is free and open to the public.
As the keynote speaker for the Winnik Forum, U.S. Federal Trade Commission (FTC) Commissioner Maureen Ohlhausen sat down with Christopher Wolf, Director of Hogan Lovells’ Privacy and Information Management Practice to discuss the evolving role of the FTC as we enter an era of “Big Data” and the “Internet of Things.” Commissioner Ohlhausen offered her views on a flexible approach to protecting consumer data privacy as connected devices continue to evolve. As opportunities arise for additional potential uses of collected data, Commissioner Ohlhausen said organizations and policymakers should consider a “harms-based approach” in which new uses of data would be allowed as long as they do not cause consumer harm and as long as they remain consistent with earlier promises that organizations have made to consumers. The key for Commissioner Ohlhausen is that companies should disclose what data is being collected and keep the promises that they make to consumers about the collection and uses of that data.
Hogan Lovells’ leading Privacy and Information Management practice is due to have its largest presence ever at the forthcoming IAPP Europe Data Protection Congress taking place in Brussels from 18 to 20 November. More than 20 lawyers from 7 offices will be attending and actively participating at the conference. Please come and visit us at Booth 3.
In an article published by re/code, Hogan Lovells Partner Christopher Wolf, working with Jules Polonetsky, Wolf’s co-chair at the Future of Privacy Forum, explores novel applications of Big Data in combatting discrimination and advancing civil rights. As highlighted by Wolf and Polonetsky, Big Data analytics has already begun empowering society to limit and remedy discrimination and follows the legacy of the Matthew Shepard and James Byrd Jr. Hate Crimes Prevention Act and the Hate Crime Statistics Act of 1990, which produce comprehensive statistics on hate crimes for law enforcement.
As commercial use of unmanned aircraft systems begins to take flight, the Hogan Lovells Privacy and Information Management practice has partnered with colleagues from across the firm to respond to the needs of manufacturers and operators of UAS. The launch of the group comes at a time when government activity to regulate UAS is creating both new opportunities and risks in the marketplace.
On Tuesday, October 28, Natalia Gulyaeva of Hogan Lovells’ Moscow office and Bret Cohen of our Washington, D.C. office will host a complimentary webinar outlining implications for businesses of the new Russian Data Storage Law. The law, which may come into effect as early as January 2015, requires that data “operators” – organizations that process personal data of Russian citizens, including providers of Internet-based services – to store the personal data of Russian citizens on databases located in the country.
From 13 to 16 October 2014, privacy regulators and data protection authorities from around the world will be gathering together with experts in the field – including our London-based partner Eduardo Ustaran – to discuss, debate and hopefully agree on how to address the toughest privacy challenges of our time. The 36th International Conference of Data Protection and Privacy Commissioners is entitled “A World Order for Data Protection – Our Dream Coming True?” This year’s conference is taking place in Mauritius, a clear sign of the truly global nature of this issue.
Hogan Lovells today published an update to the White Paper A Sober Look at National Security Access to Data in the Cloud, which compares national security access to data stored with Cloud service providers in a number of countries. The White Paper adds analyses of the laws of Brazil, Italy, and Spain, and reflects the April 2014 opinion of the European Court of Justice invalidating the EU Data Retention Directive. The updated paper now compares the national security access laws of the United States, Australia, Brazil, Canada, France, Germany, Italy, Spain, and the United Kingdom.
The Hogan Lovells Privacy and Information Management practice has received a “first tier” ranking from the ratings guide Legal 500 US in the “Technology: Data Protection and Privacy” category. Partners Christopher Wolf and Marcy Wilder were also each recognized as “leading lawyers” in the field. Legal 500 notes that the Privacy and Information Management practice at Hogan Lovells is “’among the best’ at advising ‘not only on where the law is, but where it is heading’.”
Leading privacy and data protection lawyer Eduardo Ustaran joins Hogan Lovells as a partner today, 4 June. He will lead the European team of the firm’s global Privacy and Information Management practice.
Chambers USA recently released their 2014 rankings, and we are pleased to announce that Hogan Lovells’ Privacy and Information Management practice once again received the recognition of Band 1 by Chambers USA. Chambers noted “the firm has a first-class collection of people when it comes to new technologies. They have been sage on these issues and have helped us to shape emerging areas of law.”
At the Privacy and Civil Liberties Oversight Board hearing yesterday in Washington, D.C., Hogan Lovells partner and privacy practice lead Christopher Wolf spoke on the issue of privacy and government surveillance and provided a transnational perspective on legal regimes that regulate government access to data. In 2012 and 2013, Hogan Lovells published four White Papers (available here, here, here, and here) on government access to data in the cloud. The findings of the national security access White Paper, A Sober Look at National Security Access to Data in the Cloud, were a focal point of yesterday’s discussion.
The Hogan Lovells Privacy Team looks forward to seeing many of you this week at the International Association of Privacy Professionals (IAPP) Global Privacy Summit in Washington, D.C. We are delighted to once again participate in the Summit as a gold level sponsor and hope you will visit us at Booth 7 in the Exhibition Hall to learn more about our Global Privacy and Information Management Practice. Hogan Lovells attorneys will also be featured at a number of breakout sessions.