Header graphic for print

HL Chronicle of Data Protection

Privacy & Information Security News & Trends

Posted in Consumer Privacy, Employment Privacy, Privacy & Security Litigation

Insights on the Consumer Privacy Bill of Rights Act of 2015

WhiteHouse_LogoOn Friday, February 27, the White House released its promised draft privacy and data security legislation. The proposed Consumer Privacy Bill of Rights Act of 2015 (the “Act”) contains few, if any, surprises and would codify the framework that the White House proposed in 2012, imposing privacy and data security requirements across sectors and industries (our analysis of the 2012 proposal can be found here). The proposal has drawn criticism from the Federal Trade Commission and privacy advocates for not containing enough consumer protections, and from the business community for a lack of clarity and the potential to stifle innovation and to create other unintended consequences.  Continue Reading

Posted in Consumer Privacy

Hogan Lovells at IAPP Global Privacy Summit 2015!

HoganLovells Logo_382


Hogan Lovells’ leading Privacy and Information ‎Management practice will actively participate at this week’s IAPP Global Privacy Summit 2015. Below is a listing of events in which our lawyers will be featured:

March 4

  • Harriet Pearson, Partner, Certified Information Privacy Professional U.S., Hogan Lovells US LLP,  will be a featured panelist on “Piecing Together the Privacy Engineering Puzzle” from 9:00 a.m. – 1:00 p.m.
  • Hogan Lovells is sponsoring refreshments for the IAPP’s first ever LGBT Networking Happy Hour in conjunction with the IAPP Summit in Washington, D.C. To RSVP, click here.

March 5

  • Christopher Wolf, Director, Global Privacy and Information Management Practice, Hogan Lovells US LLP, will “Talk Privacy and Beyond” with FTC Commissioner Julie Brill from 2:30 p.m. – 3:30 p.m.

March 6

  • Mark Brennan, Partner, Hogan Lovells US LLP, will moderate “Privacynomics: The Proper Role of Economics in Privacy Policymaking” with FTC Commissioner Josh Wright and James Cooper, Director, Research and Policy, Law and Economics Center; Lecturer in Law, George Mason University School of Law. The discussion will take place from 8:30 a.m.– 9:30 a.m..
  • Eduardo Ustaran, Partner, Certified Information Privacy Professional Europe, Hogan Lovells International LLP, will discuss “The Future of Privacy – Your Job Tomorrow” from 11:10 a.m. – 11:30 a.m.
  • Timothy Tobin, Partner, Hogan Lovells US LLP, will moderate a panel on Connected Cars entitled “Driving Privacy Forward” from 11:30 a.m. – 12:30 p.m.
  • Sian Rudgard, Of Counsel, Certified Information Privacy Professional Europe, Hogan Lovells International LLP will discuss “Are You Ready for BCR? A Practical Guide to Find Out if You Have What It Takes” from 11:30 a.m. – 12:30 p.m.

 Please come and visit us at Booth 208!

Posted in Consumer Privacy

Department of Education Issues “Model Terms of Service” and Other Guidance on Student Privacy Compliance

PTADOn February 26, the U.S. Department of Education issued guidance aimed at assisting schools and school districts when considering whether the use of online educational services and mobile applications complies with student privacy laws.  The guidance consisted of two main components.  First, the Department published a document entitled Protecting Student Privacy While Using Online Educational Services:  Model Terms of Service, which evaluates common privacy-related provisions in online Terms of Service and analyzes how they comply with student privacy requirements.  Second, the Department produced a user-friendly, 10-minute training video directed to K-12 administrators, teachers, and staff about schools’ privacy obligations when using online educational services and applications.  Finally, the guidance encourages school administrators to check the Student Privacy Pledge when considering whether to use online educational services in the classroom.

This follows Department of Education guidance issued almost exactly a year ago, which we summarized in a detailed Client Alert at the time, about the privacy obligations of schools and school districts when considering online service providers and applications.  That guidance commented that schools should review online educational service providers’ online Terms of Service (TOS) prior to sharing student data with online services to determine whether the TOS are consistent with privacy requirements under laws like the Family Educational Rights and Privacy Act (FERPA), the Children’s Online Privacy Protection Act (COPPA), and the Protection of Pupil Rights Amendment (PPRA). Continue Reading

Posted in Consumer Privacy

Obama Administration Releases Privacy Bill of Rights Discussion Draft

WhiteHouse_LogoFollowing President Obama’s announcement last month  that the administration would be proposing a consumer privacy bill of rights, the Obama Administration today posted its proposed legislation. Check back here soon for further information about the proposal.

To access the administration’s discussion draft “Consumer Privacy Bill of Rights Act,” click here.

Posted in Consumer Privacy

What Will be the Impact of the New EU Data Protection Regulation on the UK’s Freedom of Information Act?

EU-diploma-shutterstock_135556283-250The future of the s. 40 exemption

Undoubtedly one of the more mind-bending exemptions to apply under the Freedom of Information Act 2000 (FOIA) is the exemption for personal information (s.40) (although sections 30 and 36 are also up there!). This is partly due to s. 40’s close link with the Data Protection Act 1998 (DPA). Not one to hog the limelight, the DPA has typically been cited in past litigation as a secondary or even tertiary issue to the main action when there is a claim for breach of confidence or breach of privacy. This led to a scarcity of judicial rulings on the DPA prior to the FOIA. However, in the Tribunal and higher court decisions flowing from the FOIA, certain aspects of the DPA have frequently been examined when public authorities seek to rely on the s. 40 exemption. Consequently there have been a number of rulings on the scope of personal data and on the ‘legitimate interests’ ground as a legal basis for disclosing such information. These rulings have been based on the DPA which itself implements the EU Data Protection Directive 95/46/EC. But the Directive is due to be replaced by an EU Regulation in the next few years. What will this mean for how the s. 40 exemption under FOIA is interpreted? Continue Reading

Posted in International/EU Privacy

Russia Plans to Increase Fines for Violating Data Protection Laws

Russian-ServersOn 24 February, the Russian State Duma (the lower chamber of the Russian Parliament) adopted in the first reading a draft law introducing amendments to the Russian Code on Administrative Offences (the Draft Law) that would increase the amount of the fines imposed for violating Russian data protection laws and introducing a differentiation of the relevant offences’ types.  Notably, the Draft Law does not introduce any separate fine for violating Russia’s new Data Localization Law, although there is still a possibility that this could be modified as the legislative process progresses. Continue Reading

Posted in Cybersecurity & Data Breaches

New Study Provides Cybersecurity Insights for Corporate Counsel

Emergence of Cybersecurity lawA recently-released research study published by Indiana University’s Bloomington School of Law highlights the rising importance of cybersecurity law and provides current insights on the role lawyers are playing to help protect companies from cyber threats. The study, entitled “The Emergence of Cybersecurity Law,” is based on a survey of corporate law departments as well as interviews conducted with lawyers, consultants, and academic experts. Continue Reading

Posted in Consumer Privacy

Privacy in the Machine World

robot FaceIn 2014, the Internet of Things (IoT) and big data were two of the hottest buzz words among privacy professionals. This year, “robotics” may be one of our oft-spoken words. In this post, we look at two of the challenges that robotics brings. One challenge facing privacy professionals is how to address potential privacy issues as autonomous robots powered by big data and network connectivity are brought into our personal spaces. Another, often equally challenging issue, is how to implement robotics in a legal and regulatory landscape that was designed, in many cases, for the relatively slow-paced technologies of the Internet where the chirps of dial-up modems broadcast our connections. Continue Reading

Posted in Consumer Privacy

White House Releases Memorandum on Safeguarding Privacy, Civil Rights, and Civil Liberties in the Domestic Use of Unmanned Aircraft Systems

shutterstock_149083385On February 15, the White House issued a Presidential Memorandum on safeguarding privacy, civil rights, and civil liberties in the domestic use of Unmanned Aircraft Systems (UAS). The memorandum launches a multi-stakeholder process to establish voluntary baseline privacy standards for commercial use of UAS and establishes principles that will govern the federal government’s use of UAS.

The Presidential Memorandum, which was issued in conjunction with the Federal Aviation Administration’s proposed framework of regulations for the use of certain small UAS, is the latest in a series of activities by policymakers to address privacy concerns associated with the use of UAS in governmental and civilian settings. In December, Sen. Jay Rockefeller (D-WV) released his proposed Unmanned Aircraft Systems Privacy Act of 2014, which would establish rules on data collection and use by UAS operators. Additionally, in the last two years, several states, including California, Idaho, Indiana, Louisiana, North Carolina, Oregon, Tennessee, Texas, and Wisconsin enacted privacy laws that impact commercial and private use of UAS. Numerous states also have passed laws restricting law enforcement use of UAS. Continue Reading

Posted in International/EU Privacy

2015: The Turning Point for Data Privacy Regulation in Asia?

2014 was a very eventful year for data privacy regulation in Asia and there are reasons to believe that 2015 will represent a turning point for the region as established privacy regimes are toughened and new regimes enacted in recent years begin to mature.

The past year saw a number of significant regulatory developments, in particular the implementation of new, comprehensive “European-style” privacy laws in Singapore and Malaysia, the amendment of China’s consumer protection law to include data privacy principles and increased financial penalties in South Korea. Continue Reading