Header graphic for print

HL Chronicle of Data Protection

Privacy & Information Security News & Trends

Posted in International/EU Privacy

State Department Issues Advisory Opinion on Cloud Computing

In a recent advisory opinion related to an exemption under the International Traffic In Arms Regulations (ITAR), the State Department confirmed that a company could use a data security method called “tokenization” to protect export-controlled technical data stored in the cloud on servers located outside the United States, provided the company satisfied the conditions of the exemption and took “sufficient means” to prevent foreign persons from accessing such technical data. Although the advisory opinion is quite narrow in scope, it is the first publicly-available formal position from the State Department on the ITAR implications of cloud computing. Continue Reading

Posted in International/EU Privacy

New Canadian Anti-Spam Legislation Requirements Become Effective in Less Than Two Weeks

Canada’s new anti-spam law (commonly known as CASL) was passed in December 2010, and certain provisions will become effective 1 July 2014 — including new consent requirements for e-mails and certain other electronic messages.

As of 1 July 2014, an organization must have consent to send commercial electronic messages (CEMs) to an email account, telephone account or instant messaging account.  In addition, CEMs must include certain identification information and an unsubscribe mechanism.  The law applies to messages whenever a computer system located in Canada is used to send or access the CEM.  Certain exemptions and transition periods also apply. Continue Reading

Posted in International/EU Privacy

Five Reasons to Do BCRs Now

Whilst the reform of the EU data protection framework continues its tortuous course in Brussels’ corridors of power, privacy pros in the real world are doing their best to cope with the current uncertainty. One of the ever-present sources of concern for those with data-related operations in Europe is how to overcome the restrictions affecting international data transfers in a cost-effective, sustainable and effective manner. In reality, there are many paths to follow, but choosing the right one is not always obvious—each case is different, and limited resources and time constraints often add an unwelcome degree of stress and complexity to the process.

Continue Reading

Posted in Financial Privacy

CFPB Announces Inquiry into Mobile Financial Services and Issues Consumer Tips on Use of Mobile Devices

The Consumer Financial Protection Bureau (CFPB) is exploring how consumers—particularly members of economically vulnerable and underserved communities—are using mobile technology to access financial services and manage personal finances.

In a Request for Information (RFI) announced earlier this week, the CFPB notes that a large percentage of unbanked and underbanked consumers, many of whom are low-income, have access to mobile phones, a significant number of which are smartphones, and that accessing financial products, services, and financial management tools via mobile devices has the potential to empower consumers to take more control over their financial lives, to increase savings and reduce debt.

Continue Reading

Posted in International/EU Privacy

Hogan Lovells Partner Appointed to French Digital Rights Commission

The Chairman of the French National Assembly, Claude Bartolone, announced June 11 the creation of a parliamentary commission on digital rights (in French), whose task will be among other things to define guidelines for evaluating legislative proposals affecting digital rights. France’s new Digital Rights Commission consists of 13 members of Parliament and 13 outside experts. Among the outside experts is Hogan Lovell’s partner Winston Maxwell, known for his work on net neutrality and data privacy. Continue Reading

Posted in International/EU Privacy

International Data Transfers – The Challenge Continues

The discussion at the Council of the EU in the context of the European data protection legislative reform that took place on 6 June is by no means the end of a process which is likely to carry on for at least a year, but it provided a helpful pointer as to where the policy making thinking is.  One of the biggest challenges that organisations operating in the EU have faced since the 1990s is the prohibition on transfers of data to jurisdictions outside the EU without equivalent standards of data protection.  The ongoing legislative reform is an opportunity to review the existing regime and bring it into line with today’s data globalisation.

Continue Reading

Posted in International/EU Privacy

Hogan Lovells Assists Vodafone in the Preparation of its First Law Enforcement Disclosure Report

Vodafone’s publication last Friday of its first Law Enforcement Disclosure Report attracted global press attention and comment. The report provides detailed insight into the legal frameworks, governance principles and operating procedures associated with responding to demands for assistance from law enforcement and intelligence agencies in 29 countries in which Vodafone operates.

Our London office team worked closely with Vodafone’s own in-house team to design and co-ordinate a multi-jurisdictional research effort involving Hogan Lovells colleagues and external counsel in the 29 countries in question.

The resulting research informed the creation by Vodafone of a country-by-country legal annexe to the report which seeks to highlight some of the most important legal powers available to government agencies and authorities seeking to access customer communications. In practice very few people are aware of these powers or understand the extent to which they enable agencies and authorities to compel telecommunications operators such as Vodafone to provide assistance of this nature.

By publishing the legal annexe under a creative commons licence, Vodafone hopes that others will re-use and build upon the material to aid greater transparency in this area.

The Law Enforcement Disclosure Report, which will be updated annually, covers the period 1 April 2013 to 31 March 2014 and can be found here.

Posted in International/EU Privacy

Italian DPA Publishes Decision on Cookies

On 3 June, Italy’s data protection authority, the Garante, published a decision on user notice and consent requirements when an organization uses cookies as part of its online services. The decision outlines specific categories of cookies based on their intended uses and the roles played by the entities placing those cookies, and highlights different levels of notice and consent requirements for each.  The decision also offers guidelines for providing users with adequate notice through a two-layer privacy notice and outlines the consequences of failing to comply with Italy’s rules on cookies.

In a detailed summary of the decision, Marco Berliri, Massimiliano Masnada, and Marta Colonna from Hogan Lovells’ Rome office, review key takeaways that will impact organizational practices when using cookies.  For our summary of the decision, click here.

Posted in Consumer Privacy, Cybersecurity & Data Breaches, International/EU Privacy

CNIL Workshop Cites Hogan Lovells Study on Body Sensors

Three weeks after the FTC’s seminar on Consumer Generated and Controlled Health Data (CGHD), the French data protection authority, the CNIL, held its own workshop on connected health and wellness devices. The results of the CNIL and FTC workshops are broadly similar. Health data generated in the context of medical care benefits from high levels of protection both in the United States and in France. In the United States, HIPAA imposes strict security rules on companies that store health data collected by hospitals or insurance companies.  In France, the public health code imposes draconian security measures on service providers that host health data generated in the context of medical care.

Continue Reading

Posted in News & Events

Leading Privacy and Data Protection Lawyer Eduardo Ustaran Joins Hogan Lovells

Eduardo UstaranLeading privacy and data protection lawyer Eduardo Ustaran joins Hogan Lovells as a partner today, 4 June.  He will lead the European team of the firm’s global Privacy and Information Management practice.

Eduardo is highly ranked in the Chambers and Legal 500 directories and is recognised as a leading practitioner.  He will be based in the London office and manage the firm’s European capability in this area. He has many years’ experience in privacy and data protection law and advises clients from across a range of sectors, including energy, life sciences, media and entertainment, public sector, retail and technology and communications.

Continue Reading