Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: safe harbor

Posted on By Winston Maxwell Posted in International/EU Privacy

European Parliament Committee Releases Proposed Amendments to Data Protection Regulation

Jan Albrecht, the rapporteur for the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs, released a draft report last month with key proposals to amend the European Commission’s proposed Regulation on data protection. The report includes a total of 350 amendments to the original proposal.  Highlights of the 215-page report include the following:

Posted on By HL Chronicle of Data Protection Posted in Consumer Privacy

Myspace Settles with FTC Regarding “Constructive Sharing” of PII with Third-Party Advertisers

this blog entry details the FTC’s settlement and consent decree with Myspace, and enforcement action that focused on the fact that a “Friend ID”, despite being non-PII, was linked to a user’s Myspace profile so that third-party advertisers could use the Friend ID to easily obtain the PII resident on a user’s profile. In effect, the FTC took the position that by sharing the Friend IDs with third parties, Myspace also constructively shared all of the PII accessible from a user’s Myspace profile with those third parties, in violation of privacy policy promises not to share. As such, this enforcement action may signal that a business canntt get around promises not to share PII with third parties simply by sharing a piece of non-PII that enables a third party subsequently to obtain access to PII maintained by that business.

Posted on By Stefan Schuppert Posted in International/EU Privacy

German DPAs Issue Rules for Cloud Computing Use

The German data protection authorities on September 26, 2011 adopted an “Orientation guide – cloud computing.” The guide sets out mandatory and recommended content for any agreement between German users of cloud computing services and cloud computing serving providers. It highlights the customer’s responsibility for full compliance with German data protection requirements for the cloud. Based on this orientation guide, customers and providers will have to review existing agreements in the German market.

Posted on By Christopher Wolf Posted in International/EU Privacy

Pending Revision of EU Directive Prompts Questions About Safe Harbor

The pending proposal from the European Commission for revision of the EU Directive (expected in early 2012) raises questions about the efficacy under a revised Directive of the EU-US Safe Harbor framework, which permits the legal cross-border transfer of personal data from the EU to the US for companies enrolled in the Safe Harbor and committed to the requisite privacy protections. That’s the recent observation in Europolitics, the European Affairs daily, quoted in this blog entry, along with the rousing defense of the Safe Harbor offered by Google’s Global Privacy Counsel Peter Fleischer.

Posted on By Bret Cohen Posted in International/EU Privacy

German Privacy Watchdogs Require More Scrutiny When Transferring Data to the United States Under the Safe Harbor

The Düsseldorfer Kreis, a working group consisting of representatives from Germany’s sixteen state data protection authorities, issued a Decision (dated 28/29 April 2010) on the transfer of personal data from German companies to U.S. companies which are certified under the U.S.-EU Safe Harbor framework. It stated that Safe Harbor certification of the U.S. company alone is not sufficient to safeguard the transfer because European and U.S. regulators currently do not ensure that the U.S. companies comply with the self-certification. Therefore, German companies are now required to take additional steps when transferring data to the US under the Safe Harbor.