Header graphic for print

HL Chronicle of Data Protection

Privacy & Information Security News & Trends

Posted in International/EU Privacy

Council e-Privacy Regulation Negotiations Critical for the Future of IoT and AdTech

Following the European Commission and European Parliament’s proposed versions of the EU Regulation on Privacy and Electronic Communications (the ePR), we are now waiting for the Council of the European Union to agree their position before discussions between the three bodies can begin. A discussion paper from the Bulgarian Presidency of the Council dated 11 January 2018 (the Paper) shows that the Council is still considering multiple options in relation to several critical issues. In particular:

Continue Reading

Posted in International/EU Privacy

Why Companies in Mexico Should Reassess Their Compliance with Data Privacy Protocols—and Their Risk of a Data Breach

According to the Constitution of Mexico, the protection of personal data is a fundamental right of all Mexican citizens. Under federal law, individuals also have a right to access, change, oppose, or suppress their personal data. Although all private companies process data, some are not sufficiently familiar with Mexico’s data privacy principles and regulations, and many may not have an up-to-date assessment of their own risk of a data breach. In addition, they may not be aware that the Mexican Supreme Court’s recent shift in perspective regarding personal injury cases may herald a change in the way data privacy breaches are handled in the future.

Continue Reading

Posted in International/EU Privacy

Privacy in 2018: Expect the Unexpected

Making predictions for the year ahead is possibly as desirable as unreliable. In a world of unlimited data and advanced science, it would be tempting to think that the future is already written. Algorithms and artificial intelligence will show us what lies ahead with immaculate accuracy. Or perhaps not. At least not yet. To say that the world is in turmoil is an understatement and the same is true of the world of privacy and data protection, which makes predicting the future particularly tricky. But since the urge to plan, budget and prepare for what is likely to happen next is so real, now is a good time to pause, reflect about what’s going on, and make some predictions for 2018.

Continue Reading

Posted in International/EU Privacy

Article 29 Working Party Sets Deadline to Address Privacy Shield Concerns

Hot on the heels of the European Commission’s official review of the functioning of the EU-U.S. Privacy Shield framework, the Article 29 Working Party (Working Party) of EU data protection regulators has issued its own report on the matter. The summary of findings by the Working Party, which draws from both written submissions and oral contributions, begins by commending U.S. authorities for their efforts in establishing a procedural framework to support the operation of Privacy Shield but quickly shifts to the Working Party’s concerns. Should the concerns not be addressed by the time of the second joint review, the Working Party notes that its members will “take appropriate action,” including bringing a Privacy Shield adequacy decision to national courts for reference to the Court of Justice of the European Union (CJEU) for a preliminary ruling.

While the precise importance and role of Privacy Shield in a post-GDPR world where contractual mechanisms and BCR seem to be given prominence remains to be seen, approximately 2,500 organizations currently rely on the framework for the transfer of personal data from the European Union to the U.S. The referral of Privacy Shield to the CJEU would cast the validity of such transfers into doubt, so the next few months will be critical in this respect.

Continue Reading

Posted in International/EU Privacy

Russia Partially Releases 2018 Data Privacy Inspection Plans

Two weeks ago, certain territorial divisions of the Russian Data Protection Authority, Roskomnadzor, published their 2018 plans for conducting inspections of local companies’ compliance with Russian data privacy requirements, including with Russia’s data localization requirement. The inspection plans contain a number of prominent multi-national and Russian companies.

Continue Reading

Posted in News & Events

Privacy and Cybersecurity November 2017 Events

Please join us for our November 2017 Privacy and Cybersecurity Events.

November 7
TCPA in Higher Education
Mark Brennan is leading a session on TCPA at the NCHER Knowledge Symposium.
Location: New Orleans, Louisiana

 

November 7
Employee Privacy under the GDPR
Tim Wybitul has been invited to speak at the DBG/dtb Technologie-Forum regarding employee data privacy in connection with the implementation of GDPR.
Location: Berlin, Germany

 

November 7
Preparing for the GDPR
Eduardo Ustaran will run the GDPR Bootcamp at the IAPP Europe Data Protection Congress.
Location: Brussels, Belgium

 

Continue Reading

Posted in News & Events

Upcoming Webinar on Privacy and the Internet of Things

Join us tomorrow, October 25 for the next installment of our 2017 Internet of Things (IoT) webinar series and get practical guidance on privacy compliance challenges presented by the IoT. Continue Reading

Posted in Privacy & Security Litigation

U.S. Supreme Court Takes Microsoft Corp. v. United States in Law Enforcement Access Row

Last Monday, the Supreme Court granted certiorari in the Microsoft search warrant case, a case in which Microsoft challenged the U.S. government’s right to use the warrant process to obtain certain emails stored overseas.  Some view the upcoming decision as signaling the level of access the U.S. government will have to the growing troves of data U.S.-based technology companies hold about citizens of the world.  And regulators in the EU and other jurisdictions may view a reversal of the Second Circuit decision as a negative factor when considering the protections the U.S. government afford their citizens’ data.  The case was previously decided twice in Microsoft’s favor in the Second Circuit, which declined to grant en banc review by a 4-4 decision.

Continue Reading

Posted in International/EU Privacy

Automated Decision-Making Under the GDPR – A Right for Individuals or A Prohibition for Controllers?

The complexity of the EU General Data Protection Regulation (“GDPR”) is often alleviated by the guidance of regulatory authorities who contribute their practical interpretation of the black letter of the law and provide welcome certainty. However, the latest draft guidelines issued by the Article 29 Working Party (“WP”) on automated decision-making has thrown up a particular curve ball which bears further investigation. It relates to whether Article 22(1) of the GDPR should be read as a right available to data subjects or as a straightforward prohibition for controllers.

Continue Reading

Posted in Consumer Privacy

Much-Needed TCPA Reform Would Support Small Businesses and Spur Economic Benefits

Growing evidence suggests that existing Telephone Consumer Protection Act (“TCPA”) compliance challenges, and the current TCPA litigation landscape, are increasingly a threat to many U.S. companies – particularly small businesses that have fewer resources and could face financial ruin if targeted by a class action lawsuit.  To help address this issue and support the U.S. economy, Congress and the Federal Communications Commission (“FCC”) should revise the current TCPA framework and facilitate reasonable, practical compliance approaches for companies attempting in good faith to communicate with customers.

Continue Reading