Header graphic for print

HL Chronicle of Data Protection

Privacy & Information Security News & Trends

Posted in International/EU Privacy

Article 29 Working Party Sets Deadline to Address Privacy Shield Concerns

Hot on the heels of the European Commission’s official review of the functioning of the EU-U.S. Privacy Shield framework, the Article 29 Working Party (Working Party) of EU data protection regulators has issued its own report on the matter. The summary of findings by the Working Party, which draws from both written submissions and oral contributions, begins by commending U.S. authorities for their efforts in establishing a procedural framework to support the operation of Privacy Shield but quickly shifts to the Working Party’s concerns. Should the concerns not be addressed by the time of the second joint review, the Working Party notes that its members will “take appropriate action,” including bringing a Privacy Shield adequacy decision to national courts for reference to the Court of Justice of the European Union (CJEU) for a preliminary ruling.

While the precise importance and role of Privacy Shield in a post-GDPR world where contractual mechanisms and BCR seem to be given prominence remains to be seen, approximately 2,500 organizations currently rely on the framework for the transfer of personal data from the European Union to the U.S. The referral of Privacy Shield to the CJEU would cast the validity of such transfers into doubt, so the next few months will be critical in this respect.

Continue Reading

Posted in International/EU Privacy

Russia Partially Releases 2018 Data Privacy Inspection Plans

Two weeks ago, certain territorial divisions of the Russian Data Protection Authority, Roskomnadzor, published their 2018 plans for conducting inspections of local companies’ compliance with Russian data privacy requirements, including with Russia’s data localization requirement. The inspection plans contain a number of prominent multi-national and Russian companies.

Continue Reading

Posted in News & Events

Privacy and Cybersecurity November 2017 Events

Please join us for our November 2017 Privacy and Cybersecurity Events.

November 7
TCPA in Higher Education
Mark Brennan is leading a session on TCPA at the NCHER Knowledge Symposium.
Location: New Orleans, Louisiana

 

November 7
Employee Privacy under the GDPR
Tim Wybitul has been invited to speak at the DBG/dtb Technologie-Forum regarding employee data privacy in connection with the implementation of GDPR.
Location: Berlin, Germany

 

November 7
Preparing for the GDPR
Eduardo Ustaran will run the GDPR Bootcamp at the IAPP Europe Data Protection Congress.
Location: Brussels, Belgium

 

Continue Reading

Posted in News & Events

Upcoming Webinar on Privacy and the Internet of Things

Join us tomorrow, October 25 for the next installment of our 2017 Internet of Things (IoT) webinar series and get practical guidance on privacy compliance challenges presented by the IoT. Continue Reading

Posted in Privacy & Security Litigation

U.S. Supreme Court Takes Microsoft Corp. v. United States in Law Enforcement Access Row

Last Monday, the Supreme Court granted certiorari in the Microsoft search warrant case, a case in which Microsoft challenged the U.S. government’s right to use the warrant process to obtain certain emails stored overseas.  Some view the upcoming decision as signaling the level of access the U.S. government will have to the growing troves of data U.S.-based technology companies hold about citizens of the world.  And regulators in the EU and other jurisdictions may view a reversal of the Second Circuit decision as a negative factor when considering the protections the U.S. government afford their citizens’ data.  The case was previously decided twice in Microsoft’s favor in the Second Circuit, which declined to grant en banc review by a 4-4 decision.

Continue Reading

Posted in International/EU Privacy

Automated Decision-Making Under the GDPR – A Right for Individuals or A Prohibition for Controllers?

The complexity of the EU General Data Protection Regulation (“GDPR”) is often alleviated by the guidance of regulatory authorities who contribute their practical interpretation of the black letter of the law and provide welcome certainty. However, the latest draft guidelines issued by the Article 29 Working Party (“WP”) on automated decision-making has thrown up a particular curve ball which bears further investigation. It relates to whether Article 22(1) of the GDPR should be read as a right available to data subjects or as a straightforward prohibition for controllers.

Continue Reading

Posted in Consumer Privacy

Much-Needed TCPA Reform Would Support Small Businesses and Spur Economic Benefits

Growing evidence suggests that existing Telephone Consumer Protection Act (“TCPA”) compliance challenges, and the current TCPA litigation landscape, are increasingly a threat to many U.S. companies – particularly small businesses that have fewer resources and could face financial ruin if targeted by a class action lawsuit.  To help address this issue and support the U.S. economy, Congress and the Federal Communications Commission (“FCC”) should revise the current TCPA framework and facilitate reasonable, practical compliance approaches for companies attempting in good faith to communicate with customers.

Continue Reading

Posted in International/EU Privacy

Big Data and Digital Markets Remain in the Focus of Competition Authorities – German FCO Continues to Lead the Way

On 6 October, the German Federal Cartel Office (“FCO”) launched its new series of papers on “Competition and Consumer Protection in the Digital Economy.” The first paper deals with “Big Data and Competition.” The same day, a “real-life example” of competition enforcement in Big Data became public. The EU Commission confirmed unannounced inspections in “a few Member States” concerning online access to bank customer’s account data by competing service providers.

Continue Reading

Posted in Cybersecurity & Data Breaches, Employment Privacy

Managing Workforce Cyber Risk in a Global Landscape: A Legal Review

Whether malicious or inadvertent, workforce actions cause or contribute to over half of cyber attacks experienced by organizations. Protecting against such “insider” cyber risks can be challenging, especially given the global web of privacy, communications secrecy, and employment laws that may be implicated by monitoring workforce use of IT resources.

Harriet Pearson and James Denvil, lawyers in the Hogan Lovells Privacy and Cybersecurity practice, have led the authorship of a white paper to help companies understand and navigate the workforce cyber risk landscape. An international team of privacy and cybersecurity lawyers from Hogan Lovells and select local counsel firms contributed to the analysis.

Continue Reading

Posted in Consumer Privacy, Privacy & Security Litigation

Court Trims FTC Complaint Asserting Deception and Unfairness Claims

Last week, the U.S. District Court for the Northern District of California dismissed three of six claims the Federal Trade Commission (FTC) asserted against D-Link Systems (D-Link) related to its sale of routers and IP cameras and related software and services.  The decision has implications for the pleading standards courts use to evaluate such claims at the motion to dismiss stage and for the FTC’s assertion of unfairness claims based on alleged likelihood of substantial consumer harm.

Continue Reading