In a recent column for The New York Times, Nils Muiznieks, the top human rights official for the Council of Europe, warned that recent surveillance laws in Europe undermine fundamental rights for European citizens. Plus, an October 29, 2015, resolution of the European Parliament complains of an “obvious downward spiral” resulting from mass surveillance laws in the U.S. and Europe. That certain European countries have laws permitting mass surveillance is not news to lawyers who follow the matter. In a 2012 whitepaper, we highlighted the broad and sometimes unsupervised powers of intelligence agencies of certain European governments. As Muiznieks’s column states, intelligence agencies are getting more surveillance power, not less. France’s July 2015 surveillance law permits intelligence agencies to scan metadata of all citizens in order to detect suspicious patterns. Other European countries are also broadening surveillance powers to protect against terrorism.
Christopher Wolf
Why the U.S. Is Held to a Higher Data Protection Standard Than France
The Auto Industry Is Serious About Connected Car Privacy
An issue that has started to appear on the privacy agenda is privacy and the “connected car.” Automakers here in the United States have taken the lead on privacy, and have answers to many of the inevitable privacy questions. Late last year the major automakers voluntarily agreed to a set of privacy and data security principles that will regulate how automakers collect, use, and share information. No other industry in the “Internet of Things” ecosystem of which connected cars are a part has done as much or has gone as far as automakers. The automakers understand that without the trust of consumers, new technologies will not be as readily embraced. The Privacy Principles provide a strong basis for such trust.
The Hidden Mini-Dissents in the Data Broker Report of Federal Trade Commissioner Wright
On May 27, the Federal Trade Commission issued a report on the data broker industry that found data brokers operate with a ”fundamental lack of transparency.” The commission unanimously recommended that Congress consider enacting legislation to make data broker practices more visible to consumers and to give consumers greater control over the immense amounts of personal information about them that are collected and shared by data brokers. Not well-recognized at the time were a number of concerns, mini-dissents if you will, expressed by Federal Trade Commissioner Josh Wright. I recently asked Commissioner Wright some questions about his “dissent by footnotes.”
Isabelle Falque-Pierrotin Selected Head of Article 29 Working Party
Isabelle Falque-Pierrotin, the recently reelected president of the French Data Protection Authority, the CNIL, was elected today to head the Article 29 Working Party for two years effective immediately.
Commerce Department General Counsel Pushes Back Against EU Attacks on US Privacy
The US privacy framework is under attack from officials in the EU following revelations about NSA surveillance. Yesterday, US Department of Commerce General Counsel Cameron Kerry delivered his valedictory address before his departure from his position next week, and focused both on the progress made by the Obama Administration in privacy and offered the strongest […]
EU VP Reding Uses PRISM as Lever to Push Enactment of Regulation and Questions EU-US Safe Harbor
Earlier today, in a brisk memo (reproduced in its entirety below), EU Vice President Viviane Reding called EU data protection reform “the answer to PRISM” and called PRISM a “wake-up call.” She itemized the need for broad jurisdiction and enforcement, and stated that governments collecting data on EU citizens outside their territory never should obtain it directly from […]
FTC Report Indicates That Almost One in Five Consumer Complaints Involves Identity Theft
This week, the Federal Trade Commission released its 2012 Annual Report of consumer complaints. For the thirteenth year in a row, identity theft was the number one complaint category, underscoring consumers’ continued focus on identity theft concerns. Identity theft complaints accounted for 18% of the overall complaints and far more than any other complaint category. […]
European Commission Explains: “Where There is EU-wide Impact,” National DPAs May Be Superseded
The European Commission’s DG Justice recently issued an explanation of how the proposed “consistency mechanism” in the General Data Protection Regulation will work, explaining that “the main innovations of the proposed [] Regulation relate to the institutional system it creates rather than to the substance of data protection law.” In summary, the Commission explained that ” […]
The FTC Revised COPPA Rule: Reflections After a Night to Sleep on It
Yesterday saw dozens of instant summaries of the Federal Trade Commission’s long- awaited revision to the Children’s Online Privacy Protection Act (COPPA) Rule, which becomes effective on July 1, 2013. We took a night “to sleep on it,” in order provide not just a summary, but some focused comments about the impact of yesterday’s rule […]
German Privacy Publication Features Hogan Lovells Piece on Proposed Data Protection Regulation
The German publication, Zeitschrift fur Datenschutz, has just published a piece authored by Christopher Wolf, director of the global Privacy and Information Management practice, entitled “A Critical Time for the EU Data Protection Regulation.” The article highlights issues that have been raised about the proposed Regulation, described as “real and substantial.” The point of the piece is […]
US Government Tells EU: “We Are Adequate”
U.S. Ambassador to the European Union William E. Kennard spoke yesterday at Forum Europe’s 3rd Annual European Data Protection and Privacy Conference and called for a finding by the EU that the privacy protections in the United States are “adequate,” thus allowing cross-border transfers of personal data without separate legal mechanisms. Canada, Uruguay and Israel are among the […]
Video Interview: Discussing the International Conference of Data Protection & Privacy Commissioners with LXBN TV
Upon my return from Uruguay and the International Conference of Data Protection & Privacy Commissioners, I had the opportunity to speak with Colin O’Keefe of LXBN regarding the event. In the brief interview, I offer thoughts on how close the EU and US are when it comes to privacy law and other important subjects I saw covered […]
Live Blogging from “The Public Voice” in Uruguay: WP 29 Chair Says Proposed EU Regulation is Not Tough Enough
At a meeting of civil society in Uruguay today, Article 29 Working Party Chair Jacob Konstamm decried the “fierce lobbying” by the US government and IT companies on the pending EU Regulation and spoke directly to the issue of the explicit consent requirement in the proposed Regulation; the definition of personal data; and the issue of purpose limitation.
Supreme Court Takes Up Driver’s Privacy Protection Act Issue
The Supreme Court has granted review in a case under the federal Driver’s Privacy Protection Act (DPPA) where plaintiffs’ lawyers used a state FOIA statute to obtain targets for solicitation to become plaintiffs in a case against car dealers for allegedly excessive fees. The case presents a conflict between the prohibition against obtaining drivers’ records for marketing and the statutory permission to use the records in connection with litigation.
Is There a Breach in the Dam Holding Back Damage Actions for Alleged Privacy Breaches?
Two recent federal cases alleging privacy violations in the mobile context have been allowed to proceed based on novel damages allegations. The long-standing presumption that mere exposure of personal data is insufficient for standing and damage actions may become irrelevant if plaintiffs are able to link the exposure to increased costs of device usage.
IBM’s Harriet Pearson to Join Hogan Lovells as a Partner in the Privacy Practice
We could not be more delighted to announce that Harriet Pearson, currently Vice-President, Security Counsel and Chief Privacy Officer at IBM, is joining Hogan Lovells as a partner in the Privacy and Information Management practice effective August 1.
Copy of Final FTC Privacy Report Now Available
A copy of the just-released FTC final Privacy Report, “Protecting Consumer Privacy in an Era of Rapid Change. An analysis will follow.
Crystal-balling Monday’s FTC Announcement of its Final Privacy Report
This entry predicts some of the items likely to be included in the Final FTC Privacy Report to be released on Monday, March 26.
Hogan Lovells Submits Comments on Proposed EU Regulation to UK Ministry of Justice
The United Kingdom Ministry of Justice is engaged in a consultation on the impact of the proposal of the European Commission for a Data Protection Regulation to replace the EU Directive and implementing legislation, and solicited submissions by 6 March. On 29 February 2012, Hogan Lovells held a session in London for clients where we sought and obtained views on the impact of the proposals made by the European Commission for a new Data Protection Regulation. Yesterday, the firm made a submission to the Ministry of Justice on the proposed Regulation. This document contains a distillation of our own observations and comments made to us by clients.
Hogan Lovells to Moderate March 1 IAPP White House Privacy Framework Web Conference
The IAPP is presenting a webinar this Thursday, March 1 from 1 to 2:30 PM EST on the just-announced White House privacy framework. Speakers include one of the architects of the framework, Daniel Weitzner, Associate Administrator for Policy at the National Telecommunications and Information Administration in the Department of Commerce. Hogan Lovells’ Chris Wolf will moderate.
Full Text of Administration Privacy Proposal Released; DAA Makes Browser Do Not Track Announcement
This blog entry contains a link to the full text of the Administration’s privacy proposal to be more fully unveiled later today at a White House event to which Hogan Lovells has been invited. Also here is news of the Digital Advertising Alliance announcement of a major Do Not Track initiative under which advertising networks will respect browser-based Do Not Track instructions.
Firm Privacy Leader Testifies in US Senate on Video Privacy
Chris Wolf, co-chair of the Hogan Lovells Privacy and Information Management Practice today testified before the United States Senate Judiciary Subcomittee on Privacy, Technology and the Law at a hearing on “The Video Privacy Protection Act: Protecting Viewer Privacy in the 21st Century.” His spoken testimony is in this blog entry, and a copy of his written testimony is available through this post.
Supreme Court Decision in Warrantless GPS Tracking Case Offers Little Guidance in Consumer Privacy Context
Sometimes Fourth Amendment cases (which by definition arise in a governmental context) have implications for consumer privacy law since the “reasonable expectation of privacy” analysis can be employed in both areas. Yesterday’s U.S. Supreme Court 9-0 ruling in United States v. Jones that the warrantless attachment of a GPS device to a car for monitoring purposes violated the Fourth Amendment offers little guidance in the consumer privacy context because the opinion for the Court did not rely on an “expectation of privacy” analysis.
Announcement from European Commission on Comprehensive Data Protection Reform Coming Wednesday
Despite rumors of delay, the formal announcement of a proposed comprehensive reform of the data protection framework in the European Union is now set for this Wednesday, January 25 at 12:30 CET (6:30 AM EST). This blog entry contains a link to the videostream of the announcement, as well as a synopsis and link to a video of a speech on Saturday by EU Justice Vice-President Viviene Reding. The Commission’s Data Privacy Day video on personal responsibility to protect privacy also is linked to.