In a recent column for The New York Times, Nils Muiznieks, the top human rights official for the Council of Europe, warned that recent surveillance laws in Europe undermine fundamental rights for European citizens. Plus, an October 29, 2015, resolution of the European Parliament complains of an “obvious downward spiral” resulting from mass surveillance laws in the U.S. and Europe. That certain European countries have laws permitting mass surveillance is not news to lawyers who follow the matter. In a 2012 whitepaper, we highlighted the broad and sometimes unsupervised powers of intelligence agencies of certain European governments. As Muiznieks’s column states, intelligence agencies are getting more surveillance power, not less. France’s July 2015 surveillance law permits intelligence agencies to scan metadata of all citizens in order to detect suspicious patterns. Other European countries are also broadening surveillance powers to protect against terrorism.
An issue that has started to appear on the privacy agenda is privacy and the “connected car.” Automakers here in the United States have taken the lead on privacy, and have answers to many of the inevitable privacy questions. Late last year the major automakers voluntarily agreed to a set of privacy and data security principles that will regulate how automakers collect, use, and share information. No other industry in the “Internet of Things” ecosystem of which connected cars are a part has done as much or has gone as far as automakers. The automakers understand that without the trust of consumers, new technologies will not be as readily embraced. The Privacy Principles provide a strong basis for such trust.
On May 27, the Federal Trade Commission issued a report on the data broker industry that found data brokers operate with a ”fundamental lack of transparency.” The commission unanimously recommended that Congress consider enacting legislation to make data broker practices more visible to consumers and to give consumers greater control over the immense amounts of personal information about them that are collected and shared by data brokers. Not well-recognized at the time were a number of concerns, mini-dissents if you will, expressed by Federal Trade Commissioner Josh Wright. I recently asked Commissioner Wright some questions about his “dissent by footnotes.”
Isabelle Falque-Pierrotin, the recently reelected president of the French Data Protection Authority, the CNIL, was elected today to head the Article 29 Working Party for two years effective immediately.
The US privacy framework is under attack from officials in the EU following revelations about NSA surveillance. Yesterday, US Department of Commerce General Counsel Cameron Kerry delivered his valedictory address before his departure from his position next week, and focused both on the progress made by the Obama Administration in privacy and offered the strongest […]
Earlier today, in a brisk memo (reproduced in its entirety below), EU Vice President Viviane Reding called EU data protection reform “the answer to PRISM” and called PRISM a “wake-up call.” She itemized the need for broad jurisdiction and enforcement, and stated that governments collecting data on EU citizens outside their territory never should obtain it directly from […]
This week, the Federal Trade Commission released its 2012 Annual Report of consumer complaints. For the thirteenth year in a row, identity theft was the number one complaint category, underscoring consumers’ continued focus on identity theft concerns. Identity theft complaints accounted for 18% of the overall complaints and far more than any other complaint category. […]
The European Commission’s DG Justice recently issued an explanation of how the proposed “consistency mechanism” in the General Data Protection Regulation will work, explaining that “the main innovations of the proposed  Regulation relate to the institutional system it creates rather than to the substance of data protection law.” In summary, the Commission explained that ” […]
Yesterday saw dozens of instant summaries of the Federal Trade Commission’s long- awaited revision to the Children’s Online Privacy Protection Act (COPPA) Rule, which becomes effective on July 1, 2013. We took a night “to sleep on it,” in order provide not just a summary, but some focused comments about the impact of yesterday’s rule […]
The German publication, Zeitschrift fur Datenschutz, has just published a piece authored by Christopher Wolf, director of the global Privacy and Information Management practice, entitled “A Critical Time for the EU Data Protection Regulation.” The article highlights issues that have been raised about the proposed Regulation, described as “real and substantial.” The point of the piece is […]
U.S. Ambassador to the European Union William E. Kennard spoke yesterday at Forum Europe’s 3rd Annual European Data Protection and Privacy Conference and called for a finding by the EU that the privacy protections in the United States are “adequate,” thus allowing cross-border transfers of personal data without separate legal mechanisms. Canada, Uruguay and Israel are among the […]
Upon my return from Uruguay and the International Conference of Data Protection & Privacy Commissioners, I had the opportunity to speak with Colin O’Keefe of LXBN regarding the event. In the brief interview, I offer thoughts on how close the EU and US are when it comes to privacy law and other important subjects I saw covered […]
At a meeting of civil society in Uruguay today, Article 29 Working Party Chair Jacob Konstamm decried the “fierce lobbying” by the US government and IT companies on the pending EU Regulation and spoke directly to the issue of the explicit consent requirement in the proposed Regulation; the definition of personal data; and the issue of purpose limitation.
The Supreme Court has granted review in a case under the federal Driver’s Privacy Protection Act (DPPA) where plaintiffs’ lawyers used a state FOIA statute to obtain targets for solicitation to become plaintiffs in a case against car dealers for allegedly excessive fees. The case presents a conflict between the prohibition against obtaining drivers’ records for marketing and the statutory permission to use the records in connection with litigation.
Two recent federal cases alleging privacy violations in the mobile context have been allowed to proceed based on novel damages allegations. The long-standing presumption that mere exposure of personal data is insufficient for standing and damage actions may become irrelevant if plaintiffs are able to link the exposure to increased costs of device usage.
We could not be more delighted to announce that Harriet Pearson, currently Vice-President, Security Counsel and Chief Privacy Officer at IBM, is joining Hogan Lovells as a partner in the Privacy and Information Management practice effective August 1.
A copy of the just-released FTC final Privacy Report, “Protecting Consumer Privacy in an Era of Rapid Change. An analysis will follow.
This entry predicts some of the items likely to be included in the Final FTC Privacy Report to be released on Monday, March 26.
The United Kingdom Ministry of Justice is engaged in a consultation on the impact of the proposal of the European Commission for a Data Protection Regulation to replace the EU Directive and implementing legislation, and solicited submissions by 6 March. On 29 February 2012, Hogan Lovells held a session in London for clients where we sought and obtained views on the impact of the proposals made by the European Commission for a new Data Protection Regulation. Yesterday, the firm made a submission to the Ministry of Justice on the proposed Regulation. This document contains a distillation of our own observations and comments made to us by clients.
The IAPP is presenting a webinar this Thursday, March 1 from 1 to 2:30 PM EST on the just-announced White House privacy framework. Speakers include one of the architects of the framework, Daniel Weitzner, Associate Administrator for Policy at the National Telecommunications and Information Administration in the Department of Commerce. Hogan Lovells’ Chris Wolf will moderate.
This blog entry contains a link to the full text of the Administration’s privacy proposal to be more fully unveiled later today at a White House event to which Hogan Lovells has been invited. Also here is news of the Digital Advertising Alliance announcement of a major Do Not Track initiative under which advertising networks will respect browser-based Do Not Track instructions.
Chris Wolf, co-chair of the Hogan Lovells Privacy and Information Management Practice today testified before the United States Senate Judiciary Subcomittee on Privacy, Technology and the Law at a hearing on “The Video Privacy Protection Act: Protecting Viewer Privacy in the 21st Century.” His spoken testimony is in this blog entry, and a copy of his written testimony is available through this post.
Sometimes Fourth Amendment cases (which by definition arise in a governmental context) have implications for consumer privacy law since the “reasonable expectation of privacy” analysis can be employed in both areas. Yesterday’s U.S. Supreme Court 9-0 ruling in United States v. Jones that the warrantless attachment of a GPS device to a car for monitoring purposes violated the Fourth Amendment offers little guidance in the consumer privacy context because the opinion for the Court did not rely on an “expectation of privacy” analysis.
Despite rumors of delay, the formal announcement of a proposed comprehensive reform of the data protection framework in the European Union is now set for this Wednesday, January 25 at 12:30 CET (6:30 AM EST). This blog entry contains a link to the videostream of the announcement, as well as a synopsis and link to a video of a speech on Saturday by EU Justice Vice-President Viviene Reding. The Commission’s Data Privacy Day video on personal responsibility to protect privacy also is linked to.