Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: data privacy

Posted in News & Events

Upcoming Webinar on Privacy and the Internet of Things

Join us tomorrow, October 25 for the next installment of our 2017 Internet of Things webinar series and get practical guidance on privacy compliance challenges presented by the Internet of Things.

Posted in Privacy & Security Litigation

U.S. Supreme Court Takes Microsoft Corp. v. United States in Law Enforcement Access Row

Last Monday, the Supreme Court granted certiorari in the Microsoft search warrant case, a case in which Microsoft challenged the U.S. government’s right to use the warrant process to obtain certain emails stored overseas. Some view the upcoming decision as signaling the level of access the U.S. government will have to the growing troves of data U.S.-based technology companies hold about citizens of the world. And regulators in the EU and other jurisdictions may view a reversal of the Second Circuit decision as a negative factor when considering the protections the U.S. government afford their citizens’ data. The case was previously decided twice in Microsoft’s favor in the Second Circuit, which declined to grant en banc review by a 4-4 decision.

Posted in International/EU Privacy

Big Data and Digital Markets Remain in the Focus of Competition Authorities – German FCO Continues to Lead the Way

On 6 October, the German Federal Cartel Office launched its new series of papers on “Competition and Consumer Protection in the Digital Economy.” The first paper deals with “Big Data and Competition.” The same day, a “real-life example” of competition enforcement in Big Data became public. The EU Commission confirmed unannounced inspections in “a few Member States” concerning online access to bank customer’s account data by competing service providers.

Posted in Health Privacy/HIPAA, International/EU Privacy

Focus on Google DeepMind under the GDPR’s Lens

The Information Commissioner’s Officer ruled, on 3 July 2017, that the Royal Free NHS Foundation Trust had failed to comply with the Data Protection Act 1998 when it provided 1.6 million patient details to Google DeepMind as part of a trial diagnosis and detection system for acute kidney injury, and required the Trust to sign an undertaking. The investigation brings together some of the most potent and controversial issues in data privacy today; sensitive health information and its use by the public sector to develop solutions combined with innovative technology driven by a sophisticated global digital company. This analysis provides insight on the investigation into Google DeepMind with focus on how the General Data Protection Regulation may impact the use of patient data going forward.

Posted in Employment Privacy, International/EU Privacy

New Case Law on Restrictions for Employee Monitoring in the Workplace in Germany

According to the German Federal Labor Court, Germany’s highest court for employment disputes, German employers are not allowed to monitor employees in the workplace without a concrete suspicion of a criminal violation or, in some cases, a serious breach of duty. This means that employer monitoring of an employee’s computer usage without a concrete suspicion, including the use of keylogging software that records all keyboard entries made at a desktop computer does not comply with German data privacy laws. Courts may exclude evidence obtained under violation of German data privacy laws from their proceedings.

Posted in Consumer Privacy

Consumer Protection Enforcement is #trending: How to Avoid FTC and State Investigations, and What to do When You Get the Knock on the Door

Join us for a discussion of hot topics in Federal Trade Commission (FTC) and state consumer protection enforcement. Partners Bret Cohen, Meghan Rissmiller, and Steven Steinborn will cover recent developments and enforcement trends in data privacy/security, advertising/endorsements, and claim substantiation in practice before the FTC and state authorities.

Posted in International/EU Privacy

Polish DPA Releases Data Privacy Inspection Plans – Targets Health, Shopping

The Polish Data Protection Authority has just released its inspection plans for 2017. This year, the GIODO has decided to target its review of compliance with data protection laws on the health services sector, as well as on the consumer sector, with particular attention to certain profiling activities taking place in stores and shopping malls.

Posted in International/EU Privacy

Why the GDPR is Good News for Business

Not many people will remember this but in 2008, Richard Thomas, the former UK Information Commissioner caused a fairly dramatic stir in the privacy world – at least among policy makers and fellow regulators – by unashamedly proclaiming that European data protection law was outdated and ineffective to address the technological and privacy challenges of the 21st century. At first, this was regarded by some as an embarrassing admission that could not possibly be right. But only two years later, the European Commission started a process of wholesale legislative reform that culminated with the adoption of the EU General Data Protection Regulation in April 2016. We all know by now that the GDPR is the result of many political and regulatory compromises caused by the precarious balance created by the various forces at play – the unstoppable development of technology, the increasing value of data, the urgent need to protect people’s digital lives, and the prosperity of Europe and the rest of the work.

Posted in International/EU Privacy

Philippines Finalizes Data Privacy Act Implementing Rules

The Philippines’ first comprehensive data protection law, the Data Privacy Act of 2012, took effect on 8 September 2012. The Act mandated the creation of a National Privacy Commission to implement, enforce and monitor compliance with the Act, with one of its duties to promulgate rules and regulations to effectively implement the provisions of the Act. It was not until March 2016 that the NPC was officially formed, and soon after issued draft implementing rules and regulations of the Act. Following a period of public consultation, the implementing rules and regulations were finalised and formally promulgated on 24 August 2016 and will come into effect today, 9 September 2016.

Posted in International/EU Privacy

Julie Brill Advocates in Support of Privacy Shield

The free flow of data is essential to an ever-growing segment of the global economy. Yet some policymakers and advocates, citing privacy concerns, have called for shutting off the faucet and restricting data flow, to the detriment of European consumers and European businesses, both small and large. After much debate, a major European court opinion, and at least one act of Congress to address the issue, a solution is at hand that will enhance real, enforceable privacy protections on both sides of the Atlantic.

Posted in Employment Privacy, International/EU Privacy

French Court Limits the Scope of Employee Data Protection

In a previous post back in 2010, we discussed a then-new data-privacy case decided by the French Cour de Casson (high court), called Bruno B v. Giraud et Migot, Cour de Cassation [Cass.], soc., Paris, 15 Dec. 2009, No. 07-44264. As we said at the time, Bruno B was “a significant development” because, previously, French privacy laws offered an extremely high level of protection for employees’ data, as exemplified by the 2001 decision, Nikon France v. Onof, Cour de Cassation [Cass.], soc., 2 Oct. 2001, No. 4164.

Posted in Consumer Privacy, Cybersecurity & Data Breaches

FTC Provides Guidance to (All) Mobile App Developers

Following up on a public workshop held earlier this year, today the Federal Trade Commission (FTC) issued a set of truth-in-advertising and privacy guidelines for mobile device application (app) developers. Titled “Marketing Your Mobile App: Get it Right From the Start,” the guidelines provide an overview of key issues for all app developers to consider.