Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: privacy by design

Posted in International/EU Privacy

Spanish DPA Publishes Guide for Satisfying PbD Obligation

On October 17, the Spanish data protection authority published the Guide to Privacy by Design. While Privacy by Design first became a legal requirement in the EU with implementation of the General Data Protection Regulation, it is a well-known concept among privacy professionals that dates back to the 1990s. PbD should be construed as “the need to consider privacy and the principles of data protection from the inception of any type of processing.” It is a concept focused on risk management and accountability that aims to incorporate privacy protections throughout the life cycle of systems, services, products, and processes. It involves the application of measures for privacy protection among all business processes and practices associated to personal data.

Posted in Consumer Privacy, Cybersecurity & Data Breaches

Online Trust Alliance Releases Internet of Things Trust Framework

One of the most common devices in the emerging Internet of Things (IoT) was reportedly discovered to have a bug. According to the research firm Fortinet, a popular fitness tracker was vulnerable to wireless attacks through its unsecured Bluetooth port. A savvy attacker could install malware wirelessly within ten seconds—simply by coming within a few feet of the tracker. When the device’s owner returned home to sync daily activity with a computer, the malware could, in principle, infect the computer as well.

Posted in International/EU Privacy

Regulators Write to Manufacturers to Highlight Concerns Over Connected Devices

The UK and Canadian data protection regulators have written to webcam manufacturers to highlight concerns about the safety of internet-connected devices and to enlist their assistance in reducing the risks posed by their products. In particular, the regulators call for manufacturers to roll out privacy-friendly default settings, implement “privacy by design” – whereby data protection and privacy considerations are built into the design and manufacturing process – and provide increased guidance to consumers about ensuring the security of devices.

Posted in Consumer Privacy, Cybersecurity & Data Breaches, International/EU Privacy

Guidance on Establishing and Maintaining a Privacy Management Infrastructure

Privacy law compliance means not only ensuring that compliance gaps are identified and remediated, but also that there is a privacy management infrastructure to ensure that privacy issues are handled on an ongoing basis. Attending to the infrastructure task can be challenging.
To aid in this effort, on April 17th Canada’s privacy commissioner, along with the privacy commissioners of the provinces of Alberta and British, issued a guidance document entitled “Getting Accountability Right with a Privacy Management Program,” along with an “At a Glance” two-page summary. These materials are summarized in this entry.

Posted in International/EU Privacy

New Article by Hogan Lovells Partner Examines Proposed EU Regulation

We are pleased to provide an English language translation of Paris Office Partner Winston Maxwell’s article examining the European Commission’s proposed regulation on data protection, focusing on the Commission’s choice of a regulation as opposed to a directive, and the new obligations that will be imposed on companies, including the accountability principle, privacy by design and the obligation to conduct privacy impact assessments (PIA) for certain kinds of processing. The article describes the proposed changes to the rules on applicable law, which are designed to bring certain non-European websites within the scope of European privacy rules, the proposed “right to be forgotten” and right to data portability.

Posted in Consumer Privacy

App Privacy is in the News Again

This blog entry describes and links to articles from today’s Wall Street Journal and New York Times concerning the proliferation of appps (at the expense of software manufacturers) and the issue of app privacy, and how industry is addressing it. Hogan Lovells’ Chris Wolf is quoted in the Times article on how app developers should invest in creating privacy policies as a fundamental requirement, and a free webinar on app privacy hosted by the Mobile Marketing Association in conjunction with the Future of Privacy Forum is described, with a registration link.

Posted in International/EU Privacy

Looking Back at the eG8

In a recent article Christopher Wolf looks back at the e-G8 conference and pleads for better transatlantic cooperation on privacy matters, explaining the tension between U.S. First Amendment traditions, and certain European proposals including the right to be forgotten.

Posted in International/EU Privacy

French Parliamentary Commission Recommends Privacy Law Reform Citing Testimony of Hogan Lovells Privacy Lawyer

After a year of hearings, including meetings in Washington with the FTC and DOJ, a French parliamentary commission released its findings on the protection of individual rights in the digital revolution. The 384-page report from the French National Assembly contains recommendations on cloud-computing, privacy by design, and EU privacy law reform.

Posted in International/EU Privacy

Europe’s Article 29 Working Party issues smart meter guidelines

Europe’s group of data protection authorities, the Article 29 Working Party, issued an opinion on smart meters, which goes into surprising detail on points such as the size of the display for the user interface, the need for a ‘push button’ consent module for consumers, the need to keep load graph data stored locally whenever possible. The Art 29 WP stresses the need for energy suppliers and third party energy service companies to develop detailed data retention policies to ensure smart meter data are deleted as soon as no longer needed.

Posted in Consumer Privacy

Court Finds NebuAd Users Gave Valid Consent to Monitoring

On December 13, 2010 a Federal District Court in Montana dismissed many of the claims brought against an ISP in connection with the ISP’s use of NebuAd monitoring technology. The court held that users had validly consented to the monitoring technology. The NebuAd case usefully focuses on the issue of user consent, rather than on technological distinctions between ISPs and service providers at the edge.

Posted in International/EU Privacy

Privacy by Design for Italian Smart Grid

A presentation by Hogan Lovells privacy partners compares European Commission “EG2” privacy recommendations for smart grids with the comparable recommendations of the NIST. We explain the concept of “privacy by design” in the smart grid environment and the use of detailed privacy use cases to mitigate system risks. The presentation compares the U.S. concept of “PII” with the European concept of “personal data” and discusses the risks associated with transferring household electricity data to third parties, as is mandated by California and Italian law.

Posted in Consumer Privacy

Rep. Rush Introduces Privacy Bill to Regulate Collection and Use of Personal Information

On July 19, Rep. Bobby Rush (D-Ill.), chairman of the House Energy and Commerce Subcommittee on Commerce, Trade, and Consumer Protection, introduced a privacy bill that would codify certain fair information principles into law for certain “covered entities” that collect, maintain, use, and transfer to third parties any “covered information” (consisting of personally identifiable information as well as any “unique identifier,” including IP addresses).

Posted in Consumer Privacy, Cybersecurity & Data Breaches

FCC Seeks Comment on Numerous Broadband Privacy Issues

The Federal Communications Commission released a Public Notice this week seeking further comment on numerous privacy issues as part of its National Broadband Plan proceeding.  Based on questions raised in a recent Center for Democracy & Technology filing, some of the broad issues that the Notice seeks comment on include: Consumer expectations of privacy, and how to […]