this blog entry details the FTC’s settlement and consent decree with Myspace, and enforcement action that focused on the fact that a “Friend ID”, despite being non-PII, was linked to a user’s Myspace profile so that third-party advertisers could use the Friend ID to easily obtain the PII resident on a user’s profile. In effect, the FTC took the position that by sharing the Friend IDs with third parties, Myspace also constructively shared all of the PII accessible from a user’s Myspace profile with those third parties, in violation of privacy policy promises not to share. As such, this enforcement action may signal that a business canntt get around promises not to share PII with third parties simply by sharing a piece of non-PII that enables a third party subsequently to obtain access to PII maintained by that business.
Tag Archives: Safe
Pending Revision of EU Directive Prompts Questions About Safe Harbor
The pending proposal from the European Commission for revision of the EU Directive (expected in early 2012) raises questions about the efficacy under a revised Directive of the EU-US Safe Harbor framework, which permits the legal cross-border transfer of personal data from the EU to the US for companies enrolled in the Safe Harbor and committed to the requisite privacy protections. That’s the recent observation in Europolitics, the European Affairs daily, quoted in this blog entry, along with the rousing defense of the Safe Harbor offered by Google’s Global Privacy Counsel Peter Fleischer.
Draft “Commercial Privacy Bill of Rights Act of 2011” Published
This blog entry details the major provisions of the draft Kerry/McCain privacy legislation that is circulating around Washington. As explained in the posting, the proposed law would impose major and significant new obligations on businesses dealing with personal information.