Category

Online Privacy

21 November 2017

Jamaica’s New Privacy Protection Bill

On 10 October 2017, Jamaica introduced into its House of Parliament a comprehensive Bill for privacy and data protection, entitled “An Act to Protect the Privacy of Certain Data and for Connected Matters.”  The new law would cover personal data, including data in an “accessible record” such as a health record or an educational record.  If passed, the new law will be named the “Data Protection Act, 2017.”  (more…)

SHARE
EmailPrintShare
13 November 2017

U.S. Consumer Financial Protection Bureau’s Principles for Data Aggregation Services Could Have Broad Implications

On Oct. 18, 2017, the Consumer Financial Protection Bureau (CFPB) released a set of consumer protection principles (Principles) designed to protect consumer interests in the market for services built around consumer-approved use of financial information. The Principles are targeted to so-called “data aggregation” or “screen scraping” services that collect customer information in order to provide financial planning or other services. Over the past few years, data aggregation services and banks have struggled to develop the right model for sharing customer account data. The Principles issued by the CFPB seek to provide a potential data-sharing model for banks and data aggregation services while protecting consumer interests.

(more…)

SHARE
EmailPrintShare
31 October 2017

Article 29 Working Party Publishes Draft Guidelines on Notification of Personal Data Breaches Notification Under the GDPR

On October 3, 2017, the Article 29 Working Party (“WP29”) adopted draft guidelines regarding notification of personal data breaches under the EU’s General Data Protection Regulation (“GDPR”) which will require breach notification within 72 hours of awareness of a breach. (“Draft Guidelines”) (The Draft Guidelines appear to have been released for public comment during the week of 16th October). The deadline for comment is November 24, 2017. The Draft Guidelines are available here. The WP29 is a collective of EU data privacy supervisory authorities (“DPAs”). (more…)

SHARE
EmailPrintShare
24 October 2017

NIST’s Digital Identity Guidelines Favor the User

With the continued rise of data breaches rooted in a compromise of user credentials, interest has continued to build in more secure form of digital identities for authentication.  Supporting controls for federal agencies as well as innovation in the market, the National Institute of Standards and Technology (“NIST”) published its four-volume Digital Identity Guidelines earlier this year on June 22, 2017. The Guidelines encourage online service providers (“OSPs”) to adopt design practices that promise to reduce unnecessary user frustration with password and identity verification systems, while at the same time increasing security.  The primary purpose of the Guidelines is to promulgate technical requirements for federal agencies, businesses, however, could use the Guidelines as a baseline for their own cybersecurity systems—both to establish credibility and enhance the user experience. (more…)

SHARE
EmailPrintShare
17 October 2017

U.S. Supreme Court to Weigh in on Extraterritorial Search Warrant Dispute

On October 16, 2017, the U.S. Supreme Court granted the U.S. government’s request for review of a lower court decision that rejected the government’s construction of the Stored Communications Act (SCA) and embraced a more restrictive view that Microsoft had advanced, backed by much of the tech industry and many privacy groups. (more…)

SHARE
EmailPrintShare
02 October 2017

Illinois’ Governor Vetoes the Geolocation Privacy Bill

On September 22, 2017, Illinois Governor Bruce Rauner vetoed the proposed Geolocation Privacy Protection Act, which sought to limit the collection, use, retention, or disclosure of precise geolocation data from a mobile device without a person’s prior express and written consent.  The General Assembly originally passed the bill on June 27, 2017.  (For more background on the bill, see Illinois Becomes the First State to Pass a Geolocation Privacy Protection Bill (July 5, 2017)). (more…)

SHARE
EmailPrintShare
26 September 2017

ECHR Ruled on Monitoring of Employee’s Electronic Communication

On 5 September 2017, the Grand Chamber of the European Court of Human Rights (the “ECHR”) overturned  the previous decision of the ECHR (sitting as a Chamber) and ruled that the Romanian courts had failed to strike a fair balance between the interest of an employer to monitor its employees’ electronic communications to ensure the smooth operation of the company and the employee’s right to respect for his private life and correspondence under Article 8 of the European Convention on Human Rights. However, in a question and answer  section on its website the EHCR made it clear that the ruling does not mean that employers cannot monitor employee’s communications at work. Employers may still monitor their employee’s communications as long as such a measure is accompanied by “adequate and sufficient safeguards against abuse.” (more…)

SHARE
EmailPrintShare
19 September 2017

European Commission prioritizes cybersecurity, GDPR compliance and free flow of data

On 13 September 2017, the European Commission presented its draft work program for the next sixteen months up to the end of 2018.  In addition to boosting jobs, growth and investments, the European Commission’s main priority is to improve and strengthen the Single Digital Market, where individuals as well as businesses can seamlessly access and exercise online activities under conditions of fair competition and a high level of consumer and personal data protection.  With that objective in mind, the European Commission plans to launch the following initiatives between now and the end of 2018:

(more…)

SHARE
EmailPrintShare
23 August 2017

FTC Uber Settlement Mandates a Comprehensive Privacy Program, Sheds Light on “Reasonable Data Security” Expectations, and Underscores Importance of Insider Threat Prevention

On August 15, the FTC announced that it had reached an agreement with Uber to settle allegations that the company had made deceptive claims about its privacy and data security practices. The FTC’s settlement with Uber has important implications for privacy and data security measures that companies could take, and the representations they and their employees make in these areas. It also shed greater light on what the FTC means by “reasonable data security” measures that companies should implement, and underscores the importance of maintaining a robust insider threat prevention program. (more…)

SHARE
EmailPrintShare
17 August 2017

Influential Stakeholders Debate a Cross-Sector Approach in Using Big Data for Improving Human Health

Big Data has been a hot topic of discussion in recent years. This was especially the case in Brussels, where the fiercely debated EU General Data Protection Regulation (GDPR) was adopted in 2016. A major concern for all of us is personal privacy. Less discussed is the use of Big Data for social good.

A traditional sectoral approach to harnessing the potential of Big Data for social good is insufficient. This is the case in terms of organisations from different sectors partnering to develop new technologies. It also means that legislation and policies on Big Data must be forward thinking and facilitate cross-sectoral co-operation. (more…)

SHARE
EmailPrintShare
1 2 3 7
XSLT Plugin by BMI Calculator