FCC Proposes Privacy and Security Regulations for Internet Service Providers
On March 10, FCC Chairman Tom Wheeler issued a “fact sheet” summarizing a sweeping proposal to regulate the privacy and data-security practices of Internet service providers. The proposal would subject ISPs to new stringent requirements that other participants in the Internet ecosystem do not face because they are subject only to the more elastic oversight of the Federal Trade Commission under that agency’s general “unfair or deceptive” standard.
The EU-U.S. Privacy Shield Is a Victory for Common Sense and Transatlantic Good Will
*This post originally appeared in the Council on Foreign Relations’ Net Politics Blog on March 1, 2016.
When the Court of Justice of the European Union (CJEU) struck down Safe Harbor last year, it did so on the basis that the European Commission had not determined whether European data transferred to the United States enjoyed the same protections as in the European Union. Despite the fact a recent Sidley Austin report found that many U.S. privacy protections are essentially equivalent—if not stronger—than the European Union’s in national security matters and comparable in other areas, the Commission clearly needed to replace Safe Harbor with something else to satisfy the CJEU and domestic privacy activists.
Technology Companies Should Prepare for Implications of China’s New Anti-Terrorism Law
On January 1, 2016, China’s National People’s Congress Standing Committee enacted the new Anti-Terrorism Law (反恐怖主义法) that gives broad powers to the Chinese authorities to access and handle data held by telecommunications operators and internet providers (together, “Technology Companies”). This law provides a legal framework to compel Technology Companies to cooperate and assist the Chinese authorities to combat the threat of “terrorism.”
Details of the EU-U.S. Privacy Shield Are Published
The much-anticipated documentation for the EU-U.S. Privacy Shield, a new framework on transatlantic data flows, was published by the European Commission on February 29, 2016. The framework now will undergo a process of review and approval, including by the EU’s Article 29 Working Party, which is due to finish its review by the end of March 2016. If approved, it will take effect after an implementation period, during which all companies that wish to use the Privacy Shield as a basis for data transfers will have to certify in accordance with the new framework.
Essentially Equivalent: A Comparison of the Legal Orders for Privacy and Data Protection in the European Union and United States
In a milestone decision on transatlantic data protection, the Court of Justice of the European Union (CJEU) issued its judgment in the Schrems case, declaring the Commission decision on the EU-U.S. Safe Harbor agreement invalid. The CJEU declared that such a decision requires a finding that the level of protection of fundamental rights and freedoms in the laws and practices of the third country is “essentially equivalent” to that guaranteed within the EU. Given the CJEU’s decision, the Commission and data protection authorities are now called upon to examine the legal order in the U.S. and compare its level of protection to that within the EU.
This report provides a roadmap and resource for this comparison. Following the analysis laid out by the CJEU in Schrems, it shows how privacy values deeply embedded in U.S. law and practice have resulted in a system of protection of fundamental rights and freedoms that meets the test of essential equivalency.
Top Ten Data Protection and Privacy Issues to Watch in 2016
*This post originally appeared in Law360 on January 7, 2016.
While 2015 was a big year in data, 2016 may prove to be even bigger. Many hot button and game changing topics are being debated in legislative bodies and campaign trails, regulators are focused, and privacy-related litigation continues to rise. Below, we count down the top ten cybersecurity, data protection and privacy issues to watch in 2016.
Happy New Year!
From the invalidation of Safe Harbor to agreements on the EU Regulation, from EU cybersecurity legislation to US cybersecurity legislation, from flexed and tested regulatory enforcement powers to multiple noteworthy cybersecurity guidance from regulators and other governmental entities, to changes in state laws, 2015 was an enormously eventful year in data protection and privacy. We invite you to browse our archives and use our tags to catch up on any of the hottest stories you may have missed.
As 2015 comes to a close, we wish all our readers a Happy New Year from Sidley’s Privacy, Data Security and Information Law practice, and may all your data be secure in 2016.
Negotiations on the General Data Protection Regulations Continue
As the legislative journey for the General Data Protection Regulation (“GDPR”) nears its conclusion, last week (Nov. 27,2015) saw the publication of a further compromise text which left the door open for additional “trilogue” discussions on the much-debated subjects of administrative fines, data protection officers (“DPOs”), and data breaches, as well as details of other provisions.
The second edition of The Privacy, Data Protection and Cybersecurity Law Review is now available
The second edition of The Privacy, Data Protection and Cybersecurity Law Review appears as the world is converging on more privacy laws that cover more areas of business and are subject to more enforcement. Several Sidley lawyers in the Privacy, Data Security and Information Law practice have contributed to this publication, including Alan Charles Raul, William RM Long, Geraldine Scali, Catherine M. Valerio Barrad, Yuet Ming Tham, Jillian Lee, Takahiro Nonaka, Tasha D. Manoranjan, and Vivek K. Mohan. For a closer look at this developing area of law, please visit http://www.sidley.com/the-privacy-data-protection-and-cybersecurity-law-review-11-2015.
The Opportunities and the Challenges of Big Data for Business and Public Policy*
*Based on Remarks at the Big Data East Big Data Innovation Conference, September 9, 2015
I believe in the enormous potential of big data. Erik Brynolfsson and Andrew McAfee, authors of The New Machine Age and leading scholars of the digital economy, have compared the power and granularity of computational science to the transformation in understanding of nature that occurred when Anton Van Leuwenhook first peered at samples through his newly-invented microscope. We are seeing new advances in medicine, in social science, new ways of teasing out causation from correlation.
