Technology Companies Should Prepare for Implications of China’s New Anti-Terrorism Law
On January 1, 2016, China’s National People’s Congress Standing Committee enacted the new Anti-Terrorism Law (反恐怖主义法) that gives broad powers to the Chinese authorities to access and handle data held by telecommunications operators and internet providers (together, “Technology Companies”). This law provides a legal framework to compel Technology Companies to cooperate and assist the Chinese authorities to combat the threat of “terrorism.”
The European Court of Human Rights Rules that an Employer did not Breach its Employee’s Privacy Rights by Monitoring his Email Account
The European Court of Human Rights (“ECtHR”) ruled earlier this month that an employer’s monitoring of an employee’s personal emails in a work-related Yahoo account was not a breach of the employee’s Article 8 privacy rights (“the right to respect for private and family life, the home and correspondence”). The court’s ruling was not a general approval of employee monitoring, but was dependant on several critical facts, including the employer’s policy completely prohibiting personal communications on work accounts, and the limited nature of the monitoring into only the work account.
Top Ten Data Protection and Privacy Issues to Watch in 2016
*This post originally appeared in Law360 on January 7, 2016.
While 2015 was a big year in data, 2016 may prove to be even bigger. Many hot button and game changing topics are being debated in legislative bodies and campaign trails, regulators are focused, and privacy-related litigation continues to rise. Below, we count down the top ten cybersecurity, data protection and privacy issues to watch in 2016.
Agreement Reached on EU General Data Protection Regulation
After almost four years of intense negotiations, on 15 December 2015, an informal agreement on the proposed EU Data Protection Regulation was reached between the Council of Ministers and the European Parliament. An extraordinary meeting of the LIBE Committee is scheduled for 17 December 2015 for the 28 EU Member States to vote on the text. Final adoption of the Regulation is likely to be in early 2016.
FTC & FCC Memorandum of Understanding on Consumer Protection
The Federal Trade Commission (FTC) and Federal Communications Commission (FCC) have been active in recent years in bringing consumer protection enforcement actions, with a particular focus on privacy and data security issues. Recent regulatory action from the FCC associated with “net neutrality,” however, has blurred the line as to where each agency’s jurisdiction begins and ends, particularly for companies offering broadband Internet access service. Recognizing this uncertainty, on November 16, 2015, the FTC and FCC announced that the agencies had signed a “Memorandum of Understanding on Consumer Protection.” The MoU set out that the agencies will work together to “coordinate on agency initiatives where one agency’s action will have a significant effect on the other agency’s authority or programs.”
Trans-Pacific Partnership Agreement Touches Global Electronic Commerce
Last week, the New Zealand Ministry of Foreign Affairs & Trade has made public the text of the Trans-Pacific Partnership (TPP) Agreement. While the text of the TPP has been negotiated over the past seven years, several provisions relating to electronic commerce are remarkably timely and address key considerations for companies doing business abroad. Highlighted below are key initial takeaways from Article 14 of the TPP, on “Electronic Commerce:”
OCR Launches HIPAA Portal for Mobile Health Developers
On Monday, October 5, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) released an online platform for mobile health developers and others interested in the intersection of information technology and health information privacy and security. Interested parties can submit questions and comments on issues related to compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
ICO Orders Google to Remove Links
On August 18, 2015, the UK Information Commissioner’s Office (ICO) issued an enforcement notice against Google ordering the removal of nine search results that linked to information about a certain individual’s criminal offence.
Amended Chinese Advertising Law Provides New Tool to Protect Privacy
On April 24, 2015, China amended its Advertising Law for the first time since its initial promulgation in 1994. The amended Advertising Law (the “Amended Law”) will take effect on September 1, 2015. In the absence of a comprehensive data protection law in China, the Amended Law introduces certain provisions addressing data and privacy issues, in addition to existing data privacy rules which are scattered in various laws and regulations.
Plaintiffs and Privacy in Yahoo Data Privacy Case: Judge Koh Grants Class Certification in California
On May 26, 2015, Judge Lucy Koh in the Northern District of California granted class certification to plaintiffs in In re Yahoo Mail Litigation, Case No. 13-CV-04980-LHK (N.D. Cal. May 26, 2015) (“Yahoo”). This ruling will likely have an effect on how class action claims are alleged and could impact email providers’ policies and procedures pertaining to email scanning and user consent. In particular, companies may wish to review the impact of their privacy disclosures and consent framework to non-subscribers who may interact with users who have consented to the companies’ policies.
