Following meetings between President Obama and Brazilian President Dilma Rousseff this week, the leaders issued a joint communiqué addressing a number of cyber issues. It would appear that post-Snowden tensions have ameliorated. In 2013, President Rousseff condemned alleged US spying. In their statement this week, the Presidents expressed a “share[d] understanding that global Internet governance must be transparent and inclusive, ensuring full participation of governments, civil society, private sector and international organizations, so that the potential of the Internet as a powerful tool for economic and social development can be fulfilled” and they reaffirmed “their adherence to the multistakeholder model of Internet governance.”
Following the adoption of the EU Data Protection Regulation by the Council of Ministers last week, today saw the first meeting of the European Commission, European Parliament and Council of Ministers under what is known as the trilogue process, with the aim of negotiating the final wording of the Regulation.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Jeremy Petersonhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngJeremy Peterson2015-06-26 17:15:342015-06-26 17:15:34The Final Stretch: Trilogue Commences Final Negotiations on EU Data Protection Regulation
More than three years after the initial proposal for the EU Data Protection Regulation was published by the European Commission, it has been agreed by Europe’s Council of Ministers. The negotiations will now start between the commission, the European Parliament and the Council, in what is known as the “Trilogue” process, to agree the final text of the regulation, which is widely expected to be adopted by the end of 2015 or early 2016. The regulation, once adopted, will have a significant impact not only on EU companies but also on U.S. and other international companies that conduct business in the EU.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00William RM Longhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngWilliam RM Long2015-06-25 10:00:512022-10-16 16:36:20Final Negotiations Set To Begin On EU Data Privacy Law
Today, the European Commission sent out the first wave of more than 2,000 questionnaires it has said it will send to companies in connection with its recently-announced e-commerce sector inquiry. This marks the first stage in what is expected to be a far-reaching probe into a wide range of activities and business practices related to online selling in Europe.
The purpose of the sector inquiry is to examine current e-commerce business practices with a view to “breaking down online borders in the European Union.” The Commission will examine whether companies impose—via contract or through other practices—obligations that restrict the ability of merchants and consumers to buy and sell goods and services online across the EU.
The National Telecommunications and Information Administration (“NTIA”), housed within the U.S. Commerce Department, has been facilitating a multistakeholder process to develop privacy safeguards for the commercial use of facial recognition technology since December of 2013—with the first in person meeting held in February 2014. NTIA seeks to create a voluntary, enforceable code of conduct applying the administration’s privacy framework, including its proposed Consumer Privacy Bill of Rights, to facial recognition technology in a commercial context. After a little over a year in talks, and shortly after the NTIA’s 12th meeting, the process has broken down. On Monday, June 15, a joint statement signed by representatives of multiple privacy advocacy groups, including the Center for Democracy and Technology, the Electronic Frontier Foundation, Consumer Watchdog and the ACLU, declared that they “have decided to withdraw from further negotiations” because the process has been unable to elicit agreement “on any concrete scenario where companies should employ facial recognition only with a consumer’s permission.” The joint statement further argues that “[t]he position that companies never need to ask permission to use biometric identification is at odds with consumer expectations, current industry practices, as well as existing state law.”
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Jeremy Petersonhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngJeremy Peterson2015-06-18 13:07:162015-06-18 13:07:16Privacy advocates abandon Commerce Department multistakeholder process on facial recognition technology code of conduct
This week we moved one step closer to the adoption of the proposed EU Data Protection Regulation with the agreement by the Council of Ministers on its proposals for the draft Regulation. The Regulation has been described as the most lobbied piece of European legislation in history and, once adopted, will have a significant impact on governments, businesses and individuals.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Jeremy Petersonhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngJeremy Peterson2015-06-15 12:30:332015-06-15 12:30:33One Step Closer to the EU Data Protection Regulation
In May, the Department of Health and Human Services published its Spring 2015 regulatory agenda, which outlines its upcoming rulemaking initiatives. The agenda describes a number of Office of Civil Rights (OCR) rulemakings that are forthcoming, including OCR’s plan to release an advanced notice of proposed rulemaking that would solicit public comments on establishing a methodology under which an individual who is harmed by a Health Insurance Portability and Accountability Act (HIPAA) offense may receive a percentage of any Civil Money Penalty or monetary settlement collected by the government with respect to the offense. This is a significant rulemaking, which was required under the Health Information Technology for Economic and Clinical Health Act (HITECH) and is expected to be released in December 2015. The full regulatory agenda may be accessed here: http://www.reginfo.gov/public/do/eAgendaMain.
https://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.png00Donielle McCutcheonhttps://datamatters.sidley.com/wp-content/uploads/sites/2/2022/09/sidleyLogo-e1643922598198.pngDonielle McCutcheon2015-06-09 18:09:302022-10-11 18:26:12HHS to solicit comments on methodology for victims of HIPAA violations to receive percentage of civil penalties or settlements
Although a frequent topic of discussion on Capitol Hill, no single standard for private-sector cybersecurity programs has yet to emerge. The National Institute of Standards and Technology (NIST) Cybersecurity Framework is often considered foremost among existing guidance, but several other agencies are also expressing views, including the following recent guidance from the Department of Justice (DOJ), the Securities and Exchange Commission (SEC) and the Federal Trade Commission (FTC). Significantly, both the DOJ and FTC tout the advantages of cooperating with law enforcement after a data breach by noting that such cooperation may lead to “regulatory” benefits.
US-Brazil Cyber Thaw?
Following meetings between President Obama and Brazilian President Dilma Rousseff this week, the leaders issued a joint communiqué addressing a number of cyber issues. It would appear that post-Snowden tensions have ameliorated. In 2013, President Rousseff condemned alleged US spying. In their statement this week, the Presidents expressed a “share[d] understanding that global Internet governance must be transparent and inclusive, ensuring full participation of governments, civil society, private sector and international organizations, so that the potential of the Internet as a powerful tool for economic and social development can be fulfilled” and they reaffirmed “their adherence to the multistakeholder model of Internet governance.”
(more…)
Alan Charles Raul
Washington, D.C., New York
araul@sidley.com
The Final Stretch: Trilogue Commences Final Negotiations on EU Data Protection Regulation
Following the adoption of the EU Data Protection Regulation by the Council of Ministers last week, today saw the first meeting of the European Commission, European Parliament and Council of Ministers under what is known as the trilogue process, with the aim of negotiating the final wording of the Regulation.
(more…)
William RM Long
London
wlong@sidley.com
Geraldine Scali
gscali@sidley.com
Final Negotiations Set To Begin On EU Data Privacy Law
More than three years after the initial proposal for the EU Data Protection Regulation was published by the European Commission, it has been agreed by Europe’s Council of Ministers. The negotiations will now start between the commission, the European Parliament and the Council, in what is known as the “Trilogue” process, to agree the final text of the regulation, which is widely expected to be adopted by the end of 2015 or early 2016. The regulation, once adopted, will have a significant impact not only on EU companies but also on U.S. and other international companies that conduct business in the EU.
(more…)
William RM Long
London
wlong@sidley.com
Francesca Blythe
London
fblythe@sidley.com
EU Begins Far-Reaching E-Commerce Sector Inquiry
Today, the European Commission sent out the first wave of more than 2,000 questionnaires it has said it will send to companies in connection with its recently-announced e-commerce sector inquiry. This marks the first stage in what is expected to be a far-reaching probe into a wide range of activities and business practices related to online selling in Europe.
The purpose of the sector inquiry is to examine current e-commerce business practices with a view to “breaking down online borders in the European Union.” The Commission will examine whether companies impose—via contract or through other practices—obligations that restrict the ability of merchants and consumers to buy and sell goods and services online across the EU.
(more…)
Kristina Nordlander
kristina.nordlander@sidley.com
Pola Karolczyk
pkarolczyk@sidley.com
Privacy advocates abandon Commerce Department multistakeholder process on facial recognition technology code of conduct
The National Telecommunications and Information Administration (“NTIA”), housed within the U.S. Commerce Department, has been facilitating a multistakeholder process to develop privacy safeguards for the commercial use of facial recognition technology since December of 2013—with the first in person meeting held in February 2014. NTIA seeks to create a voluntary, enforceable code of conduct applying the administration’s privacy framework, including its proposed Consumer Privacy Bill of Rights, to facial recognition technology in a commercial context. After a little over a year in talks, and shortly after the NTIA’s 12th meeting, the process has broken down. On Monday, June 15, a joint statement signed by representatives of multiple privacy advocacy groups, including the Center for Democracy and Technology, the Electronic Frontier Foundation, Consumer Watchdog and the ACLU, declared that they “have decided to withdraw from further negotiations” because the process has been unable to elicit agreement “on any concrete scenario where companies should employ facial recognition only with a consumer’s permission.” The joint statement further argues that “[t]he position that companies never need to ask permission to use biometric identification is at odds with consumer expectations, current industry practices, as well as existing state law.”
(more…)
Colleen Theresa Brown
Washington, D.C.
cbrown@sidley.com
One Step Closer to the EU Data Protection Regulation
This week we moved one step closer to the adoption of the proposed EU Data Protection Regulation with the agreement by the Council of Ministers on its proposals for the draft Regulation. The Regulation has been described as the most lobbied piece of European legislation in history and, once adopted, will have a significant impact on governments, businesses and individuals.
(more…)
William RM Long
London
wlong@sidley.com
Alan Charles Raul
Washington, D.C., New York
araul@sidley.com
Edward R. McNicholas
emcnicholas@sidley.com
Cameron F. Kerry
ckerry@sidley.com
HHS to solicit comments on methodology for victims of HIPAA violations to receive percentage of civil penalties or settlements
In May, the Department of Health and Human Services published its Spring 2015 regulatory agenda, which outlines its upcoming rulemaking initiatives. The agenda describes a number of Office of Civil Rights (OCR) rulemakings that are forthcoming, including OCR’s plan to release an advanced notice of proposed rulemaking that would solicit public comments on establishing a methodology under which an individual who is harmed by a Health Insurance Portability and Accountability Act (HIPAA) offense may receive a percentage of any Civil Money Penalty or monetary settlement collected by the government with respect to the offense. This is a significant rulemaking, which was required under the Health Information Technology for Economic and Clinical Health Act (HITECH) and is expected to be released in December 2015. The full regulatory agenda may be accessed here: http://www.reginfo.gov/public/do/eAgendaMain.
Donielle McCutcheon
Chicago
dmccutcheon@sidley.com
Identifying the Standards: DOJ, SEC and FTC Offer Guidance for Cybersecurity Preparedness
Although a frequent topic of discussion on Capitol Hill, no single standard for private-sector cybersecurity programs has yet to emerge. The National Institute of Standards and Technology (NIST) Cybersecurity Framework is often considered foremost among existing guidance, but several other agencies are also expressing views, including the following recent guidance from the Department of Justice (DOJ), the Securities and Exchange Commission (SEC) and the Federal Trade Commission (FTC). Significantly, both the DOJ and FTC tout the advantages of cooperating with law enforcement after a data breach by noting that such cooperation may lead to “regulatory” benefits.
(more…)
Colleen Theresa Brown
Washington, D.C.
cbrown@sidley.com
Clayton G. Northouse
cnorthouse@sidley.com
Alan Charles Raul
Washington, D.C., New York
araul@sidley.com
Edward R. McNicholas
emcnicholas@sidley.com
Upcoming Events
Privacy and Cybersecurity Roundtable
Resources
Meet the Team
Kwaku A. Akowuah
kakowuah@sidley.com
Sheila A.G. Armbrust
sarmbrust@sidley.com
Francesca Blythe
fblythe@sidley.com
Colleen Theresa Brown
ctbrown@sidley.com
John M. Casanova
jcasanova@sidley.com
Thomas D. Cunningham
tcunningham@sidley.com
Tomoki Ishiara
tishiara@sidley.com
Amy P. Lally
alally@sidley.com
David C. Lashway
dlashway@sidley.com
Linh Lieu
linh.lieu@sidley.com
William RM Long
wlong@sidley.com
Joan M. Loughnane
jloughnane@sidley.com
Geeta Malhotra
gmalhotra@sidley.com
Alan Charles Raul
araul@sidley.com
Sean Royall
sroyall@sidley.com
Jennifer B. Seale
jseale@sidley.com
Yuet Ming Tham
ytham@sidley.com
John K. Van De Weert
jvandeweert@sidley.com
Jonathan M. Wilan
jwilan@sidley.com
John W. Woods Jr.
jwoods@sidley.com