Connected car data protection generated significant discussion amongst people at the International Conference of Data Protection and Privacy Commissioners. The 39th annual conference brought together privacy and data protection authorities (DPAs) from around the world in Hong Kong in September. Consistent with prior tradition, the “closed sessions” produced three separate nonbinding resolutions.
A Top-5 Panel Round-up of the Mobile World Congress Americas
The Mobile World Congress Americas (MWCA) brought more than 30,000 attendees together from around the world to discuss the latest technologies, telecommunications developments, and policies last month. The conference, which was held in San Francisco, included a massive exhibition floor, numerous panel events, and countless ancillary networking events. What follows is a top-five round-up of key takeways from MWCA panels, in no particular order.
Continue reading “A Top-5 Panel Round-up of the Mobile World Congress Americas”
Irish High Court Refers Future of EU Model Clauses to CJEU
On October 3, 2017, the Irish High Court referred Data Protection Commissioner v. Facebook Ireland Limited & Maximilian Schrems to the Court of Justice of the European Union (CJEU), where the future of standard contractual clauses (SCCs) will be decided (here).
In December 2015—following the CJEU’s landmark decision in Maximillian Schrems v. Data Protection Commissioner invalidating the U.S.-EU Safe Harbor framework—Schrems amended his original complaint to the Irish Data Protection Commissioner (DPC), challenging the validity of data transfers to the U.S. based on the European Commission approved SCCs (available here). Based on the CJEU’s Schrems decision, the Irish DPC petitioned the Irish High Court asking to refer the matter to the CJEU for ruling on the question of whether the European Commission’s SCC decisions are valid under European law. Specifically, the Data Protection Commissioner questioned whether there is an effective remedy under U.S. law compatible with the requirements of Article 47 of the EU Charter of Fundamental Rights for an EU citizen whose data is transferred to the U.S., where such data is subject to electronic surveillance by U.S. agencies for national security purposes. EU citizens have a right guaranteed by Article 47 of the Charter to an effective remedy before an independent tribunal if their rights or freedoms are violated. These include the rights under Articles 7 and 8 to respect for private and family life and protection of personal data.
Continue reading “Irish High Court Refers Future of EU Model Clauses to CJEU”
Mark your calendars! FTC Workshop on Information Injury set for December
The Federal Trade Commission’s (FTC) Bureaus of Consumer Protection and Economics will host a workshop to examine consumer injury in the context of privacy and data security on Dec. 12, 2017. Consumer injury is often difficult to quantify generally and especially challenging when there are allegations of a privacy or data security breach or other types of unauthorized access to personal information. The FTC’s workshop will explore how to measure accurately such injuries; what frameworks might be used to assess different injuries as well as how consumers and businesses evaluate the benefits and costs associated with providing, collecting and using personal information.
Continue reading “Mark your calendars! FTC Workshop on Information Injury set for December”
Application for Proposed Ballot Measure: California Consumer Privacy Act of 2018
A proposed ballot measure that would require businesses to provide annual disclosures to consumers on the collection or sale of personal information has been filed with the California Attorney General. If 365,880 signatures are obtained, it may appear on the November 2018 ballot.
The initiative is based on California’s “Shine the Light Law” which sets forth the procedures companies must follow in disclosing, upon request of a consumer, what information has been shared with third parties. The law also contains specific language to be included in online privacy policies.
Continue reading “Application for Proposed Ballot Measure: California Consumer Privacy Act of 2018”
U.S. Government Restricts the Use of Kaspersky Cybersecurity Software
Earlier this month, the Department of Homeland Security (DHS) issued a binding order restricting the government’s use of cybersecurity software developed by Moscow-based Kaspersky Labs.
Government departments and agencies have 90 days to remove or discontinue use of any Kaspersky Labs software products—but the buck doesn’t stop there. Kaspersky boasts more than 400 million users and 270,000 corporate clients, meaning organizations that provide any services involving federal information systems would be wise to investigate whether they, either directly or indirectly, use Kaspersky products and services. Continue reading “U.S. Government Restricts the Use of Kaspersky Cybersecurity Software”