Tag archives: fulbright

Belgian court orders Facebook to stop tracking non-members, rejects FB’s assertion of lack of jurisdiction

On November 9, 2015, the President of the Brussels Court of First Instance ordered Facebook to stop tracking non-members in Belgium without their consent. The court imposed a penalty of EUR 250,000 per day for non-compliance. The proceeding is the result of a formal recommendation that the Belgian Privacy Commission (BPC) issued in May 2015 … Continue reading

Reports suggest US-EU agreement on cross-border data transfers near, but will it stick?

Data Protection Report - Norton Rose FulbrightIt is being reported that the EU and the US have reached an agreement in principle on the revised cross-border data transfer framework, commonly referred to as Safe Harbor 2.0. Both sides expect further progress on the specifics in November of this year. Some of the thornier issues, however,regarding US surveillance activities, that are critical to addressing the concerns … Continue reading

Schrems Counterpoint: ECJ has good reasons to reject Safe Harbor invalidation

Data Protection Report - Norton Rose FulbrightThe European Court of Justice (ECJ) is expected to rule on Case C-362/14 (the “Schrems” case) on October 6, 2015.  In deciding whether to reject or adopt its Advocate General’s recommendation to invalidate the US-EU Safe Harbor, the ECJ finds itself between the proverbial rock and a hard place. Rejecting the Safe Harbor would lead to uncertainty in the ongoing … Continue reading

NLRB asserts employers must bargain with unions on breach response

Data Protection Report - Norton Rose FulbrightThe U.S. National Labor Relations Board (NLRB) recently filed complaints against the United States Postal Service (USPS), alleging that the USPS violated the National Labor Relations Act (NLRA) by failing to collectively bargain with its employees’ union regarding the postal service’s response to a 2014 data breach that reportedly affected over 800,000 current and former … Continue reading

Energy cybersecurity – a critical concern for the nation

Data Protection Report - Norton Rose FulbrightWe have long recognized that effects of cyber-attacks are not limited to the virtual space, and can affect our physical environment. For example, a stolen trade secret may lead to a competitor who copies the design, to lost sales, to lost jobs. However, the relationship between cybersecurity and physical security is far more direct and … Continue reading

Ontario Court of Appeal finds patients’ common law privacy rights not preempted by statute; allows class action to proceed

Data Protection Report - Norton Rose FulbrightIn a recent case involving a breach of patients’ privacy rights — Hopkins v Kay,[i] — the Ontario Court of Appeal ruled that a proposed class action could proceed based on allegations of violation of patients’ common law privacy rights, concluding that those rights were not preempted by the Personal Health Information Protection Act (PHIPA). … Continue reading

White House presses for robust sharing of cyber-threat information

Data Protection Report - Norton Rose FulbrightOn February 13, 2015, President Obama spoke forcefully on cybersecurity threats at the Cybersecurity and Consumer Protection Summit, and signed an Executive Order designed to encourage the sharing of cyber-threat information through the formation of “hubs” – Information Sharing and Analysis Organizations (ISAOs). The President observed that much of the United States’ critical infrastructure runs … Continue reading

Importance of data privacy and transparency in the UK highlighed by Investigatory Powers Tribunal decision

Data Protection Report - Norton Rose FulbrightA recent landmark ruling from the UK’s Investigatory Powers Tribunal has highlighted the growing importance the UK courts place on data privacy and transparency. It is the first occasion that the Investigatory Powers Tribunal has upheld part of a complaint against the intelligence agencies since it was set up in 2000. On February 6, 2015 … Continue reading

Privacy action in Russia indicates enforcement focus on Western companies

Data Protection Report - Norton Rose FulbrightAccording to news reports in Russia, the Russian Federation’s data protection authority – Roscomnadzor – may be targeting Western companies for enforcement action. What appears to be the first enforcement action of this kind is directed at Twitter. At the heart of the action is an assertion by the head of Roscomnadzor that, while Twitter … Continue reading

SEC’s cyber preparedness priorities on display in the agency’s cybersecurity examination initiative

Data Protection Report - Norton Rose FulbrightLast week, the U.S. Securities and Exchange Commission’s (“SEC”) Office of Compliance Inspections and Examinations (“OCIE”) published a Risk Alert that summarized findings from the agency’s examinations of the practices employed by financial service firms to address cybersecurity risks. The focus and results of the OCIE’s evaluation offer firms insight into the types of information security and … Continue reading

China requires providers to enforce real-name registration and ban on “harmful” usernames

Data Protection Report - Norton Rose FulbrightThe Cyberspace Administration of China announced on February 4, 2015 new regulations requiring Internet users to register accounts under their real names for social network sites like blogs, discussion forums, comment sections, instant messaging, and related services. The rules impose the obligation to enforce the restrictions on affected businesses, including Western companies operating in China. The new regulations come … Continue reading

Cybersecurity incident notification bill introduced in the Netherlands

Data Protection Report - Norton Rose FulbrightOn January 22, 2015, the Netherlands proposed legislation introducing breach notification requirements for critical infrastructure industries, including utilities (electricity, gas and drinking water), telecom, financial services, government (surface-water management bodies) and transport (main ports Rotterdam and Schiphol airport). The proposed law would require notification in the event of a breach of security or loss of … Continue reading

Encryption of patient personal information to be the law of the land in New Jersey

Data Protection Report - Norton Rose FulbrightFollowing a number of reports of theft and misplacement of computer disks, laptops, and thumb drives containing unencrypted patient information from New Jersey medical centers, the New Jersey state legislature enacted a law on January 9, 2015, which prohibits health insurance carriers from electronically compiling and maintaining certain patient information unless that information has been … Continue reading

Just what the doctor ordered: President outlines national breach law proposal

Data Protection Report - Norton Rose FulbrightLeading up to the President’s State of the Union, the White House previewed several potentially sweeping cybersecurity initiatives—including a proposed federal law that would create a single national breach notification standard, entitled the Personal Data Notification & Protection Act (the “Act”). The President argued that the proposed law will benefit consumers and alleviate the confusion … Continue reading

California enacts “Right to be Forgotten” for Minors

Data Protection Report - Norton Rose FulbrightFollowing Europe’s recognition of the “right to be forgotten” online, California has enacted its own version of the requirement, though limited to the state’s residents who are minors under 18 (“Minors”). The California law (Cal. Bus. & Prof. Code §§ 22580-81), which became effective January 1, 2015, applies to websites, social media sites, mobile apps … Continue reading
LexBlog