Tag archives: Privacy

FCC TCPA order partially upheld and partially set aside

Susan Ross (US)Robert Kantrowitz (US)By Susan Ross (US) and Robert Kantrowitz (US) on Posted in Dispute resolution and litigation
US Supreme Court expands digital privacy rights in Carpenter v. United StatesOn March 16, 2018, the U.S. Court of Appeals for the District of Columbia Circuit issued its decision on the Federal Communications Commission (FCC) omnibus order of 2015, relating to challenges to four of the FCC’s determinations relating to cell phones.  The appellate court upheld the FCC’s determinations that consumers can revoke consent to receive … Continue reading

EU Data Package Highlights Connections between Data Protection and the Digital Single Market

Jay Modrall (BE)By Jay Modrall (BE) on Posted in Data breach, General, Regulatory response
Data Protection Report - Norton Rose FulbrightOn January 10, 2017, the EU Commission published a package of documents on the EU’s data economy strategy, including e-privacy, data protection and the “European Data Economy.” The Commission documents,  published in the context of the Commission’s digital single market (“DSM”) initiative announced in May 2015, illustrate again the strong links between the EU’s digital … Continue reading

Verizon Settles FCC Privacy Investigation Over Use of “Supercookies”

Norton Rose FulbrightBy Norton Rose Fulbright on Posted in Compliance and risk management, Regulatory response
Data Protection Report - Norton Rose FulbrightThe FCC announced last week that it reached a settlement with Verizon Wireless (“Verizon”) over its use of “supercookies.” More specifically, the FCC alleged that Verizon inserted unique identifiers into the headers of its customers’ HTTP requests to support its targeted advertising programs, and that customers had not consented to this practice. In this post, we … Continue reading

FTC Orders PCI DSS Compliance Reports

Norton Rose FulbrightBy Norton Rose Fulbright on Posted in Compliance and risk management, Regulatory response
Data Protection Report - Norton Rose FulbrightThe Federal Trade Commission (FTC) has ordered nine companies to file Special Reports detailing how they assess their clients’ compliance with Payment Card Industry Data Security Standards (PCI DSS). Payment card issuing companies require businesses that process over one million card transactions per year to undergo PCI DSS compliance assessments, or audits, performed by PCI Qualified … Continue reading

Belgian court orders Facebook to stop tracking non-members, rejects FB’s assertion of lack of jurisdiction

Marcus Evans (UK)Jay Modrall (BE)By Marcus Evans (UK) and Jay Modrall (BE) on Posted in Compliance and risk management, Dispute resolution and litigation
On November 9, 2015, the President of the Brussels Court of First Instance ordered Facebook to stop tracking non-members in Belgium without their consent. The court imposed a penalty of EUR 250,000 per day for non-compliance. The proceeding is the result of a formal recommendation that the Belgian Privacy Commission (BPC) issued in May 2015 … Continue reading

Third Circuit ruling reinstates state law privacy claims related to Google’s use of cookies

Norton Rose FulbrightBy Norton Rose Fulbright on Posted in Compliance and risk management, Dispute resolution and litigation
Data Protection Report - Norton Rose FulbrightIn re: Google Inc. Cookie Placement Consumer Privacy Litigation, involves 24 consolidated lawsuits that were initially brought against several internet advertisers alleging violations of various state and federal privacy statutes, including the Computer Fraud and Abuse Act, the Wiretap Act and the Electronic Communications Privacy Act. In October of 2013, the District of Delaware dismissed … Continue reading

Reports suggest US-EU agreement on cross-border data transfers near, but will it stick?

Norton Rose FulbrightBy Norton Rose Fulbright on Posted in Regulatory response
Data Protection Report - Norton Rose FulbrightIt is being reported that the EU and the US have reached an agreement in principle on the revised cross-border data transfer framework, commonly referred to as Safe Harbor 2.0. Both sides expect further progress on the specifics in November of this year. Some of the thornier issues, however,regarding US surveillance activities, that are critical to addressing the concerns … Continue reading

Five new privacy laws on tap in California

Kim Gold (US)By Kim Gold (US) on Posted in Regulatory response
Data Protection Report - Norton Rose FulbrightThis month, California Governor Jerry Brown signed into law five new privacy bills that the Governor said are intended to strengthen data protections for the state’s residents. The laws, effective as of January 1, 2016, implement California’s Electronic Communications Privacy Act and amend the state’s breach notification statute, among other things. In this post, our Data Protection, Privacy … Continue reading

Schrems Counterpoint: ECJ has good reasons to reject Safe Harbor invalidation

Jay Modrall (BE)Marcus Evans (UK)By Jay Modrall (BE) and Marcus Evans (UK) on Posted in Regulatory response
Data Protection Report - Norton Rose FulbrightThe European Court of Justice (ECJ) is expected to rule on Case C-362/14 (the “Schrems” case) on October 6, 2015.  In deciding whether to reject or adopt its Advocate General’s recommendation to invalidate the US-EU Safe Harbor, the ECJ finds itself between the proverbial rock and a hard place. Rejecting the Safe Harbor would lead to uncertainty in the ongoing … Continue reading

European Court of Justice Advocate General’s Advisory Opinion in Schrems case questions validity of personal data transfers under EU/US Safe Harbor framework

Marcus Evans (UK)Daniel Ashkar (GER)Adam Smith (UK)By Marcus Evans (UK), Daniel Ashkar (GER) and Adam Smith (UK) on Posted in Compliance and risk management, General
Data Protection Report - Norton Rose FulbrightOn September 22, 2015,  the European Court of Justice (“ECJ”) Advocate General issued an advisory Opinion in Case C-362/14 (the “Schrems” case). A key recommendation was for the ECJ to declare the EU/US Safe Harbor Agreement invalid. It remains to be seen whether the ECJ will follow this recommendation. The controversial nature of the Safe … Continue reading

Dutch Data Protection Authority publishes consultation version of guidelines on breach notice law

Floortje Nagelkerke (NL)Nikolai de Koning (NL)By Floortje Nagelkerke (NL) and Nikolai de Koning (NL) on Posted in Compliance and risk management, Data breach
Data Protection Report - Norton Rose FulbrightOn the heels of the enactment of the Dutch breach notice law, the Dutch Data Protection Authority (CBP) published a consultation document with draft guidelines on the breach notice obligation of data controllers in the Netherlands. Under the law, data controllers are required to provide notice of data breaches to the CBP and, under certain circumstances, to … Continue reading

Former Privacy Commissioner of Canada Jennifer Stoddard to headline a privacy event at Norton Rose Fulbright’s Montreal office

Christine Carron (CA)By Christine Carron (CA) on Posted in General
Data Protection Report - Norton Rose FulbrightOn September 25, 2015, Jennifer Stoddard will visit Norton Rose Fulbright in Montreal to discuss the proposed sweeping reforms to Quebec’s legislation governing access to information and protection of personal information in the public sector. These reforms include proactive publication of government information at all levels, including studies and statistics in health and education and … Continue reading

Canada’s federal, British Columbia and Alberta privacy commissioners issue BYOD guidance

Kateri-Anne Grenier (CA)Christine Carron (CA)Veronique Barry (CA)By Kateri-Anne Grenier (CA), Christine Carron (CA) and Veronique Barry (CA) on Posted in Regulatory response
Data Protection Report - Norton Rose FulbrightAs the line between work and home becomes increasingly blurred, the federal, British Columbia and Alberta privacy commissioners have issued joint guidelines to help organizations reduce the risks of privacy breaches with respect to employers’ data accessed from employee-owned devices (EODs), while also securing employees’ privacy rights regarding any personal information stored on EODs.… Continue reading

The Security, Privacy and Legal Implications of the Internet of Things (“IoT”) Part one – The Context and Use of IoT

Norton Rose FulbrightBy Norton Rose Fulbright on Posted in Compliance and risk management, Data breach
Data Protection Report - Norton Rose FulbrightDisrupted, yet again. The world is fast preparing for the invasion of objects connected to the Internet, otherwise known as the Internet of Things (“IoT”). IoT is here, and it will revolutionize how both individuals and corporations interact with the world.  In this multi-part series we will explore this quickly evolving revolution and the privacy … Continue reading

Energy cybersecurity – a critical concern for the nation

Norton Rose FulbrightBy Norton Rose Fulbright on Posted in Compliance and risk management, General, Regulatory response
Data Protection Report - Norton Rose FulbrightWe have long recognized that effects of cyber-attacks are not limited to the virtual space, and can affect our physical environment. For example, a stolen trade secret may lead to a competitor who copies the design, to lost sales, to lost jobs. However, the relationship between cybersecurity and physical security is far more direct and … Continue reading

Ontario Court of Appeal finds patients’ common law privacy rights not preempted by statute; allows class action to proceed

Christine Carron (CA)By Christine Carron (CA) on Posted in Dispute resolution and litigation, General
Data Protection Report - Norton Rose FulbrightIn a recent case involving a breach of patients’ privacy rights — Hopkins v Kay,[i] — the Ontario Court of Appeal ruled that a proposed class action could proceed based on allegations of violation of patients’ common law privacy rights, concluding that those rights were not preempted by the Personal Health Information Protection Act (PHIPA). … Continue reading

German draft bill to authorize privacy “class actions”

Jamie Nowak (DE)Christoph Ritzer (DE)By Jamie Nowak (DE) and Christoph Ritzer (DE) on Posted in Compliance and risk management
Data Protection Report - Norton Rose FulbrightThe German government recently released a draft bill seeking to grant authority to the country’s consumer and business associations to enforce compliance with data protection laws. Because the proposed draft bill appears to have received support from the governing parties, we believe there is a high probability of the bill being enacted in the near … Continue reading

White House presses for robust sharing of cyber-threat information

Susan Ross (US)By Susan Ross (US) on Posted in Compliance and risk management, General
Data Protection Report - Norton Rose FulbrightOn February 13, 2015, President Obama spoke forcefully on cybersecurity threats at the Cybersecurity and Consumer Protection Summit, and signed an Executive Order designed to encourage the sharing of cyber-threat information through the formation of “hubs” – Information Sharing and Analysis Organizations (ISAOs). The President observed that much of the United States’ critical infrastructure runs … Continue reading

Importance of data privacy and transparency in the UK highlighed by Investigatory Powers Tribunal decision

Marcus Evans (UK)Adam Smith (UK)By Marcus Evans (UK) and Adam Smith (UK) on Posted in General
Data Protection Report - Norton Rose FulbrightA recent landmark ruling from the UK’s Investigatory Powers Tribunal has highlighted the growing importance the UK courts place on data privacy and transparency. It is the first occasion that the Investigatory Powers Tribunal has upheld part of a complaint against the intelligence agencies since it was set up in 2000. On February 6, 2015 … Continue reading
LexBlog