Privacy & Information Security Law Blog

On December 12, 2017, the Article 29 Working Party (“Working Party”) published its guidelines on transparency under Regulation 2016/679 (the “Guidelines”). The Guidelines aim to provide practical guidance and clarification on the transparency obligations introduced by the EU General Data Protection Regulation (“GDPR”). The transparency obligations require controllers to provide certain information to data subjects regarding the processing of their personal data.

On December 18, 2017, Lisa Sotto, chair of the Global Privacy and Cybersecurity practice at Hunton & Williams LLP and managing partner of the firm’s New York office, was recognized among the Leading Women Lawyers in NYC by Crain’s New York Business.

As reported in BNA Privacy Law Watch, on December 6, 2017, health care provider 21st Century Oncology agreed to pay $2.3 million to settle charges by the Department of Health and Human Services' (“HHS”) Office for Civil Rights (“OCR”) that its security practices led to a data breach involving patient information. The settlement was made public in the company’s December 6, 2017, bankruptcy filing. The HHS charges stemmed from a 2015 data breach involving the compromise of Social Security numbers, medical diagnoses and health insurance information of at least 2.2 million ...

Recently, the EU’s Article 29 Working Party (the “Working Party”) adopted guidelines (the “Guidance”) on the meaning of consent under the EU General Data Protection Regulation (“GDPR”). In this Guidance, the Working Party has confirmed that consent should be a reversible decision where a degree of control must remain with the data subject. The Guidance provides further detail on what is necessary to ensure that consent satisfies the requirements of the GDPR:

On December 12, 2017, the Federal Trade Commission hosted a workshop on informational injury in Washington, D.C., where industry experts, policymakers, researchers and legal professionals considered how to best characterize and measure potential injuries and resulting harms to consumers when information about them is misused or inappropriately protected.

On December 11, 2017, Lisa Sotto, chair of Hunton & Williams LLP’s Global Privacy and Cybersecurity practice, was one of 54 women in the legal profession honored at the New York County Lawyers Association’s (“NYCLA’s) 103rd annual dinner. “NYCLA has long been at the forefront of equality…At this year’s annual dinner, we are thrilled to honor the contributions of women lawyers and focus a spotlight on their accomplishments,” said NYCLA President Michael McNamara. Among the women honored were judges, prosecutors, district attorneys, general counsel, partners ...

Recently, the FTC and FCC announced their intent to enter into a Memorandum of Understanding (“MOU”) under which the agencies would coordinate their efforts following the adoption of the Restoring Internet Freedom Order (the “Order”). As we previously reported, if adopted, the Order would repeal the rules put in place by the FCC in 2015 that prohibit high-speed internet service providers (“ISPs”) from stopping or slowing down the delivery of websites and from charging customers extra fees for high-quality streaming and other services. 

Recently, the EU’s Article 29 Working Party (”Working Party”) held a plenary meeting to discuss, among other things, the implementation of the EU General Data Protection Regulation (“GDPR”) and the EU-U.S. Privacy Shield. As well as adopting its first Joint Annual Review Report on the Privacy Shield, the Working Party has been working on a number of documents that offer review and/or guidance on the GDPR, including:

• guidelines on (1) consent and transparency, (2) data protection certifications, and (3) derogations for personal data transfers under the GDPR;
• updated “referentials” on adequacy and binding corporate rules for data controllers and processors; and
• tools for cooperation between data protection authorities on data breach notifications.

On December 1, 2017, the Centre for Information Policy Leadership (“CIPL”) at Hunton & Williams LLP submitted formal comments to the Article 29 Working Party (the “Working Party”) on its Guidelines on Automated Individual Decision-Making and Profiling (the “Guidelines”). The Guidelines were adopted by the Working Party on October 3, 2017, for public consultation.

On December 1, 2017, the Centre for Information Policy Leadership (“CIPL”) at Hunton & Williams LLP submitted formal comments to the Article 29 Working Party (the “Working Party”) on its Guidelines on Personal Data Breach Notification (the “Guidelines”). The Guidelines were adopted by the Working Party on October 3, 2017, for public consultation.