Privacy & Information Security Law Blog

The United States District Court for the Northern District of California recently dismissed―without prejudice―a former Uber driver’s class action complaint. The driver, Sasha Antman, was one of roughly 50,000 drivers whose personal information was exposed during a May 2014 data breach. Uber contended the accessed files contained only the affected individuals’ names and drivers’ license numbers.

On October 27, 2015, Hunton & Williams LLP’s Centre for Information Policy Leadership (“CIPL”) will conduct a joint workshop with Nymity on Bridging Disparate Privacy Regimes through Organizational Accountability. As a side event to the 37th International Privacy Conference in Amsterdam during the week of October 26, the workshop is specifically designed to support and further explore the theme of global “Privacy Bridges” that will be discussed at the International Privacy Conference. Organizational accountability is one of the proposed bridges in the Privacy Bridges Report which the international expert group released earlier this week.

Hunton & Williams welcomes Phyllis H. Marcus as counsel to the firm’s privacy and competition teams. Phyllis joins the firm from the Federal Trade Commission, where she held a number of leadership positions, most recently as Chief of Staff of the Division of Advertising Practices. Phyllis led the FTC’s children’s online privacy program, including bringing a number of enforcement actions and overhauling the Children’s Online Privacy Protection Act (“COPPA”) Rule. She offers the privacy team a keen understanding of the complexities of the revised regulations, as well as broader issues relating to student privacy, mobile applications and the Internet of Things.

On October 20, 2015, at a hearing in the Irish High Court, Irish Data Protection Commissioner Helen Dixon confirmed that she will investigate allegations made by privacy activist Max Schrems concerning Facebook’s transfer of personal data to the U.S. in reliance on Safe Harbor. Dixon welcomed the ruling of the High Court and noted that she would proceed to “investigate the substance of the complaint with all due diligence."

On October 8, 2015, California Governor Jerry Brown signed into law the California Electronic Communications Privacy Act (“CalECPA”). The law requires police to obtain a warrant before accessing an individual’s private electronic information, such as text messages, emails, GPS data and online documents that are stored in the cloud and on smartphones, tablets, computers and other digital devices. The government also must obtain a warrant before requiring a business to produce an individual’s electronic information.

On October 21, 2015, the EU-U.S. Privacy Bridge Initiative, a group of transatlantic privacy experts that was convened in April of 2014, released its report on Privacy Bridges – EU and US Privacy Experts in Search of Transatlantic Privacy Solutions.

In an article published by E-Commerce Law Reports, Hunton & Williams partners Bridget Treacy and Lisa Sotto discuss the Court of Justice of the European Union’s (the “CJEU’s”) recent ruling invalidating the European Commission’s Safe Harbor Decision.

On October 16, 2015, the Article 29 Working Party (the “Working Party”) issued a statement on the consequences of the recent ruling of the Court of Justice of the European Union (the “CJEU”) invalidating the European Commission’s Safe Harbor Decision.

On October 16, 2015, the German Parliament adopted a new data retention law requiring telecommunications operators and Internet service providers to retain customer Internet and phone usage data, including phone numbers, call times, IP addresses, and the international identifiers of mobile users (if applicable) for 10 weeks. The law requires user location data obtained in connection with mobile phone services to be retained for four weeks. Telecommunications and Internet service providers also are required to ensure that the retained data is stored within Germany.

Hunton & Williams proudly announces that the firm was ranked in Tier 1 in The Legal 500 United Kingdom 2015 guide for data protection. Bridget Treacy, head of the firm’s UK Privacy and Cybersecurity practice, and Rosemary Jay, senior consultant attorney, both received recognition as leading individuals for data protection.