Privacy & Information Security Law Blog

On December 16, 2013, the French Data Protection Authority (“CNIL”) released a set of practical FAQs (plus technical tools and relevant source code) providing guidance on how to obtain consent for the use of cookies and similar technologies in compliance with EU and French data protection requirements (the “CNIL’s Guidance”). Article 5.3 of the revised e-Privacy Directive 2002/58/EC imposes an obligation to obtain prior consent before placing or accessing cookies and similar technologies on web users’ devices. Article 32-II of the French Data Protection Act transposes this obligation into French law.

As reported in the Hunton Employment & Labor Perspectives Blog, the “ban the box” movement continues to sweep through state legislatures. “Ban the box” laws, which vary in terms of scope and detail, generally prohibit employers from requesting information about job applicants’ criminal histories. Recent legislation in two states applies “ban the box” prohibitions to private employers in those states:

• On December 1, 2013, a new North Carolina law went into effect that prohibits employers from inquiring about job applicants’ arrests, charges or convictions ...

On December 12, 2013, Advocate-General Cruz Villalón of the European Court of Justice (“ECJ”) issued his Opinion on the compatibility of the EU Data Retention Directive 2006/24/EC (the “Data Retention Directive”) with the Charter of Fundamental Rights of the European Union (the “EU Charter”).

On December 12, 2013, Fred H. Cate, Senior Policy Advisor in the Centre for Information Policy Leadership at Hunton & Williams LLP (the “Centre”), submitted comments in response to the National Institute of Standards and Technology’s (“NIST’s”) Preliminary Cybersecurity Framework (the “Preliminary Framework”). On October 22, NIST issued the Preliminary Framework, as required by the Obama Administration’s February 2013 executive order, Improving Critical Infrastructure Cybersecurity (“Executive Order”), and solicited comments on the Framework. The Preliminary Framework includes standards, methodologies, procedures and processes that align policy, business and technological approaches to address cyber risks.

As we previously reported, on October 21, 2013, the European Parliament approved its Compromise Text of the proposed EU General Data Protection Regulation (the “Proposed Regulation”). Hunton & Williams has now published an analysis of these proposals.

On November 15, 2013, the People’s Bank of China (the “PBOC”) issued its Administrative Measures for Credit Reference Agencies (the “Measures”) – eight months after the Administrative Regulations on the Credit Information Collection Sector (the “Regulations”) became effective on March 15, 2013. The Measures, which will take effect on December 20, 2013, were formulated to enhance the supervision and regulation of credit reference agencies and to promote positive developments in the credit information services sector.

On November 21, 2013, the Supreme People’s Court of China passed the Provisions on the Online Issuance of Judgment Documents by People’s Courts (the “Provisions”), which will take effect on January 1, 2014. The Provisions replace earlier rules (of the same title) enacted by the Supreme People’s Court on November 8, 2010, and generally focus on improved implementation of the principles of standardizing the online issuance of judgment documents, promoting judicial justice and enhancing the public credibility of the judiciary.

On December 2, 2013, the Federal Trade Commission announced that it will host a series of seminars to examine the privacy implications of three new areas of technology used to track, market to and analyze consumers: mobile device tracking, predictive scoring and consumer-generated health data. The seminars will address (1) businesses tracking consumers using signals from the consumers’ mobile devices, (2) the use of predictive scoring to determine consumers’ access to products and offers, and (3) consumer-generated information provided to non-HIPAA covered websites and apps. The FTC stated that the intention of the seminars is to bring attention to new trends in big data and their impact on consumer privacy.

On December 5, 2013, the Federal Trade Commission announced a proposed settlement with mobile app developer Goldenshores Technologies, LLC (“Goldenshores”) following allegations that Goldenshores’ privacy policy for its popular Brightest Flashlight Free app deceived consumers regarding how the app collects information, including geolocation information, and how that information may be shared with third parties. Brightest Flashlight Free, developed for the Android operating system, allows its users to use their cell phones as flashlights.

On November 28, 2013, the UK government published a paper in response to its March 2013 consultation on cybersecurity standards (“Response Paper”), and announced that it will create a new cybersecurity standard. The original consultation concluded in October 2013.