Privacy & Information Security Law Blog

On July 24, 2013, the Conference of the German Data Protection Commissioners at both the Federal and State levels issued a press release stating that surveillance activities by foreign intelligence and security agencies threaten international data traffic between Germany and countries outside the EEA.

On July 18-19, 2013, the European Union Justice and Home Affairs Council held an informal meeting in Vilnius, Lithuania, where Viviane Reding, Vice-President of the European Commission and Commissioner for Justice, Fundamental Rights and Citizenship, openly criticized the U.S.-EU Safe Harbor Framework.

On July 12, 2013, Illinois Attorney General Lisa Madigan announced that she sent letters to operators of eight popular health-related websites requesting information about the websites’ online data collection practices. The Attorney General’s press release underscored how individuals’ health-related information shared online, which would be protected if disclosed in a traditional medical setting, “can be captured, shared and sold when online users enter their information into a website.” The Attorney General also stated that “website disclosure about the extent to which information is captured or shared is buried in privacy policies not found on the websites’ main pages.”

On July 30-31, 2013, the Cyber and Intelligence Committees of the Armed Forces Communications and Electronics Association (AFCEA) will host the 2013 AFCEA Global Intelligence Forum at the National Press Club in Washington, D.C. This year’s conference theme, “Defining the Role of Intelligence for Cyber Mission,” explores how leaders in the intelligence community can work together to help “ensure free and secure cyberspace operations – from setting requirements, to collecting and analyzing data, to delivering insights and recommendations.” The conference also ...

On July 12, 2013, during the Centre for Information Policy Leadership’s First Friday call, José Alejandro Bermúdez Durana, Deputy Superintendent for Data Protection for Colombia’s Superintendency of Industry and Commerce, discussed the secondary regulations issued on June 27, 2013 to implement Colombia’s omnibus data protection law enacted in 2012. The Deputy Superintendent discussed key aspects of the regulations, and provided information regarding additional regulations that are needed to implement binding codes of conduct.

On June 25, 2013, the Belgian Data Protection Authority (the “Privacy Commission”) and the Belgian Ministry of Justice agreed on a Protocol establishing new rules for the approval of international data transfer agreements.

Senior Attorney Rosemary Jay reports from London:

On June 25, 2013, Advocate-General Jääskinen of the European Court of Justice (“ECJ”) delivered his Opinion in Google Spain S.L. and Google Inc. v Agencia Española de Protección de Datos (Case C-131/12, “Google v AEPD” or the “case”).

The case concerns Google Search results, and whether individuals have a right to erasure of search result links about them. The Opinion concludes that under current law, individuals have no such right. The European Commission’s proposed General Data Protection Regulation (the “Proposed Regulation”) would introduce a right to be forgotten. However, this Opinion appears to demonstrate unease with the basic concept of such a right.

In a recording prepared for the Centre for Information Policy Leadership at Hunton & Williams LLP’s (“Centre’s”) annual retreat, former UK Information Commissioner and Centre Global Strategy Advisor Richard Thomas discussed some of the challenges facing Big Data with respect to the purpose limitation principle set out in Article 6(1)(b) of the current EU Data Protection Directive 95/46/EC. In April 2013, the Article 29 Working Party adopted an Opinion on this topic, focusing on how to apply the purpose limitation principle in the Big Data context. Richard Thomas ...

The American Bar Association Journal is compiling a list of the 100 best legal blogs of 2013 and is inviting readers to submit nominations. Click the voting button below to submit a nomination for Hunton & Williams’ Privacy and Information Security Law. PR News named Hunton & Williams’ Privacy Blog the Best Legal PR Blog of 2011.

Submissions are accepted through August 9, so please vote!

On July 11, 2013, the Department of Health and Human Services (“HHS”) announced a resolution agreement and $1.7 million settlement with WellPoint Inc. following a security breach that affected over 600,000 individuals.