Privacy & Information Security Law Blog

On May 10, 2013, CBS News interviewed two cybersecurity authorities to discuss the growing debate of privacy online. In the feature, entitled “Should there be a ‘right to be forgotten’ online?,” Lisa J. Sotto, partner and head of the Privacy and Data Security practice at Hunton & Williams LLP, talked about the problem of individuals’ rights to delete their online activity. She pointed out that the U.S. has no comprehensive online privacy law, and instead has a framework “comprised of a patchwork quilt of laws.” ...

A state court has dismissed the California Attorney General’s claims that Delta Air Lines Inc. (“Delta”) violated the California Online Privacy Protection Act by failing to have an appropriately posted privacy policy for its mobile application, Bloomberg reports. The California AG sued Delta in December as part of an enforcement campaign that began with the issuance of warning letters to approximately 100 operators of mobile apps, including Delta. According to the Bloomberg report, a basis for the dismissal was the federal Airline Deregulation Act, under which a state ...

On May 7, 2013, the Federal Trade Commission announced that it issued letters to ten data broker companies warning that their practices could violate prohibitions against selling consumer information under the Fair Credit Reporting Act (“FCRA”). The FTC identified the ten data broker companies after a test-shopping operation that indicated these companies were willing to sell consumer information without adhering to FCRA requirements.

On April 30, 2013, the regional court of Berlin enjoined Apple Sales International, which is based in Ireland, (“Apple”) from relying on eight of its existing standard data protection clauses in contracts with customers based in Germany. The court also prohibited Apple’s future use of such clauses.

On May 3, 2013, the German Federal Council (Bundesrat) passed a new bill regarding access to telecom user data, such as names, addresses, passwords and credit card PIN codes. This comes after the German Federal Diet (Bundestag) passed the German government’s bill on March 21, 2013, which amends, among other laws, Germany’s Federal Telecommunications Act.

On May 6, 2013, the Global Privacy Enforcement Network (“GPEN”) announced its first “Internet Privacy Sweep,” in which 19 data protection authorities are participating. This joint effort, which runs May 6-12, 2013, involves a review of the information notices posted online by major websites.

In April 2013, the Ministry of Industry and Information Technology of the People’s Republic of China (the “MIIT”) issued a new rule entitled the “Notice on Strengthening the Administration of Networked Smart Mobile Devices” (the “Notice”). This Notice, which will become effective on November 1, 2013, was issued in draft form in June 2012 along with a request for public comment.

On May 6, 2013, the Federal Trade Commission announced that it had voted unanimously to reject a request from industry groups to delay the July 1, 2013 deadline for implementation of the updated Children’s Online Privacy Protection Rule (the “Rule”). The groups had argued that the delay was necessary because they needed more time to comply with the changes to the Rule, which the FTC promulgated on December 19, 2012. In its response to the groups, the FTC asserted that the groups have been on notice of the changes since the beginning of the rulemaking process over three years ago, and ...

On May 6, 2013, the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (“LIBE”) discussed the progress of the proposed General Data Protection Regulation (”Proposed Regulation”). LIBE’s lead rapporteur, Jan Philipp Albrecht, noted that, in light of the significant number of amendments tabled, more time is needed for the other rapporteurs to deliberate. As a result, the vote originally scheduled for May 29, 2013 on the lead rapporteur’s report regarding amendments to the Proposed Regulation has been postponed.

On May 7, 2013, the hacker group Anonymous announced that it, in concert with Middle East- and North Africa-based criminal hackers and cyber actors, will conduct a coordinated online attack labeled “OpUSA” against banking and government websites today. Anonymous stated that OpUSA will be a distributed denial of service (“DDoS”) in which websites may be defaced and legitimate users may be unable to access websites.