On October 11, 2010, the French Data Protection Authority (the “CNIL”) released guidance (the “Guidance”) on data protection issues related to the outsourcing of data processing activities to non-EU countries (Les questions posées pour la protection des données personnelles par l’externalisation hors de l’Union européenne des traitements informatiques).
The Guidance was prepared following interviews held in 2009 by the CNIL’s international affairs department with consultancy groups, law firms advising on outsourcing deals, and companies actively engaged in offshore activities. The interviews were conducted to provide the CNIL with insight regarding the impact of data protection requirements on outsourcing activities. The Guidance is part of a broader analysis of the concepts of data controller and data processor carried out by the Article 29 Working Party (see the Working Party’s Opinion on the concepts of controller and processor).
As reported in Hunton & Williams' Employment & Labor Perspectives blog:
A recent New York state trial court decision, Romano v. Steelcase Inc., et al., is representative of a recent trend of parties seeking, and courts permitting, discovery of information on social networking sites such as Facebook and MySpace. Rejecting the plaintiff’s privacy concerns, the Romano court held that such information is discoverable because the plaintiff’s damages are at issue. The court ordered the release of the plaintiff’s postings, pictures and other information on the social networking sites.
On October 19, 2010, Federal Trade Commissioner Julie Brill indicated that the FTC’s forthcoming behavioral advertising report will recommend a self-regulatory framework, as opposed to new legislation, to help protect consumers’ privacy. Mediapost.com reported that Ms. Brill offered suggestions on improving privacy practices with respect to Internet advertising, such as by providing “consistent and simplified notice about online tracking and ad-serving,” and that such notice should focus more on the unexpected or non-obvious uses of data (such as an e-commerce company’s transfer of consumers’ addresses to shipping companies).
In November 2009, the French Secretary of State in charge of the digital economy, Nathalie Kosciusko-Morizet, launched a wide-ranging campaign designed to secure the “right to be forgotten” on the Internet (“droit à l’oubli”). The main objectives of the initiative were to: (1) educate Internet users about their exposure to privacy risks on the Internet; (2) encourage professionals to adopt codes of good practice and to develop privacy-enhancing tools; and (3) foster data protection and the right to be forgotten at both the national and EU level.
On September 20, 2010, the German government under the leadership of the Federal Minister of the Interior held a summit on “Digitization of Cities and States - Opportunities and Limits of Private and Public Geo Data Services.” Approximately 50 experts attended, including the Federal Minister of Food, Agriculture and Consumer Protection, the Federal Minister of Justice and representatives from various companies, such as Deutsche Telekom, Google, Microsoft, Apple Inc., OpenStreetMap and panogate. Numerous data protection authorities attended as well, including the Federal Commissioner for Data Protection and Freedom of Information, the Chair of the Düsseldorfer Kreis and the DPA of Hamburg. The discussions at the summit were based on a discussion paper issued by the Federal Minister of the Interior.
On October 15, 2010, the Article 29 Working Party published an Opinion finding that Uruguay ensures an adequate level of protection within the meaning of the European Data Protection Directive (Article 25(6) of Directive 95/46/EC).
This Opinion was issued pursuant to an official request Uruguay filed with the European Commission in October 2008. While the Article 29 Working Party’s Opinion is an important step toward adequacy, the European Commission must now make a formal decision that the Uruguayan legal framework provides an adequate level of data protection under EU data protection law. The European Commission will take the Article 29 Working Party’s Opinion into account when determining whether to issue an “adequacy decision” in the coming months. As recently illustrated by the adequacy procedure for Israel, this process may prove to be difficult.
Following its recent enactment of an omnibus data protection law, Mexico has been unanimously elected to lead the Ibero-American Data Protection Network, a consortium of the governments of Spain, Portugal, Andorra and 19 Latin American countries. The group’s mission is to foster, maintain and strengthen an exchange of information, experience and knowledge among Ibero-American countries through dialogue and collaboration on issues related to personal data protection. The IFAI announced on September 29, 2010, that Jacqueline Peschard, head of Mexico’s Federal ...
On October 5, 2010, the Commission for Economic Affairs of the French National Assembly introduced a Resolution (the “Resolution”) to support the International Standards on the Protection of Personal Data and Privacy adopted in Madrid on November 5, 2009, at the 31st International Conference of Data Protection and Privacy Commissioners (also known as the “Madrid Resolution”).
The Resolution states: “the right to privacy is a fundamental value in our society; the development of information and communication systems must be contained in order to prevent uses of personal data which threaten this right.
On behalf of a group of interested parties (the “Group”), Hunton & Williams and Acxiom submitted a response to the UK Ministry of Justice’s (“MoJ”) recent Call for Evidence on the effectiveness of current data protection legislation in the UK. The Group is comprised of representatives from more than 40 organizations, including Barclays Bank, Dell, Fujitsu and GE Capital, all of which are committed to using personal data responsibly. Hunton & Williams and Acxiom, a global leader in interactive marketing services, with the attendance of the Group, worked together over the last two months to host two discussion meetings, and produced a submission summarizing the Group’s views.
On October 5, 2010, the Department of Energy (“DOE”) released a report entitled “Data Access and Privacy Issues Related to Smart Grid Technologies.” The idea behind the Smart Grid is that electricity can be delivered more efficiently using data collected through monitoring consumers’ energy use. In connection with the preparation of its report, the DOE surveyed industry, state and federal practices with respect to Smart Grid technologies, focusing on the issue of residential consumer data security and privacy. The DOE noted that advanced meters or “smart meters” were a focal point of the report due to their “ability to measure, record and transmit granular individual consumption.” That said, a Smart Grid consists of “hundreds of technologies and thousands of components, most of which do not generate data relevant to consumer privacy.”
Search
Recent Posts
Categories
- Behavioral Advertising
- Centre for Information Policy Leadership
- Children’s Privacy
- Cyber Insurance
- Cybersecurity
- Enforcement
- European Union
- Events
- FCRA
- Financial Privacy
- General
- Health Privacy
- Identity Theft
- Information Security
- International
- Marketing
- Multimedia Resources
- Online Privacy
- Security Breach
- U.S. Federal Law
- U.S. State Law
- Workplace Privacy
Tags
- Aaron Simpson
- Accountability
- Adequacy
- Advertisement
- Advertising
- American Privacy Rights Act
- Anna Pateraki
- Anonymization
- Anti-terrorism
- APEC
- Apple Inc.
- Argentina
- Arkansas
- Article 29 Working Party
- Artificial Intelligence
- Australia
- Austria
- Automated Decisionmaking
- Baltimore
- Bankruptcy
- Belgium
- Biden Administration
- Big Data
- Binding Corporate Rules
- Biometric Data
- Blockchain
- Bojana Bellamy
- Brazil
- Brexit
- British Columbia
- Brittany Bacon
- Brussels
- Business Associate Agreement
- BYOD
- California
- CAN-SPAM
- Canada
- Cayman Islands
- CCPA
- CCTV
- Chile
- China
- Chinese Taipei
- Christopher Graham
- CIPA
- Class Action
- Clinical Trial
- Cloud
- Cloud Computing
- CNIL
- Colombia
- Colorado
- Commodity Futures Trading Commission
- Compliance
- Computer Fraud and Abuse Act
- Congress
- Connecticut
- Consent
- Consent Order
- Consumer Protection
- Cookies
- COPPA
- Coronavirus/COVID-19
- Council of Europe
- Council of the European Union
- Court of Justice of the European Union
- CPPA
- CPRA
- Credit Monitoring
- Credit Report
- Criminal Law
- Critical Infrastructure
- Croatia
- Cross-Border Data Flow
- Cyber Attack
- Cybersecurity
- Cybersecurity and Infrastructure Security Agency
- Data Brokers
- Data Controller
- Data Localization
- Data Privacy Framework
- Data Processor
- Data Protection Act
- Data Protection Authority
- Data Protection Impact Assessment
- Data Transfer
- David Dumont
- David Vladeck
- Delaware
- Denmark
- Department of Commerce
- Department of Health and Human Services
- Department of Homeland Security
- Department of Justice
- Department of the Treasury
- Disclosure
- District of Columbia
- Do Not Call
- Do Not Track
- Dobbs
- Dodd-Frank Act
- DPIA
- E-Privacy
- E-Privacy Directive
- Ecuador
- Ed Tech
- Edith Ramirez
- Electronic Communications Privacy Act
- Electronic Privacy Information Center
- Elizabeth Denham
- Employee Monitoring
- Encryption
- ENISA
- EU Data Protection Directive
- EU Member States
- European Commission
- European Data Protection Board
- European Data Protection Supervisor
- European Parliament
- Facial Recognition
- Facial Recognition Technology
- FACTA
- Fair Information Practice Principles
- Federal Aviation Administration
- Federal Bureau of Investigation
- Federal Communications Commission
- Federal Data Protection Act
- Federal Trade Commission
- FERC
- FinTech
- Florida
- Food and Drug Administration
- Foreign Intelligence Surveillance Act
- France
- Franchise
- Fred Cate
- Freedom of Information Act
- Freedom of Speech
- Fundamental Rights
- GDPR
- Geofencing
- Geolocation
- Georgia
- Germany
- Global Privacy Assembly
- Global Privacy Enforcement Network
- Gramm Leach Bliley Act
- Hacker
- Hawaii
- Health Data
- Health Information
- HIPAA
- HIPPA
- HITECH Act
- Hong Kong
- House of Representatives
- Hungary
- Illinois
- India
- Indiana
- Indonesia
- Information Commissioners Office
- Information Sharing
- Insurance Provider
- Internal Revenue Service
- International Association of Privacy Professionals
- International Commissioners Office
- Internet
- Internet of Things
- IP Address
- Ireland
- Israel
- Italy
- Jacob Kohnstamm
- Japan
- Jason Beach
- Jay Rockefeller
- Jenna Rode
- Jennifer Stoddart
- Jersey
- Jessica Rich
- John Delionado
- John Edwards
- Kentucky
- Korea
- Latin America
- Laura Leonard
- Law Enforcement
- Lawrence Strickling
- Legislation
- Legislature
- Liability
- Lisa Sotto
- Litigation
- Location-Based Services
- London
- Madrid Resolution
- Maine
- Malaysia
- Markus Heyder
- Maryland
- Massachusetts
- Meta
- Mexico
- Microsoft
- Minnesota
- Mobile App
- Mobile Device
- Montana
- Morocco
- MySpace
- Natascha Gerlach
- National Institute of Standards and Technology
- National Labor Relations Board
- National Science and Technology Council
- National Security
- National Security Agency
- National Telecommunications and Information Administration
- Nebraska
- NEDPA
- Netherlands
- Nevada
- New Hampshire
- New Jersey
- New Mexico
- New York
- New Zealand
- Nigeria
- Ninth Circuit
- North Carolina
- Norway
- Obama Administration
- OECD
- Office for Civil Rights
- Office of Foreign Assets Control
- Ohio
- Online Behavioral Advertising
- Opt-In Consent
- Oregon
- Outsourcing
- Pakistan
- Parental Consent
- Paul Tiao
- Payment Card
- PCI DSS
- Penalty
- Pennsylvania
- Personal Data
- Personal Health Information
- Personal Information
- Personally Identifiable Information
- Peru
- Philippines
- Phyllis Marcus
- Poland
- PRISM
- Privacy By Design
- Privacy Policy
- Privacy Rights
- Privacy Rule
- Privacy Shield
- Protected Health Information
- Ransomware
- Record Retention
- Red Flags Rule
- Rhode Island
- Richard Thomas
- Right to Be Forgotten
- Right to Privacy
- Risk-Based Approach
- Rosemary Jay
- Russia
- Safe Harbor
- Sanctions
- Schrems
- Scott Kimpel
- Securities and Exchange Commission
- Security Rule
- Senate
- Serbia
- Service Provider
- Singapore
- Smart Grid
- Smart Metering
- Social Media
- Social Security Number
- South Africa
- South Carolina
- South Korea
- Spain
- Spyware
- Standard Contractual Clauses
- State Attorneys General
- Steven Haas
- Stick With Security Series
- Stored Communications Act
- Student Data
- Supreme Court
- Surveillance
- Sweden
- Switzerland
- Taiwan
- Targeted Advertising
- Telecommunications
- Telemarketing
- Telephone Consumer Protection Act
- Tennessee
- Terry McAuliffe
- Texas
- Text Message
- Thailand
- Transparency
- Transportation Security Administration
- Trump Administration
- United Arab Emirates
- United Kingdom
- United States
- Unmanned Aircraft Systems
- Uruguay
- Utah
- Vermont
- Video Privacy Protection Act
- Video Surveillance
- Virginia
- Viviane Reding
- Washington
- WeProtect Global Alliance
- Whistleblowing
- Wireless Network
- Wiretap
- ZIP Code