Provisions of the FTC’s revised rule that regulate advertisements for free credit reports become effective April 2, 2010. As required by the Credit CARD Act of 2009, the FTC promulgated the revised rule on February 22, 2010, to prevent the deceptive marketing of free credit reports by companies that required consumers to sign up for paid products and services such as credit monitoring in order to receive the reports.
On February 19, 2010, the Court of Appeals of Versailles (the “Court”) upheld the unlimited seizure and review of a company’s emails by several agents of the French Competition Authority (Autorité de la Concurrence). The agents had been authorized by a lower court judge to inspect the emails pursuant to an investigation into an alleged abuse of dominant position in the pharmaceutical market.
On March 17, 2010, the French Data Protection Authority (the “CNIL”) published a report concerning on-site inspections and outlined its objectives for the coming year. In the report, which was adopted on February 18, 2010, the CNIL indicated that it intends to conduct at least 300 on-site inspections throughout France in 2010, with a special focus on the following issues:
- ensuring compliance with CNIL decisions, in particular the CNIL’s standards for simplified notifications;
- verifying that data controllers comply with the technical recommendations defined in their registration forms; and
- assessing the effectiveness of data protection officers within organizations.
On March 17, 2010, the Federal Trade Commission convened the last of its three-part series of roundtable discussions entitled “Exploring Privacy.” In her opening remarks, outgoing Commissioner Pamela Jones Harbour emphasized the critical importance of privacy to consumers, stating that “consumer privacy cannot be run in beta,” and that companies often inappropriately expose consumer data during new product rollout. David Vladeck, Director of the FTC’s Bureau of Consumer Protection, then set the stage by invoking the “notice is broken” theme that recurred during the first two roundtables on December 7, 2009, and January 28, 2010, and was echoed by participants in the March 17 event.
Earlier this year, the EU’s Article 29 Working Party published an opinion finding that Israeli data protection law largely provides an “adequate level of data protection” under EU Data Protection Directive 95/46/EC. The recommendation breaks new ground. Law professor Omer Tene, who acted as an advisor to the Israeli government during the process, discussed Israel’s approval during this recorded segment from the Centre for Information Policy Leadership’s “First Friday” call on March 5, 2010.
The Wall Street Journal is reporting that outgoing FTC Commissioner Pamela Jones Harbour criticized technology companies for publicly exposing consumer data, particularly during the rollout of new products. Ms. Harbour lamented that companies do not take consumer privacy seriously. She singled out the launch of Google Buzz as irresponsible conduct by “one of the greatest technology leaders of our time.” Consumer advocates raised alarm when Google Buzz initially established Google Gmail users’ social network connections automatically based on the users’ email and chat contacts, and made that list public by default. Ms. Harbour reiterated the advocates’ sentiment by stating that, from the time the product launched, consumers rather than Google should have decided whether or not to subscribe to the features that could expose their contact data. Soon after the launch, Google changed the defaults to allow users more control. Google put forth a conciliatory message, stating that user transparency and control are top priorities for the company and that Google is continuing to improve Buzz based on the feedback the company receives.
In a decision handed down on February 25, 2010, the French Constitutional Court ruled that the right to privacy derives from Article 2 of the Declaration of Human Rights, and is therefore considered a constitutional right under French law. The Court also ruled that the legislature must strike a balance between the right to privacy and other fundamental interests, such as preventing threats to public safety, which are necessary to preserve constitutional rights and principles.
In conjunction with the celebration of its 10th anniversary on March 16, the International Association of Privacy Professionals is releasing a white paper on the future of the privacy profession entitled, “A Call for Agility: The Next-Generation Privacy Professional.” When the IAPP initially was formed, the role of the chief privacy officer was newly emerging following the dot-com boom. Over the past 10 years, the exponential increase in data collection and retention have propelled the privacy professional into senior levels of management. Reflecting the growth of the privacy professional’s role, the IAPP’s membership has grown to include over 6,500 privacy professionals from businesses, governments and academic institutions across 50 countries.
In 2009, for the first time in three years, more publicly reported data security breaches were caused by hackers than by other sources, such as insider theft. The nonprofit Identity Theft Resource Center (“ITRC”) tracks breaches involving five categories of data loss: (i) “data on the move,” such as lost laptops; (ii) accidental exposure; (iii) insider theft; (iv) losses involving subcontractors; and (v) hacking. The ITRC’s 2009 Breach Report analyzed 498 publicly reported breaches affecting over 222 million total records, concluding that hacking may be on the rise.
According to BNA’s Privacy Law Watch, on March 8, 2010, Senator Patrick Leahy asked President Obama to nominate members for the dormant Privacy and Civil Liberties Oversight Board. The Board, which was created in 2004 upon the recommendation of the 9/11 Commission, focuses on ensuring that privacy and civil liberties concerns are incorporated into anti-terrorism laws and regulations. Although President Obama had pledged in May 2009 to reconstitute the board, which has had no members since January 2008, privacy advocates say that his focus on cybersecurity issues has delayed ...
Search
Recent Posts
Categories
- Behavioral Advertising
- Centre for Information Policy Leadership
- Children’s Privacy
- Cyber Insurance
- Cybersecurity
- Enforcement
- European Union
- Events
- FCRA
- Financial Privacy
- General
- Health Privacy
- Identity Theft
- Information Security
- International
- Marketing
- Multimedia Resources
- Online Privacy
- Security Breach
- U.S. Federal Law
- U.S. State Law
- Workplace Privacy
Tags
- Aaron Simpson
- Accountability
- Adequacy
- Advertisement
- Advertising
- American Privacy Rights Act
- Anna Pateraki
- Anonymization
- Anti-terrorism
- APEC
- Apple Inc.
- Argentina
- Arkansas
- Article 29 Working Party
- Artificial Intelligence
- Australia
- Austria
- Automated Decisionmaking
- Baltimore
- Bankruptcy
- Belgium
- Biden Administration
- Big Data
- Binding Corporate Rules
- Biometric Data
- Blockchain
- Bojana Bellamy
- Brazil
- Brexit
- British Columbia
- Brittany Bacon
- Brussels
- Business Associate Agreement
- BYOD
- California
- CAN-SPAM
- Canada
- Cayman Islands
- CCPA
- CCTV
- Chile
- China
- Chinese Taipei
- Christopher Graham
- CIPA
- Class Action
- Clinical Trial
- Cloud
- Cloud Computing
- CNIL
- Colombia
- Colorado
- Commodity Futures Trading Commission
- Compliance
- Computer Fraud and Abuse Act
- Congress
- Connecticut
- Consent
- Consent Order
- Consumer Protection
- Cookies
- COPPA
- Coronavirus/COVID-19
- Council of Europe
- Council of the European Union
- Court of Justice of the European Union
- CPPA
- CPRA
- Credit Monitoring
- Credit Report
- Criminal Law
- Critical Infrastructure
- Croatia
- Cross-Border Data Flow
- Cyber Attack
- Cybersecurity
- Cybersecurity and Infrastructure Security Agency
- Data Brokers
- Data Controller
- Data Localization
- Data Privacy Framework
- Data Processor
- Data Protection Act
- Data Protection Authority
- Data Protection Impact Assessment
- Data Transfer
- David Dumont
- David Vladeck
- Delaware
- Denmark
- Department of Commerce
- Department of Health and Human Services
- Department of Homeland Security
- Department of Justice
- Department of the Treasury
- Disclosure
- District of Columbia
- Do Not Call
- Do Not Track
- Dobbs
- Dodd-Frank Act
- DPIA
- E-Privacy
- E-Privacy Directive
- Ecuador
- Ed Tech
- Edith Ramirez
- Electronic Communications Privacy Act
- Electronic Privacy Information Center
- Elizabeth Denham
- Employee Monitoring
- Encryption
- ENISA
- EU Data Protection Directive
- EU Member States
- European Commission
- European Data Protection Board
- European Data Protection Supervisor
- European Parliament
- Facial Recognition
- Facial Recognition Technology
- FACTA
- Fair Information Practice Principles
- Federal Aviation Administration
- Federal Bureau of Investigation
- Federal Communications Commission
- Federal Data Protection Act
- Federal Trade Commission
- FERC
- FinTech
- Florida
- Food and Drug Administration
- Foreign Intelligence Surveillance Act
- France
- Franchise
- Fred Cate
- Freedom of Information Act
- Freedom of Speech
- Fundamental Rights
- GDPR
- Geofencing
- Geolocation
- Georgia
- Germany
- Global Privacy Assembly
- Global Privacy Enforcement Network
- Gramm Leach Bliley Act
- Hacker
- Hawaii
- Health Data
- Health Information
- HIPAA
- HIPPA
- HITECH Act
- Hong Kong
- House of Representatives
- Hungary
- Illinois
- India
- Indiana
- Indonesia
- Information Commissioners Office
- Information Sharing
- Insurance Provider
- Internal Revenue Service
- International Association of Privacy Professionals
- International Commissioners Office
- Internet
- Internet of Things
- IP Address
- Ireland
- Israel
- Italy
- Jacob Kohnstamm
- Japan
- Jason Beach
- Jay Rockefeller
- Jenna Rode
- Jennifer Stoddart
- Jersey
- Jessica Rich
- John Delionado
- John Edwards
- Kentucky
- Korea
- Latin America
- Laura Leonard
- Law Enforcement
- Lawrence Strickling
- Legislation
- Legislature
- Liability
- Lisa Sotto
- Litigation
- Location-Based Services
- London
- Madrid Resolution
- Maine
- Malaysia
- Markus Heyder
- Maryland
- Massachusetts
- Meta
- Mexico
- Microsoft
- Minnesota
- Mobile App
- Mobile Device
- Montana
- Morocco
- MySpace
- Natascha Gerlach
- National Institute of Standards and Technology
- National Labor Relations Board
- National Science and Technology Council
- National Security
- National Security Agency
- National Telecommunications and Information Administration
- Nebraska
- NEDPA
- Netherlands
- Nevada
- New Hampshire
- New Jersey
- New Mexico
- New York
- New Zealand
- Nigeria
- Ninth Circuit
- North Carolina
- Norway
- Obama Administration
- OECD
- Office for Civil Rights
- Office of Foreign Assets Control
- Ohio
- Online Behavioral Advertising
- Opt-In Consent
- Oregon
- Outsourcing
- Pakistan
- Parental Consent
- Paul Tiao
- Payment Card
- PCI DSS
- Penalty
- Pennsylvania
- Personal Data
- Personal Health Information
- Personal Information
- Personally Identifiable Information
- Peru
- Philippines
- Phyllis Marcus
- Poland
- PRISM
- Privacy By Design
- Privacy Policy
- Privacy Rights
- Privacy Rule
- Privacy Shield
- Protected Health Information
- Ransomware
- Record Retention
- Red Flags Rule
- Rhode Island
- Richard Thomas
- Right to Be Forgotten
- Right to Privacy
- Risk-Based Approach
- Rosemary Jay
- Russia
- Safe Harbor
- Sanctions
- Schrems
- Scott Kimpel
- Securities and Exchange Commission
- Security Rule
- Senate
- Serbia
- Service Provider
- Singapore
- Smart Grid
- Smart Metering
- Social Media
- Social Security Number
- South Africa
- South Carolina
- South Korea
- Spain
- Spyware
- Standard Contractual Clauses
- State Attorneys General
- Steven Haas
- Stick With Security Series
- Stored Communications Act
- Student Data
- Supreme Court
- Surveillance
- Sweden
- Switzerland
- Taiwan
- Targeted Advertising
- Telecommunications
- Telemarketing
- Telephone Consumer Protection Act
- Tennessee
- Terry McAuliffe
- Texas
- Text Message
- Thailand
- Transparency
- Transportation Security Administration
- Trump Administration
- United Arab Emirates
- United Kingdom
- United States
- Unmanned Aircraft Systems
- Uruguay
- Utah
- Vermont
- Video Privacy Protection Act
- Video Surveillance
- Virginia
- Viviane Reding
- Washington
- WeProtect Global Alliance
- Whistleblowing
- Wireless Network
- Wiretap
- ZIP Code