On June 24, 2011, the U.S. Department of Commerce’s International Trade Administration released a PowerPoint presentation on Mexico’s new private sector data protection law that was shared at a meeting of the OECD Working Party on Information Security and Privacy by Mexico’s Ministry of Economy and Federal Institute for Access to Information and Data Protection (“IFAI”). The presentation provides guidance on the creation of privacy notices and establishment of self-regulatory schemes, and also outlines the responsibilities of the Ministry of Economy and the IFAI ...
On June 8, 2011, the Department of Commerce’s Internet Policy Task Force released a report entitled “Cybersecurity, Innovation and the Internet Economy.” The report contains four broad policy recommendations: (1) the creation of a nationally recognized approach to minimize vulnerabilities for the Internet and networking services industry, (2) the development of incentives to combat cybersecurity threats, (3) increased cybersecurity education and research, and (4) the promotion of international cooperation to enable sharing of cybersecurity best practices.
On March 16, 2011, U.S. Department of Commerce Assistant Secretary for Communications and Information Lawrence Strickling called on Congress to enact robust, baseline legislation to “reform consumer data privacy in the Internet economy.” Speaking before the U.S. Senate Committee on Commerce, Science and Transportation, Assistant Secretary Strickling emphasized the Department of Commerce’s support for a legislative proposal that would adopt many of the recommendations of the “Green Paper,” a Department report authored last December.
On January 28, 2011, the Centre for Information Policy Leadership at Hunton & Williams LLP filed comments with the United States Department of Commerce in which the Centre stressed privacy governance based on data stewardship by accountable organizations. The Centre was one of a number of organizations that submitted comments in response to the Department of Commerce’s privacy paper, “Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework,” which was released in December 2010. The theme of today’s comments is similar to that which the Centre suggested earlier this month in its comments responding to the European Commission’s consultation paper.
On January 11, 2011, Michelle O’Neill, U.S. Department of Commerce Deputy Under Secretary for International Trade, held a briefing on her November 2010 meetings in Brussels with European data protection authorities. She discussed a data protection and privacy forum that was convened in November at which she met with several high-level European regulators, including Jacob Kohnstamm, Viviane Reding and Peter Hustinx. O’Neill mentioned “the right to be forgotten” as a current hot-button issue in Europe. Commissioner Reding, who is firmly in charge of the reconsideration of the EU Data Protection Directive, focused on ensuring easier compliance with EU data protection rules and greater harmonization among Member States. O’Neill stated that Peter Hustinx was encouraged by the work ongoing in the United States, including the “Green Paper” issued by the Department of Commerce. He considers the various U.S. efforts a basis for further dialogue with U.S. authorities. O’Neill noted that comments to the EU consultation are due January 15, 2011. The Department of Commerce intends to file a response.
The Centre for Information Policy Leadership at Hunton & Williams has issued the following statement about the U.S. Department of Commerce’s “Green Paper” released on December 16:
The Centre for Information Policy Leadership congratulates the Department of Commerce on the release of its Green Paper, entitled “Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework,” and commends the Department for the extensive outreach and research it conducted to inform the document.
As previously reported, on December 16, 2010, the U.S. Department of Commerce released its Green Paper “aimed at promoting consumer privacy online while ensuring the Internet remains a platform that spurs innovation, job creation, and economic growth.”
During a press teleconference earlier that morning announcing the release of the Green Paper, Secretary Gary Locke commented on the Green Paper’s recommendation of adopting a baseline commercial data privacy framework, or a “privacy bill of rights,” built on an expanded, revitalized set of Fair Information Practice Principles (“FIPPs”). He indicated that baseline FIPPs would respond to consumer concerns and help increase consumer trust. The Secretary emphasized that the Department of Commerce would look to stakeholders to help flesh out appropriate frameworks for specific industry sectors and various types of data processing. He also noted that the agency is soliciting comments on how best to give the framework the “teeth” necessary to make it effective. The Secretary added that the Department of Commerce is also open to public comment regarding whether the framework should be enforced through legislation or simply by conferring power on the Federal Trade Commission.
On December 16, 2010, the U.S. Department of Commerce Internet Policy Task Force issued its “Green Paper” on privacy, entitled “Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework.” The Green Paper outlines Commerce’s privacy recommendations and proposed initiatives, which contemplate the establishment of enforceable codes of conduct, collaboration among privacy stakeholders, and the creation of a Privacy Policy Office in the Department of Commerce. Noting that “privacy protections are crucial to maintaining the consumer trust that nurtures the Internet’s growth,” the Green Paper “recommends reinvigorating the commitment to providing consumers with effective transparency into data practices, and outlines a process for translating transparency into consumer choices through a voluntary, multistakeholder process.”
On December 2, 2010, discussions about privacy continued at a hearing on “Do Not Track Legislation: Is Now the Right Time?” held by the U.S. House of Representatives Committee on Energy and Commerce, Subcommittee on Commerce, Trade and Consumer Protection. The hearing focused on a variety of consumer privacy issues, including the implications and challenges of a Do Not Track mechanism, the consumer’s desire for more control over the collection and use of their data and tracking practices, and the need to preserve an advertising supported Internet that promotes economic growth through online business.
On November 15, 2010, the Centre for Information Policy Leadership filed comments with the Department of Commerce in response to the Department’s Notice of Inquiry (“NOI”) on the Global Free Flow of Information on the Internet. The NOI was issued pursuant to an examination by the Department’s Internet Policy Task Force of issues related to restrictions on information flows on the Internet. The NOI poses wide-ranging questions related to why such restrictions were instituted; the impact restrictions may have on innovation, economic development, global trade and investment; and how best to deal with any negative effects. In the NOI, the Department acknowledges the benefits that businesses, emerging entrepreneurs and consumers derive from the ability to transmit information quickly and efficiently both domestically and internationally. It also recognizes the integral role the free flow of information plays in promoting economic growth and democratic values essential to free markets and free societies. The Department also articulated goals such as helping industry and other stakeholders operate in diverse Internet environments, and identifying policies that will advance economic growth and create job opportunities for Americans.
Earlier today, a Department of Commerce official briefed Hunton & Williams and Centre for Information Policy Leadership representatives on the Department’s forthcoming “Green Paper” on privacy. On November 12, 2010, Telecommunications Reports Daily published an article based on information obtained from an unofficial, pre-release draft version of the Green Paper. It remains to be seen which portions of the leaked draft ultimately will survive the interagency approval process currently underway. The Department of Commerce representative emphasized that the content of the draft Green Paper currently undergoing review is consistent with Assistant Secretary of Commerce Larry Strickling’s October 27, 2010, speech in Jerusalem. In his speech, Secretary Strickling explained that the Department is calling it a “Green” Paper, “not because of its environmental impact, but because it contains both recommendations and a further set of questions on topics about which [the Department] seek[s] further input.”
The White House recently announced on its official blog that the National Science and Technology Council’s Committee on Technology has launched a new Subcommittee on Privacy and Internet Policy. The subcommittee will be co-chaired by a representative from the Department of Commerce and the Department of Justice and will include representatives from over a dozen other departments and federal agencies, such as the Department of Health and Human Services and the National Security Council. The goal of the subcommittee is to “develop principles and strategic directions” that will foster “consensus in legislative, regulatory, and international Internet policy realms.” Some of these principles include “facilitating transparency, promoting cooperation, empowering individuals to make informed and intelligent choices, strengthening multi-stakeholder governance models, and building trust in online environments.”
The International Conference of Data Protection and Privacy Commissioners is convening in Jerusalem. Appropriately, given the ancient history of the host city, the conference theme is “Privacy: Generations.” The debate on Day One has drawn on the founding principles of data protection, but also has heavily focused on the future challenges in safeguarding the fundamental rights of privacy and data protection in a world of ubiquitous computing and social networking.
The tone was set in the opening plenary when Dr. Yuval Steinitz, the Israeli Minister of Finance, reminded us of the key tensions in privacy policy. While privacy may be a fundamental tenet of every democracy, individual cultures must make choices between the competing values of privacy and security, and privacy and transparency. The balance between these values, and the priority given to one over the other, will shift over time and from one culture to another. The conference provides a timely opportunity to reassess where that balance currently lies, and what balance may be appropriate in the near future.
The Centre for Information Policy Leadership at Hunton & Williams LLP made ten recommendations in response to the U.S. Department of Commerce’s notice of inquiry, “Information Privacy and Innovation in the Internet Economy.” The Centre’s recommendations strongly suggest that organizational accountability is the key to providing the flexibility needed to use information robustly while protecting the interest of individuals in maintaining private space in a digital age:
“The flexibility to be innovative must be conditioned on the organization’s accountability for the manner in which it uses, manage, and protects data. … To strike the appropriate balance between the value created by data use and the risk that use poses to privacy, organizations must implement privacy processes that are as dynamic as their business processes.”
“The Department of Commerce is back.” With those words Cameron Kerry, General Counsel of the U.S. Department of Commerce, made it clear the Department intends to take a leading role in shaping domestic privacy policy and representing U.S. privacy interests in international discussions. The announcement was made at the May 7, 2010, Department of Commerce symposium, “A Dialogue on Privacy and Innovation,” where the mostly business audience welcomed Mr. Kerry’s declaration with great enthusiasm.
On April 20, 2010, the Department of Commerce (“DOC”) issued a Notice of Inquiry to solicit public feedback “on the impact of current privacy laws in the United States and around the world on the pace of innovation in the information economy.” The aim is to understand “whether current privacy laws serve consumer interests and fundamental democratic values.” To this end, the DOC poses a number of questions, including:
- Is the notice and choice approach to consumer privacy outmoded? Would consumers be better served by a “use-based” model?
- How does compliance with ...
The Department of Commerce (“DOC”) will be holding a public meeting on May 7, 2010, in Washington, D.C., to listen to stakeholders’ views on privacy policies in the United States. This session is part of a broader inquiry by the DOC’s newly created Internet Policy Task Force “whose mission is to identify leading public policy and operational challenges in the Internet environment.” The DOC’s National Telecommunications and Information Administration and the International Trade Administration will issue a notice of inquiry to look at the nexus between innovation ...
On October 6, 2009, the Federal Trade Commission (“FTC”) announced proposed settlement agreements with six companies over charges that they falsely claimed membership in the U.S. Department of Commerce Safe Harbor program. In six separate complaints, the FTC alleged that ExpatEdge Partners LLC, Onyx Graphics, Inc., Directors Desk LLC, Collectify LLC, and Progressive Gaitways LLC deceived consumers by representing that they maintained current certifications to the Safe Harbor program when such certifications had previously lapsed. The terms of the proposed settlement agreements prohibit the companies from misrepresenting their membership in any privacy, security or other compliance program. The six enforcement actions are significant as they mark a considerable uptick in the FTC’s enforcement related to the Safe Harbor program. The FTC recently brought its first enforcement action relevant to the program, which is detailed in our post titled FTC's First Safe Harbor Enforcement Action.
The Federal Trade Commission (“FTC”) has secured a temporary restraining order against a company that allegedly falsely claimed to have self-certified to the EU/U.S. Safe Harbor Program. One count of the FTC's complaint claims that the company (named Balls of Kryptonite, LLC) misled consumers by inaccurately representing that it had self-certified to the U.S. Department of Commerce that it was Safe Harbor compliant. While the FTC has not alleged a substantive violation of the Safe Harbor, this case is significant for two reasons. First, it marks the first time the FTC has brought an enforcement action with respect to the Safe Harbor Program. The court order prohibits the defendants from misrepresenting the extent to which they “are members of, adhere to, comply with, are certified by, are endorsed by, or otherwise participate in any privacy, security, or any other compliance program sponsored by any government or third party.” Second, the FTC acted in concert with the UK Office of Fair Trading after consumers in the UK registered complaints with the FTC using a website established by 25 international consumer protection agencies to facilitate global consumer protection efforts. This is the first time the FTC has used the U.S. SAFE WEB Act of 2006 to enforce consumer protection regulations against a U.S. company operating exclusively outside the United States.
On February 16, 2009, the US-Swiss Safe Harbor Framework, which is comparable to the EU-US Safe Harbor Framework, was adopted. The US-Swiss framework is intended to simplify the transfer of personal data by Swiss companies to American companies that are self-certified with the US Department of Commerce (DOC). Self-certified US companies are bound by the principles contained in the framework. They will automatically be considered as providing an adequate level of data protection under Swiss law.
Search
Recent Posts
Categories
- Behavioral Advertising
- Centre for Information Policy Leadership
- Children’s Privacy
- Cyber Insurance
- Cybersecurity
- Enforcement
- European Union
- Events
- FCRA
- Financial Privacy
- General
- Health Privacy
- Identity Theft
- Information Security
- International
- Marketing
- Multimedia Resources
- Online Privacy
- Security Breach
- U.S. Federal Law
- U.S. State Law
- Workplace Privacy
Tags
- Aaron Simpson
- Accountability
- Adequacy
- Advertisement
- Advertising
- American Privacy Rights Act
- Anna Pateraki
- Anonymization
- Anti-terrorism
- APEC
- Apple Inc.
- Argentina
- Arkansas
- Article 29 Working Party
- Artificial Intelligence
- Australia
- Austria
- Automated Decisionmaking
- Baltimore
- Bankruptcy
- Belgium
- Biden Administration
- Big Data
- Binding Corporate Rules
- Biometric Data
- Blockchain
- Bojana Bellamy
- Brazil
- Brexit
- British Columbia
- Brittany Bacon
- Brussels
- Business Associate Agreement
- BYOD
- California
- CAN-SPAM
- Canada
- Cayman Islands
- CCPA
- CCTV
- Chile
- China
- Chinese Taipei
- Christopher Graham
- CIPA
- Class Action
- Clinical Trial
- Cloud
- Cloud Computing
- CNIL
- Colombia
- Colorado
- Committee on Foreign Investment in the United States
- Commodity Futures Trading Commission
- Compliance
- Computer Fraud and Abuse Act
- Congress
- Connecticut
- Consent
- Consent Order
- Consumer Protection
- Cookies
- COPPA
- Coronavirus/COVID-19
- Council of Europe
- Council of the European Union
- Court of Justice of the European Union
- CPPA
- CPRA
- Credit Monitoring
- Credit Report
- Criminal Law
- Critical Infrastructure
- Croatia
- Cross-Border Data Flow
- Cyber Attack
- Cybersecurity
- Cybersecurity and Infrastructure Security Agency
- Data Brokers
- Data Controller
- Data Localization
- Data Privacy Framework
- Data Processor
- Data Protection Act
- Data Protection Authority
- Data Protection Impact Assessment
- Data Transfer
- David Dumont
- David Vladeck
- Delaware
- Denmark
- Department of Commerce
- Department of Health and Human Services
- Department of Homeland Security
- Department of Justice
- Department of the Treasury
- District of Columbia
- Do Not Call
- Do Not Track
- Dobbs
- Dodd-Frank Act
- DPIA
- E-Privacy
- E-Privacy Directive
- Ecuador
- Ed Tech
- Edith Ramirez
- Electronic Communications Privacy Act
- Electronic Privacy Information Center
- Elizabeth Denham
- Employee Monitoring
- Encryption
- ENISA
- EU Data Protection Directive
- EU Member States
- European Commission
- European Data Protection Board
- European Data Protection Supervisor
- European Parliament
- Facial Recognition Technology
- FACTA
- Fair Credit Reporting Act
- Fair Information Practice Principles
- Federal Aviation Administration
- Federal Bureau of Investigation
- Federal Communications Commission
- Federal Data Protection Act
- Federal Trade Commission
- FERC
- FinTech
- Florida
- Food and Drug Administration
- Foreign Intelligence Surveillance Act
- France
- Franchise
- Fred Cate
- Freedom of Information Act
- Freedom of Speech
- Fundamental Rights
- GDPR
- Geofencing
- Geolocation
- Georgia
- Germany
- Global Privacy Assembly
- Global Privacy Enforcement Network
- Gramm Leach Bliley Act
- Hacker
- Hawaii
- Health Data
- Health Information
- HIPAA
- HIPPA
- HITECH Act
- Hong Kong
- House of Representatives
- Hungary
- Illinois
- India
- Indiana
- Indonesia
- Information Commissioners Office
- Information Sharing
- Insurance Provider
- Internal Revenue Service
- International Association of Privacy Professionals
- International Commissioners Office
- Internet
- Internet of Things
- Iowa
- IP Address
- Ireland
- Israel
- Italy
- Jacob Kohnstamm
- Japan
- Jason Beach
- Jay Rockefeller
- Jenna Rode
- Jennifer Stoddart
- Jersey
- Jessica Rich
- John Delionado
- John Edwards
- Kentucky
- Korea
- Latin America
- Laura Leonard
- Law Enforcement
- Lawrence Strickling
- Legislation
- Liability
- Lisa Sotto
- Litigation
- Location-Based Services
- London
- Madrid Resolution
- Maine
- Malaysia
- Markus Heyder
- Maryland
- Massachusetts
- Meta
- Mexico
- Microsoft
- Minnesota
- Mobile App
- Mobile Device
- Montana
- Morocco
- MySpace
- Natascha Gerlach
- National Institute of Standards and Technology
- National Labor Relations Board
- National Science and Technology Council
- National Security
- National Security Agency
- National Telecommunications and Information Administration
- Nebraska
- NEDPA
- Netherlands
- Nevada
- New Hampshire
- New Jersey
- New Mexico
- New York
- New Zealand
- Nigeria
- Ninth Circuit
- North Carolina
- Norway
- Obama Administration
- OECD
- Office for Civil Rights
- Office of Foreign Assets Control
- Ohio
- Oklahoma
- Opt-In Consent
- Oregon
- Outsourcing
- Pakistan
- Parental Consent
- Payment Card
- PCI DSS
- Penalty
- Pennsylvania
- Personal Data
- Personal Health Information
- Personal Information
- Personally Identifiable Information
- Peru
- Philippines
- Phyllis Marcus
- Poland
- PRISM
- Privacy By Design
- Privacy Policy
- Privacy Rights
- Privacy Rule
- Privacy Shield
- Protected Health Information
- Ransomware
- Record Retention
- Red Flags Rule
- Regulation
- Rhode Island
- Richard Thomas
- Right to Be Forgotten
- Right to Privacy
- Risk-Based Approach
- Rosemary Jay
- Russia
- Safe Harbor
- Sanctions
- Schrems
- Scott H. Kimpel
- Scott Kimpel
- Securities and Exchange Commission
- Security Rule
- Senate
- Serbia
- Service Provider
- Singapore
- Smart Grid
- Smart Metering
- Social Media
- Social Security Number
- South Africa
- South Carolina
- South Dakota
- South Korea
- Spain
- Spyware
- Standard Contractual Clauses
- State Attorneys General
- Steven Haas
- Stick With Security Series
- Stored Communications Act
- Student Data
- Supreme Court
- Surveillance
- Sweden
- Switzerland
- Taiwan
- Targeted Advertising
- Telecommunications
- Telemarketing
- Telephone Consumer Protection Act
- Tennessee
- Terry McAuliffe
- Texas
- Text Message
- Thailand
- Transparency
- Transportation Security Administration
- Trump Administration
- United Arab Emirates
- United Kingdom
- United States
- Unmanned Aircraft Systems
- Uruguay
- Utah
- Vermont
- Video Privacy Protection Act
- Video Surveillance
- Virginia
- Viviane Reding
- Washington
- Whistleblowing
- Wireless Network
- Wiretap
- ZIP Code