On October 25, 2013, the Standing Committee of the National People’s Congress of the People’s Republic of China passed an amendment to the P.R.C. Law on the Protection of Consumer Rights and Interests (the “Amendment”). The Amendment, which was adopted after three readings and will take effect on March 15, 2014, adds provisions designed to respond to the recent boom in online shopping and focuses on improving protections in the area of consumer rights and interests by:
On October 22, 2013, the Federal Trade Commission announced a proposed settlement with Aaron’s, Inc. (“Aaron’s”) stemming from allegations that it knowingly assisted its franchisees in spying on consumers. Specifically, the FTC alleged that Aaron’s facilitated its franchisees’ installation and use of software on computers rented to consumers that surreptitiously tracked consumers’ locations, took photographs of consumers in their homes, and recorded consumers’ keystrokes in order to capture login credentials for email, financial and social media accounts. The FTC had previously settled similar allegations against Aaron’s and several other companies.
On October 22, 2013, the National Institute of Standards and Technology (“NIST”) issued the Preliminary Cybersecurity Framework (the “Preliminary Framework”), as required under Section 7 of the Obama Administration’s February 2013 executive order, Improving Critical Infrastructure Cybersecurity (the “Executive Order”). The Preliminary Framework includes standards, procedures and processes for reducing cyber risks to critical infrastructure. It will be published in the Federal Register within a few days for public comment. Under the Executive Order, NIST is required to issue a final version of the Framework in February 2014. NIST is planning to host a public workshop on the Preliminary Framework in mid-November to give industry and other groups an opportunity to provide their views on this document.
On October 21, 2013, the European Parliament approved its Compromise Text of the proposed EU General Data Protection Regulation (the “Proposed Regulation”). The approval follows months of negotiations between the various parliamentary committees. The European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (“LIBE”) has been in charge of working toward an agreement on the Compromise Text in the European Parliament.
On October 19, 2013, the Center for Internet and Society (“CIS”), the Federation of Indian Chambers of Commerce and Industry, and the Data Security Council of India held a Privacy Roundtable in New Delhi, the last in a series of roundtables that began in April 2013. The events were designed to elicit comments on a draft Privacy Protection Bill, proposed legislation for a privacy and personal data protection regime in India. The law would regulate the collection and use of personal data in India, as well as surveillance and interception of communications.
On October 12, 2013, California Governor Jerry Brown vetoed an electronic communications privacy bill. The bill, SB 467, would have compelled law enforcement to obtain a search warrant before seeking to access any email or other electronic communication maintained by service providers. The bill went beyond the scope of the federal Electronic Communications Privacy Act, which obligates law enforcement to obtain search warrants only for electronic communications that are unopened or stored by service providers for fewer than 180 days. The California bill was very similar to a bill signed into law in Texas earlier in 2013 that required law enforcement agencies to obtain warrants before accessing customer electronic data held by email service providers.
On October 7, 2013, the United States District Court for the Central District of California held that a general liability insurance policy covered data breach claims alleging violations of California patients’ right to medical privacy. Hartford Casualty Insurance Co. v. Corcino & Associates, CV 13-03728-GAF (C.D. Cal. Oct. 7, 2013). The court rejected the insurer’s argument that coverage was negated by an exclusion for liabilities resulting from a violation of rights created by state or federal acts. The decision also rejected an attempt commonly made by insurers to exclude ...
On October 16, 2013, the Federal Communications Commission’s revisions to its Telephone Consumer Protection Act rules go into effect. As we previously reported, the revisions require that businesses obtain “express written consent” prior to advertising or telemarketing through (1) autodialed calls or text messages, or prerecorded calls to consumers’ mobile numbers, and (2) prerecorded calls to consumers’ residential lines. In addition, the FCC’s revisions eliminate the exemption that allowed businesses to place prerecorded advertising or telemarketing calls to a consumer’s residential phone line if the business had a pre-existing business relationship with the consumer.
On October 2, 2013, the Article 29 Working Party (the “Working Party”) issued a Working Document providing guidance on how to obtain consent for the use of cookies and similar technologies in compliance with EU legal requirements (“Working Document”).
At its meeting on October 7, 2013, the Council of the European Union voiced support for the “one-stop-shop” mechanism in the draft General Data Protection Regulation (the “Regulation”). The “one-stop-shop” mechanism allocates responsibility for overseeing data processing activities in multiple EU Member States to the data protection authority of the EU Member State where the data controller or processor has its main establishment. At the Council meeting, a majority of the EU Member States indicated that the responsible data protection authority should have exclusive decision powers with regard to enforcement actions, but acknowledged that the “local” DPAs should be involved in the decisionmaking process as well. The Council emphasized the need for further exploration of the European Data Protection Board’s role in ensuring consistent application of EU data protection rules.
On October 8, 2013, a Royal Decree was published completing the transposition of the EU Data Retention Directive 2006/24/EC (the “Data Retention Directive”) into Belgian law. The Royal Decree was adopted on September 19, 2013.
On October 2, 2013, the 86th Conference of the German Data Protection Commissioners concluded in Bremen. This biannual conference provides a private forum for the 16 German state data protection authorities (“DPAs”) and the Federal Commissioner for Data Protection and Freedom of Information, Peter Schaar, to share their views on current issues, discuss relevant cases and adopt Resolutions aimed at harmonizing how data protection law is applied across Germany.
In its October 2013 e-newsletter, the UK Information Commissioner’s Office (“ICO”) announced that it is reviewing its Privacy Notices Code of Practice (the “Code”) to assess whether it should be updated. The Code, last updated in December 2010 and issued under Section 51 of the UK Data Protection Act 1998 (the “DPA”), is designed to assist organizations “to collect and use information appropriately by drafting clear and genuinely informative privacy notices.”
On October 4, 2013, The Centre for Information Policy Leadership’s Senior Policy Advisor Fred Cate reported on the 35th International Conference of Data Protection and Privacy Commissioners which concluded on September 24 in Warsaw, Poland. The report indicates that four main issues dominated the Conference: (1) challenges presented by technologies such as mobile apps and online profiling, (2) multinational interoperability and enforcement, (3) pending EU data protection regulation and alternatives, and (4) repercussions of NSA surveillance activities.
On September 30, 2013, Hunton & Williams LLP hosted representatives from the U.S. Department of Commerce for a timely discussion of the Safe Harbor Framework, the Asia-Pacific Economic Cooperation (“APEC”) Cross-Border Privacy Rules System (“CBPRs”), and the Transatlantic Trade and Investment Partnership (“TTIP”) negotiations. The panel also addressed the development of privacy codes of conduct and privacy legislation being developed by the Department of Commerce.
Search
Recent Posts
Categories
- Behavioral Advertising
- Centre for Information Policy Leadership
- Children’s Privacy
- Cyber Insurance
- Cybersecurity
- Enforcement
- European Union
- Events
- FCRA
- Financial Privacy
- General
- Health Privacy
- Identity Theft
- Information Security
- International
- Marketing
- Multimedia Resources
- Online Privacy
- Security Breach
- U.S. Federal Law
- U.S. State Law
- Workplace Privacy
Tags
- Aaron Simpson
- Accountability
- Adequacy
- Advertisement
- Advertising
- American Privacy Rights Act
- Anna Pateraki
- Anonymization
- Anti-terrorism
- APEC
- Apple Inc.
- Argentina
- Arkansas
- Article 29 Working Party
- Artificial Intelligence
- Australia
- Austria
- Automated Decisionmaking
- Baltimore
- Bankruptcy
- Belgium
- Biden Administration
- Big Data
- Binding Corporate Rules
- Biometric Data
- Blockchain
- Bojana Bellamy
- Brazil
- Brexit
- British Columbia
- Brittany Bacon
- Brussels
- Business Associate Agreement
- BYOD
- California
- CAN-SPAM
- Canada
- Cayman Islands
- CCPA
- CCTV
- Chile
- China
- Chinese Taipei
- Christopher Graham
- CIPA
- Class Action
- Clinical Trial
- Cloud
- Cloud Computing
- CNIL
- Colombia
- Colorado
- Committee on Foreign Investment in the United States
- Commodity Futures Trading Commission
- Compliance
- Computer Fraud and Abuse Act
- Congress
- Connecticut
- Consent
- Consent Order
- Consumer Protection
- Cookies
- COPPA
- Coronavirus/COVID-19
- Council of Europe
- Council of the European Union
- Court of Justice of the European Union
- CPPA
- CPRA
- Credit Monitoring
- Credit Report
- Criminal Law
- Critical Infrastructure
- Croatia
- Cross-Border Data Flow
- Cyber Attack
- Cybersecurity
- Cybersecurity and Infrastructure Security Agency
- Data Brokers
- Data Controller
- Data Localization
- Data Privacy Framework
- Data Processor
- Data Protection Act
- Data Protection Authority
- Data Protection Impact Assessment
- Data Transfer
- David Dumont
- David Vladeck
- Delaware
- Denmark
- Department of Commerce
- Department of Health and Human Services
- Department of Homeland Security
- Department of Justice
- Department of the Treasury
- District of Columbia
- Do Not Call
- Do Not Track
- Dobbs
- Dodd-Frank Act
- DPIA
- E-Privacy
- E-Privacy Directive
- Ecuador
- Ed Tech
- Edith Ramirez
- Electronic Communications Privacy Act
- Electronic Privacy Information Center
- Elizabeth Denham
- Employee Monitoring
- Encryption
- ENISA
- EU Data Protection Directive
- EU Member States
- European Commission
- European Data Protection Board
- European Data Protection Supervisor
- European Parliament
- Facial Recognition Technology
- FACTA
- Fair Credit Reporting Act
- Fair Information Practice Principles
- Federal Aviation Administration
- Federal Bureau of Investigation
- Federal Communications Commission
- Federal Data Protection Act
- Federal Trade Commission
- FERC
- FinTech
- Florida
- Food and Drug Administration
- Foreign Intelligence Surveillance Act
- France
- Franchise
- Fred Cate
- Freedom of Information Act
- Freedom of Speech
- Fundamental Rights
- GDPR
- Geofencing
- Geolocation
- Georgia
- Germany
- Global Privacy Assembly
- Global Privacy Enforcement Network
- Gramm Leach Bliley Act
- Hacker
- Hawaii
- Health Data
- Health Information
- HIPAA
- HIPPA
- HITECH Act
- Hong Kong
- House of Representatives
- Hungary
- Illinois
- India
- Indiana
- Indonesia
- Information Commissioners Office
- Information Sharing
- Insurance Provider
- Internal Revenue Service
- International Association of Privacy Professionals
- International Commissioners Office
- Internet
- Internet of Things
- IP Address
- Ireland
- Israel
- Italy
- Jacob Kohnstamm
- Japan
- Jason Beach
- Jay Rockefeller
- Jenna Rode
- Jennifer Stoddart
- Jersey
- Jessica Rich
- John Delionado
- John Edwards
- Kentucky
- Korea
- Latin America
- Laura Leonard
- Law Enforcement
- Lawrence Strickling
- Legislation
- Liability
- Lisa Sotto
- Litigation
- Location-Based Services
- London
- Madrid Resolution
- Maine
- Malaysia
- Markus Heyder
- Maryland
- Massachusetts
- Meta
- Mexico
- Microsoft
- Minnesota
- Mobile App
- Mobile Device
- Montana
- Morocco
- MySpace
- Natascha Gerlach
- National Institute of Standards and Technology
- National Labor Relations Board
- National Science and Technology Council
- National Security
- National Security Agency
- National Telecommunications and Information Administration
- Nebraska
- NEDPA
- Netherlands
- Nevada
- New Hampshire
- New Jersey
- New Mexico
- New York
- New Zealand
- Nigeria
- Ninth Circuit
- North Carolina
- Norway
- Obama Administration
- OECD
- Office for Civil Rights
- Office of Foreign Assets Control
- Ohio
- Oklahoma
- Opt-In Consent
- Oregon
- Outsourcing
- Pakistan
- Parental Consent
- Payment Card
- PCI DSS
- Penalty
- Pennsylvania
- Personal Data
- Personal Health Information
- Personal Information
- Personally Identifiable Information
- Peru
- Philippines
- Phyllis Marcus
- Poland
- PRISM
- Privacy By Design
- Privacy Policy
- Privacy Rights
- Privacy Rule
- Privacy Shield
- Protected Health Information
- Ransomware
- Record Retention
- Red Flags Rule
- Regulation
- Rhode Island
- Richard Thomas
- Right to Be Forgotten
- Right to Privacy
- Risk-Based Approach
- Rosemary Jay
- Russia
- Safe Harbor
- Sanctions
- Schrems
- Scott H. Kimpel
- Scott Kimpel
- Securities and Exchange Commission
- Security Rule
- Senate
- Serbia
- Service Provider
- Singapore
- Smart Grid
- Smart Metering
- Social Media
- Social Security Number
- South Africa
- South Carolina
- South Dakota
- South Korea
- Spain
- Spyware
- Standard Contractual Clauses
- State Attorneys General
- Steven Haas
- Stick With Security Series
- Stored Communications Act
- Student Data
- Supreme Court
- Surveillance
- Sweden
- Switzerland
- Taiwan
- Targeted Advertising
- Telecommunications
- Telemarketing
- Telephone Consumer Protection Act
- Tennessee
- Terry McAuliffe
- Texas
- Text Message
- Thailand
- Transparency
- Transportation Security Administration
- Trump Administration
- United Arab Emirates
- United Kingdom
- United States
- Unmanned Aircraft Systems
- Uruguay
- Utah
- Vermont
- Video Privacy Protection Act
- Video Surveillance
- Virginia
- Viviane Reding
- Washington
- Whistleblowing
- Wireless Network
- Wiretap
- ZIP Code