Privacy & Information Security Law Blog

On July 16, 2013, the Ministry of Industry and Information Technology of the People’s Republic of China (the “MIIT”) issued a new rule entitled Provisions on the Registration of Real Identity Information of Telephone Users (the “Provisions”), which will take effect on September 1, 2013. The Provisions were issued pursuant to the Resolution of the Standing Committee of the National People’s Congress Relating to Strengthening the Protection of Information on the Internet (the “Resolution”) and the Telecommunications Regulations of the People’s Republic of China. In April 2013, the MIIT issued a draft of the Provisions and solicited public comment.

On July 16, 2013, the Ministry of Industry and Information Technology of the People’s Republic of China (the “MIIT”) issued a new rule entitled Provisions on the Protection of Personal Information of Telecommunications and Internet Users (the “Provisions”). The Provisions, which will take effect on September 1, 2013, are intended to implement the general requirements set forth in last December’s Resolution of the Standing Committee of the National People’s Congress Relating to Strengthening the Protection of Information on the Internet (the “Resolution”). The Provisions are the first specific regulations concerning personal information protection by telecommunications service providers in China.

On July 12, 2013, Illinois Attorney General Lisa Madigan announced that she sent letters to operators of eight popular health-related websites requesting information about the websites’ online data collection practices. The Attorney General’s press release underscored how individuals’ health-related information shared online, which would be protected if disclosed in a traditional medical setting, “can be captured, shared and sold when online users enter their information into a website.” The Attorney General also stated that “website disclosure about the extent to which information is captured or shared is buried in privacy policies not found on the websites’ main pages.”

Today, July 1, 2013, the Federal Trade Commission’s changes to the Children’s Online Privacy Protection Rule (the “Rule”) officially come into effect. On December 19, 2012, the FTC announced that it had published the amended Rule following two years of public comments and multiple reviews of various proposed changes.

The Bavarian data protection authority recently updated its compliance initiative regarding online tracking tools to include Adobe’s online tracking product (Adobe Analytics (Omniture)). As with previous initiatives of this nature, the underlying analyses were carried out in an automated manner, using a program specifically developed by the Bavarian data protection authority to verify compliance.

On June 20, 2013, the UK Information Commissioner’s Office (“ICO”) launched its Annual Report and Financial Statements for 2012/13 (the “Report”). Introducing the Report, Information Commissioner Christopher Graham strongly emphasized that, as consumers become increasingly aware of their information rights, good privacy practices will become a commercial benefit and a business differentiator. He outlined the seven key “e”s of the ICO’s role: enforce, educate, empower, enable, engage, and to be effective and efficient.

On May 30, 2013, the French Data Protection Authority (“CNIL”) launched a public consultation on the digital “right to be forgotten.”

The CNIL recalled that the principle of a digital “right to be forgotten” is established in the Proposed EU Data Protection Regulation and that this new right will have to be exercised in accordance with freedom of expression, freedom of the press and the duty of remembrance.

In this context, the CNIL decided to consult web users with a goal of defining the broad outlines of the digital right to be forgotten. The CNIL also announced that it will ...

On April 25, 2013, the Federal Trade Commission released an updated version of its frequently asked questions regarding the Children’s Online Privacy Protection Act of 1998 (“COPPA”). The revised FAQs, entitled Complying with COPPA: Frequently Asked Questions (A Guide for Business and Parents and Small Entity Compliance Guide), provide general information on COPPA’s requirements and also include new guidance on the recent amendments to the Children’s Online Privacy Protection Rule (“COPPA Rule”).

On April 17, 2013, the Federal Trade Commission issued a press release seeking public input on “The Internet of Things” – the ability of numerous “everyday devices to communicate with each other and with people.” The FTC will accept comments through June 1, 2013, in advance of a public workshop to be held in Washington, D.C. on November 21, 2013.

Internet users have expressed increasing concern about efforts to track their online activities. As the online tracking methods used to target advertisements have expanded in both scope and complexity, regulators have taken notice and have begun to act in the online behavioral tracking and advertising space. In an article published in the November/December 2012 issue of IP Litigator, Lisa J. Sotto, partner and head of the Global Privacy and Data Security practice at Hunton & Williams LLP, and Melinda L. McLellan, a senior associate on the firm’s Privacy and Data Security team ...

The UK Information Commissioner’s Office’s (“ICO”) has revised its statutory Code of Practice on assessment notices (the “Code”). The ICO first issued the Code in 2010, when its audit powers came into force. The Code has now been updated to reflect changes in auditing standards and practices.