Privacy Law Blog

Category Archives: Data Privacy Laws

Subscribe to Data Privacy Laws RSS Feed

A Year in Review: FTC Data Privacy Actions and its Impacts on 2017 and Beyond

Whether it means taking a prominent role shaping data security for the Internet of Things, or addressing high profile breaches, the FTC has adopted an active position in policing data privacy and security. And, as data becomes increasingly digital in its form and protections, data security is of paramount importance for all types of intelligence—whether … Continue Reading

Update on FCC Privacy Rules

We previously reported on the FCC’s 2016 Privacy Order, “Protecting the Privacy of Customers of Broadband and Other Telecommunications Services” impacting Internet service providers’ data privacy practices and obligations and the corresponding timeline for compliance. Intervening events, however, have made the rules imposed by the 2016 Privacy Order moot. On June 26, 2017, the FCC … Continue Reading

What Employers Need to Know about Europe’s General Data Protection Regulation

Proskauer has released a white paper on “What Employers Need to Know about Europe’s General Data Protection Regulation.” As you may know, on April 14, 2016, the European Parliament approved the General Data Protection Regulation (“GDPR”), which will replace the EU’s current data privacy standard and begin to apply on May 25, 2018. This paper … Continue Reading

GDPR Compliance Update: Which Government Authorities Have Issued Official GDPR Guidance?

This post provides an update as to the current status of official GDPR-related guidance. With a little under a year remaining until the European Union’s General Data Protection Regulation (GDPR) becomes enforceable, companies are on the lookout for any interpretive guidance from EU or member state authorities that will help them focus their compliance efforts. … Continue Reading

A Primer on China’s New Cybersecurity Law: Privacy, Cross-Border Transfer Requirements, and Data Localization

China’s new Cybersecurity Law is one of the most important pieces of privacy and cybersecurity legislation we’ll see this year, and companies of all sizes need to be aware of its requirements – regardless of whether or not they have a physical presence in China. The new law goes into effect on June 1, 2017, … Continue Reading

Qatar’s New Personal Data Privacy Law

At the end of last year, Qatar became the first Gulf state to enact a comprehensive privacy law. Until now, the many companies that market to consumers or have employees based in Gulf Cooperation Council (GCC) countries have had to determine their local practices based on the various countries’ patchwork of sector-specific laws and regulations, … Continue Reading

Draft Privacy and Electronic Communications Regulation published by European Commission

The European Commission has released proposals for new legislation that seeks to create stronger privacy in electronic communications. The draft Privacy and Electronic Communications Regulation (the “Regulation”) is intended to replace the ePrivacy Directive (2002/58/EC) and will also bring the law in line with the new rules as set out in the General Data Protection … Continue Reading

CJEU holds that mass surveillance must not be general and indiscriminate

The CJEU (the European Union Court of Justice) has handed down a decision which makes clear that general and indiscriminate retention of electronic communications is unlawful. National legislation of each European Member State should ensure that mass surveillance only occurs where it is strictly necessary in order to combat serious crime as well as terrorism … Continue Reading

New Privacy Developments in France

DataGuidance spoke with Cécile Martin, Special International Counsel at Proskauer Rose LLP, at the International Association of Privacy Professionals’ Conference in Brussels in November 2016. Cécile discussed the passing of the Digital Republic Bill and its implications for organizations, as well as the latest developments regarding employee monitoring in France and the upcoming changes with … Continue Reading

The Clock Has Started: What ISPs Need to Do and When to Comply with the FCC’s Broadband Privacy Rules

On December 2, 2016, the Federal Communications Commission (“FCC”) published its Report and Order entitled “Protecting the Privacy of Customers of Broadband and Other Telecommunications Services” (the “Order”) as a final rule in the Federal Register, adopting rules applicable to Internet service providers (“ISPs”) intended to protect the privacy of broadband consumers. Despite the publication … Continue Reading

Privacy Law in Saudi Arabia: A Primer for Businesses

Proskauer litigation associate Courtney Bowman and Jonathan Reardon, head of the Al Khobar, Saudi Arabia office of the Middle East-based firm Al Tamini & Co., recently co-authored an article published by Corporate Counsel about privacy laws in Saudi Arabia.  The article provides valuable insight into the Kingdom’s privacy regime and focuses specifically on the central … Continue Reading

EU Court Rules that Dynamic IP Addresses are Personal Data…Sometimes

On October 19, the Court of Justice of the European Union (CJEU) ruled that dynamic IP addresses may qualify as “personal data” under EU privacy law. As we covered here on the blog a few months ago, this decision is significant because it clarifies that companies that collect, store, process, and/or transfer dynamic IP addresses … Continue Reading

TalkTalk handed record fine in data protection breach in the UK

TalkTalk, a major UK telecoms company, has been fined £400,000 for a data breach after they were hacked. This is a record fine given by the ICO (the UK’s data protection authority).  Significantly the fine was imposed after a change of leadership this summer when Elizabeth Denham (previously the Information Commissioner in the Canadian province of … Continue Reading

An Overview of the New General Data Protection Regulation

The European Parliament has approved the reformed General Data Protection Regulation (the “GDPR”). Given this is a Regulation (rather than a Directive), this legislation will apply automatically in every Member State (without need for additional domestic legislation) when it comes into force on May 25 2018. Many of the requirements are similar to those set … Continue Reading

Are Dynamic IP Addresses Personal Data? A Primer

Last month, one of the Advocate Generals (“AG”) of the Court of Justice of the European Union (“CJEU”), Manuel Campos Sánchez-Bordona, issued an opinion suggesting that dynamic IP addresses should be recognized as “personal data” under EU law. If the CJEU adopts this reasoning, it would represent a landmark decision that would resolve a contentious … Continue Reading

Regulators Offer Guidance on Privacy and Security for Health App Developers

This month, the Federal Trade Commission (FTC) issued guidance on privacy and security best practices for health-related mobile apps, such as fitness apps connected with wearables, diet and weight loss apps, and health insurance portals.  At the same time, the FTC unveiled an interactive tool designed to direct health app developers to federal laws and … Continue Reading

Article 29 Working Party has “Strong Concerns” About Privacy Shield

On Wednesday, the EU’s Article 29 Working Party issued its much-anticipated statement on the viability of the proposed EU-US Privacy Shield. As we’ve detailed previously, EU and US officials reached agreement on the Privacy Shield arrangement, which was meant to serve as a replacement for the invalidated Safe Harbor program, back in February, and released … Continue Reading

French Data Protection Wants to Force Google to Extend the Right To Be Delisted to All the Search Engine’s Extensions

Co-authored by Geoffrey Roche   On March 10, 2016, the French data protection agency (« CNIL ») pronounced a €100.000 ($111,715) fine against Google Inc. for failure to comply with its formal injunction of May, 2015 ordering the company to extend delisting to all the search engine’s extensions.… Continue Reading

Fiduciary Access to Digital Assets and Accounts: Revised Model Statute Adopted in Oregon

Oregon became the first state to adopt the Revised Uniform Fiduciary Access to Digital Assets Act (“Revised UFADAA”) when Governor Kate Brown signed Oregon Senate Bill 1554 into law on March 3, 2016.  The law will become effective on January 1, 2017.… Continue Reading

Safe Harbor 2.0 Agreement Reached; New Program to be Named “Privacy Shield”

Yesterday, the European Commission announced that EU and US officials had reached an agreement to implement a program known as the EU-US Privacy Shield.  Privacy Shield is designed to be the successor to the Safe Harbor program, which the European Court of Justice (CJEU) invalidated last October.  The announcement brings some relief to the many … Continue Reading

New Safe Harbor Deal Possible by February 1

Companies anxiously watching their calendars to see if a new Safe Harbor program will be introduced before the end of January may get their wish: yesterday, a European Commission official announced that the Commission will inform the European Parliament of the outcome of negotiations for a new Safe Harbor program by Monday, February 1.  This … Continue Reading

EU Officials (Finally) Agree on New Data Protection Regulation

After nearly four years of negotiation and wrangling, European Officials announced yesterday that they had finally reached agreement on the language for the EU’s new General Data Protection Regulation (“Regulation), which will replace the aging 1995 Data Protection Directive (“Directive”). In many ways, the announcement is welcome news as it will harmonize what had become … Continue Reading

Delaware Enacts Comprehensive Online Privacy Protection Law

On January 1, 2016, the Delaware Online Privacy and Protection Act (“DOPPA”) will go into force, a law that provides strong online privacy protection for its residents.  The new law targets three areas of compliance: (1) advertising to children; (2) conspicuous posting of a compliant privacy policy; and (3) enhancing the privacy protections of users … Continue Reading
LexBlog