Privacy Law Blog : Privacy Lawyers & Attorneys : Proskauer Rose Law Firm : CAN-SPAM, FCRA, FACTA

In a move that will no doubt please many consumers, on February 15, 2012, the Federal Communications Commission approved a new set of rules aimed to substantially curb the practice of telemarketers to engage in "robocalling", or the placing of automatic, pre-recorded calls. The key development in the FCC's 48 page Report and Order is that now, prior to initiating a "robo call", a telemarketer must obtain the consumer's express written consent.  This new requirement of express written consent supplants the previous robocalling regime, where merely having an "existing business relationship" with a consumer was sufficient to create an exemption from the ban against robocalling; that exemption has now been eliminated under the rules. 

• Email This
• Print
• Trackbacks
• Share Link

          On July 25, Russian President Dmitry Medvedev signed into law an amendment to the Russian data protection law, "On Personal Data".  The new amendments are effective as of July 1, 2011.  Of special significance, the amendments provide further clarification regarding the transfer of personal data to individuals or entities located outside of Russia.  Prior to the recent amendments, before transferring personal data from Russia to, for example, the United States, in the absence of obtaining prior written consent, a company needed to determine whether the United States (or another country, as the case may be) possessed data protection laws that provided an "adequate" level of protection.  However, the old Russian law provided little clarification as to which countries qualified under that standard, or how a company should go about deciding which countries qualified.

• Email This
• Print
• Trackbacks
• Share Link

Earlier, we reported on the passage of a sweeping new data protection law in Mexico. Recently, the law went into effect earlier this month. The new law drastically expands the powers of Mexico's data protection authority, which has now been renamed the "Federal Institute of Access to Information and Data Protection."

• Email This
• Print
• Comments
• Trackbacks
• Share Link

On April 27, 2010, a sweeping new law on data protection was passed by the Mexican Senate, clearing the way for the President to sign the landmark legislation, which provides for penalties up to an astounding $1.5 million for violations under the law.  The new Federal Law for the Protection of Personal data (la Ley Federal de Protección de Datos Personales en posesión de los particulares), prescribes, among other things, the manner with which both private and public entities must treat the collection, use, and disclosure of personal data relating to Mexican citizens.

• Email This
• Print
• Trackbacks
• Share Link

On January 5, 2010, the EU Article 29 Data Protection Working Party published an opinion finding that Israel provides an "adequate" level of data protection under the EU Data Protection Directive. Should the European Commission ("EC") adopt the Article 29 Working Party’s recommendation (and there is no reason to think that it would not), Israel will join the ranks of the select few countries that the EU has deemed to have an "adequate" level of data protection, such as Argentina, Canada, and Switzerland (notably, the United States is not on this list).

• Email This
• Print
• Comments
• Trackbacks
• Share Link

On October 6, 2009, in one fell swoop, the Federal Trade Commission (“FTC”) announced proposed settlements of charges against six companies for violations under the US/EU Safe Harbor Program. Specifically, these companies (World Innovators, Inc.; ExpatEdge Partners LLC; Onyx Graphics, Inc.; Directors Desk LLC; Collectify LLC; and Progressive Gaitways LLC) were alleged to have continued to represent in their online privacy policies that they were self-certified under the Safe Harbor Program when in fact they had allowed their certifications to lapse, and thus had engaged in deceptive practices.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

On August 19, 2009, the French Data Protection Agency (also known as the "CNIL") released a new opinion (the "Opinion") on the transfer of personal data from France to a jurisdiction outside of Europe. The Opinion is noteworthy for describing how personal data can be transferred from France to the United States pursuant to U.S. discovery proceedings. The Opinion stresses that it does not cover proceedings originating from U.S. governmental requests, such as requests by the Security Exchange Commission (SEC) or the Federal Trade Commission (FTC). The issue of international discovery transfers has been a particularly thorny and complex one, as it has often pitted the legal obligations of an entity in the United States to comply with U.S. discovery requirements against its obligations to comply with EU data protection laws, where it holds personal data on individuals located within the EU.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

In early August, the Federal Trade Commission (“FTC”) announced the first enforcement action against a U.S. company for violation of the US/EU Safe Harbor Program. This enforcement action should serve as a call-to-action for all Safe Harbor program participants to review their safe harbor programs now, and re-affirm their compliance.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

In January 2009, we reported on the postponement of a controversial federal regulation resulting from a legal challenge filed by Proskauer Rose on behalf of several trade organizations, including the U.S. Chamber of Commerce. The rule, the result of an executive order signed by then-President George W. Bush, requires most federal contractors and subcontractors to verify their employees’ work eligibility using the Department of Homeland Security’s E-Verify system. On July 8, 2009, President Barack Obama’s Administration announced its plan to go forward with the rule. Immediately after this announcement, the U.S. Senate approved legislation that would codify the rule into law.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

On May 12, 2009, the UK Information Commissioner's Office (ICO) released a much anticipated report authored by the RAND Corporation assessing the strengths and weaknesses of the 1995 EU Data Protection Directive (95/46/EC) (the "Directive), the main source of privacy legislation in Europe. While the report highlighted a number of the Directive's positive attributes, it nonetheless concluded that as society becomes more globally networked, "the Directive as it stands will not suffice in the long term."

• Email This
• Print
• Comments
• Trackbacks
• Share Link