Yesterday, the European Commission adopted the EU-US Privacy Shield, a framework designed to replace the invalidated Safe Harbor program. In theory, the Privacy Shield offers its adherents a relatively simple, straightforward way to legally transfer personal data from the EU to the US. In reality, however, the Privacy Shield is likely to face legal challenges that may hinder its ability to serve as a reliable means of legal transfer, at least for the immediate future. Continue Reading
Proskauer Counsel Cécile Martin was recently interviewed by DataGuidance’s “Privacy This Week” covering new guidance issued by the French data protection authority (‘CNIL’) on June 15, 2016. The guidance highlights the main changes in relation to the General Data Protection Regulation (‘GDPR’). On June 16, 2016, CNIL launched an online consultation regarding the interpretation and implementation of the GDPR in four areas: data protection officers (‘DPOs’), the right to data portability, Data Protection Impact Assessments (‘DPIAs’) and certification (‘the Consultation’). Click here to read the full article on DataGuidance.
As a result of Thursday’s historic referendum, the United Kingdom will be leaving the EU. The decision will have a profound effect on many areas, including the global economy, trade, immigration and, potentially, the continued unity of the UK. The United Kingdom won’t be departing immediately, though – it must invoke Article 50 of the Lisbon Treaty and then negotiate its withdrawal with the European Council, a process that may take as long as two years once Article 50 is invoked. Multinationals and companies that are thinking about establishing a presence in the UK and/or EU will be watching those negotiations closely in order to determine how the UK’s change in status will affect business going forward.
Last month, one of the Advocate Generals (“AG”) of the Court of Justice of the European Union (“CJEU”), Manuel Campos Sánchez-Bordona, issued an opinion suggesting that dynamic IP addresses should be recognized as “personal data” under EU law. If the CJEU adopts this reasoning, it would represent a landmark decision that would resolve a contentious issue that has been plaguing EU data protection law for years. This post delves into the AG’s decision and its potential consequences.
Unmanned Aircraft Systems (UAS), more commonly known as “Drones,” are soaring in popularity – the Federal Aviation Administration saw more than 300,000 drones registered in just the first 30 days since they introduced a registration system on December 21, 2015. Drones have the potential to be a truly transformative technology; they are already disrupting business models in economic sectors as diverse as shipping and photography, and their proliferation as consumer devices has barely begun to be realized. However, the quick adoption of this new technology raises serious issues of for privacy, civil rights and civil liberties. Continue Reading
On May 16, 2016, the Supreme Court decided Spokeo, Inc. v. Robins, ruling that a plaintiff must sufficiently allege an injury that is both concrete and particularized in order to have Article III standing, and further that a “bare procedural violation” of a plaintiff’s statutory right may not be sufficiently “concrete” under this analysis. This ruling has the potential to affect class actions generally, but may prove especially influential in privacy and data security class actions. Read the full post on our Commercial Litigation Blog.
This month, the Federal Trade Commission (FTC) issued guidance on privacy and security best practices for health-related mobile apps, such as fitness apps connected with wearables, diet and weight loss apps, and health insurance portals. At the same time, the FTC unveiled an interactive tool designed to direct health app developers to federal laws and regulations that may apply to their apps. The Mobile Health Apps Interactive Tool, which is the product of collaboration among the FTC, Department of Health and Human Services’ Office of National Coordinator for Health Information Technology (ONC), Office for Civil Rights (OCR), and the Food and Drug Administration (FDA), seeks to unify guidance in a space governed by a complicated web of legal requirements. It also signals the continued focus of regulators on the protection of consumer health information in this rapidly evolving space.