Privacy Law

Subscribe to Privacy Law via RSS

On March 21, 2018, South Dakota Governor Daugaard signed S.B. 62, enacting the state’s first data breach notification law, which will go into effect July 1, 2018. Previously, Alabama and South Dakota were the only U.S. states without data breach notification. As of July 2018, Alabama will be the

In November 2017, New York Attorney General Eric Schneiderman introduced the Stop Hacks and Improve Electronic Data Security (SHIELD) Act (the “Act”) in the state’s Legislature. Companies – big and small – that collect information from New York residents should take note, as the Act could mean increased compliance costs,

In a landmark decision, a nine judge bench of the Supreme Court of India ruled today that privacy is a fundamental right protected by the Constitution of India.

Background

Due to the volume of cases brought before the Supreme Court of India, cases are generally heard by benches consisting of a subset of the ten justices of the Supreme Court. The question of whether there is a constitutionally protected right to privacy arose in a 2015 case brought before a three judge bench of the Indian Supreme Court challenging the legal validity of the Government of India’s Aadhaar program.  Under the Aadhaar program, the Unique Identification Authority of India (UIDAI), an Indian government authority, is charged to assign a twelve digit unique identification number (UID) to each of the over 1.3 billion residents of India.  Each resident’s UID is linked to certain biometric information of the resident including his/her photograph, fingerprints and iris scans.  The UIDs are used by the government for a variety of purposes including to eliminate fraud in connection with the dispensing of benefits under various government welfare programs.  The three judge bench in the Aadhaar case determined that to assess the case appropriately, a determination of whether the right to privacy is a fundamental right protected by the Constitution of India was required by a larger bench of Indian Supreme Court justices.  Given that the 1954 case of M.P. Sharma et al. v. Satish Chandra, District Magistrate, Delhi et al. holding that privacy is not a right guaranteed by the Indian Constitution was decided by an eight judge bench, a larger bench of nine Supreme Court justices was convened to determine whether the rationale of the M.P. Sharma judgment and others which similarly found that the Indian Constitution does not guarantee a right of privacy was based on “jurisprudential correctness.”  This bench of nine justices of the Indian Supreme Court listened to arguments presented over six long days spread over three weeks.

Whether it means taking a prominent role shaping data security for the Internet of Things, or addressing high profile breaches, the FTC has adopted an active position in policing data privacy and security. And, as data becomes increasingly digital in its form and protections, data security is of paramount importance for all types of intelligence—whether financial, medical, or otherwise sensitive.  The Commission’s emphasis on these areas has not slowed, even as the composition of the Bureau of Consumer Protection changes under a new administration.  The FTC’s actions over the past year reflect that Commission’s continued emphasis on data privacy and its recent data privacy settlements have provided companies with a trail of breadcrumbs from which they can extract lessons learned and help avoid potential FTC scrutiny.

We previously reported on the FCC’s 2016 Privacy Order, “Protecting the Privacy of Customers of Broadband and Other Telecommunications Services” impacting Internet service providers’ data privacy practices and obligations and the corresponding timeline for compliance. Intervening events, however, have made the rules imposed by the 2016 Privacy Order moot. On June 26, 2017, the FCC adopted a new order providing guidance on reinstating the pre-2016 Privacy Order regulations. This order was issued pursuant to a joint resolution of Congress under the Congressional Review Act, signed by the President on April 3, 2017, disapproving the FCC’s 2016 Privacy Order. As a result, the 2016 Privacy Order has “no force or effect.” FCC Chairman, Ajit Pai, stated that the purpose of the new order is to “simply make clear that the privacy rules that were in effect prior to 2016 are once again effective.”

Proskauer has released a white paper on “What Employers Need to Know about Europe’s General Data Protection Regulation.” As you may know, on April 14, 2016, the European Parliament approved the General Data Protection Regulation (“GDPR”), which will replace the EU’s current data privacy standard and begin to

This post provides an update as to the current status of official GDPR-related guidance. With a little under a year remaining until the European Union’s General Data Protection Regulation (GDPR) becomes enforceable, companies are on the lookout for any interpretive guidance from EU or member state authorities that will help them focus their compliance efforts. The EU’s Article 29 Working Party (WP29) thus far has adopted guidelines relating to data portability, the identification of lead supervisory authorities, and the role of data protection officers, and has issued draft guidelines on data protection impact assessments (DPIAs, also known as “Privacy Impact Assessments”). Additionally, EU member states – led by Germany –are beginning to pass laws meant to complement the GDPR and legislate in areas the GDPR leaves to the member states.  These laws also provide some clues as to how the GDPR will take effect on a country-by-country basis.