Jeremy M. Mittman
Subscribe to all posts by Jeremy M. Mittman
After nearly four years of negotiation and wrangling, European Officials announced yesterday that they had finally reached agreement on the language for the EU’s new General Data Protection Regulation (“Regulation), which will replace the aging 1995 Data Protection Directive (“Directive”). In many ways, the announcement is welcome news as it will harmonize what had become … Continue Reading
On January 1, 2016, the Delaware Online Privacy and Protection Act (“DOPPA”) will go into force, a law that provides strong online privacy protection for its residents. The new law targets three areas of compliance: (1) advertising to children; (2) conspicuous posting of a compliant privacy policy; and (3) enhancing the privacy protections of users … Continue Reading
On July 2, 2014 Singapore’s new Personal Data Protection Act (the “PDPA” or the “Act”)) will go into force, requiring companies that have a physical presence in Singapore to comply with many new data protection obligations under the PDPA. Fortunately, in advance of the Act’s effective date, the Singapore Personal Data Commission has recently promulgated … Continue Reading
On October 21, a key European parliamentary committee (the Committee on Civil Liberties, Justice and Home Affairs (“Committee”) approved an amended version of the draft EU Data Protection Regulation, paving the way for further negotiations with EU governmental bodies. The goal, according to a press release by the Committee, is to reach compromise on the … Continue Reading
On September 27, California Governor Jerry Brown signed a new privacy law that has significant repercussions for nearly every business in the United States that operates a commercial website or online service and collects “personally identifiable information” (which means, under the law, “individually identifiable information about an individual consumer collected online by the operator from that … Continue Reading
Two and a half years after initiating a review of the Children’s Online Privacy Protection Rule (the “Rule”), the Federal Trade Commission (FTC) announced on December 19, 2012 that the Rule will be amended to clarify perceived ambiguities and to strengthen the Rule’s protections for children who engage in online activities in light of significant … Continue Reading
In a move that will no doubt please many consumers, on February 15, 2012, the Federal Communications Commission approved a new set of rules aimed to substantially curb the practice of telemarketers to engage in "robocalling", or the placing of automatic, pre-recorded calls. The key development in the FCC’s 48 page Report and Order is … Continue Reading
On July 25, Russian President Dmitry Medvedev signed into law an amendment to the Russian data protection law, "On Personal Data". The new amendments are effective as of July 1, 2011. Of special significance, the amendments provide further clarification regarding the transfer of personal data to individuals or entities located outside of Russia. Prior … Continue Reading
Earlier, we reported on the passage of a sweeping new data protection law in Mexico. Recently, the law went into effect earlier this month. The new law drastically expands the powers of Mexico’s data protection authority, which has now been renamed the “Federal Institute of Access to Information and Data Protection.”… Continue Reading
On April 27, 2010, a sweeping new law on data protection was passed by the Mexican Senate, clearing the way for the President to sign the landmark legislation, which provides for penalties up to an astounding $1.5 million for violations under the law. The new Federal Law for the Protection of Personal data (la Ley … Continue Reading
On January 5, 2010, the EU Article 29 Data Protection Working Party published an opinion finding that Israel provides an "adequate" level of data protection under the EU Data Protection Directive. Should the European Commission ("EC") adopt the Article 29 Working Party’s recommendation (and there is no reason to think that it would not), Israel … Continue Reading
On October 6, 2009, in one fell swoop, the Federal Trade Commission (“FTC”) announced proposed settlements of charges against six companies for violations under the US/EU Safe Harbor Program. Specifically, these companies (World Innovators, Inc.; ExpatEdge Partners LLC; Onyx Graphics, Inc.; Directors Desk LLC; Collectify LLC; and Progressive Gaitways LLC) were alleged to have continued … Continue Reading
On August 19, 2009, the French Data Protection Agency (also known as the “CNIL”) released a new opinion (the “Opinion”) on the transfer of personal data from France to a jurisdiction outside of Europe. The Opinion is noteworthy for describing how personal data can be transferred from France to the United States pursuant to U.S. … Continue Reading
In early August, the Federal Trade Commission (“FTC”) announced the first enforcement action against a U.S. company for violation of the US/EU Safe Harbor Program. This enforcement action should serve as a call-to-action for all Safe Harbor program participants to review their safe harbor programs now, and re-affirm their compliance. … Continue Reading
In January 2009, we reported on the postponement of a controversial federal regulation resulting from a legal challenge filed by Proskauer Rose on behalf of several trade organizations, including the U.S. Chamber of Commerce. The rule, the result of an executive order signed by then-President George W. Bush, requires most federal contractors and subcontractors to verify … Continue Reading
On May 12, 2009, the UK Information Commissioner’s Office (ICO) released a much anticipated report authored by the RAND Corporation assessing the strengths and weaknesses of the 1995 EU Data Protection Directive (95/46/EC) (the "Directive), the main source of privacy legislation in Europe. While the report highlighted a number of the Directive’s positive attributes, it … Continue Reading
In a landmark ruling, the European Court of Human Rights (ECHR)—Europe’s highest court to take up cases affecting the privacy rights of EU citizens—ruled that some aspects of the UK’s DNA database violated EU law. Specifically, on December 4, the ECHR issued its decision, S. and Marper v. The United Kingdom (Applications 30562/04, 30566/04), holding … Continue Reading
A German court (Case No. 133 C 5677/08) recently issued a decision that Internet Protocol (IP) addresses stored on a company’s server do not constitute “personal data” under the German data protection law. An IP address is a unique number that every computer connected to the internet is assigned. Under German data protection law (and … Continue Reading
Binding corporate rules (“BCRs”) may now be easier to implement due to much needed guidance issued last month by the European Union’s Article 29 Working Party, the group responsible for the oversight of the EU’s data protection regime. The guidance consists of three documents, which clarify the requirements for establishing BCRs. These documents are: (1) a checklist … Continue Reading
The European Data Protection Supervisor (EDPS) has come out in favor of the EU enacting data security breach notification laws. The EDPS is an independent supervisory authority devoted to protecting personal data and privacy and promoting good data protection practices within the EU, both by monitoring the EU administration’s own data processing, as well as … Continue Reading
In a case of first impression, the Arizona Court of Appeals recently considered the ability of a litigant to determine the identity of an anonymous Internet user. Mobilisa, Inc v. Doe, Case No 1-CA-CV 06-0521, 2007 Ariz. App. LEXIS 225 (Ariz. Ct. App., November 27, 2007). While the Court did not require disclosure of an anonymous Internet … Continue Reading
Last month the French subsidiary of the U.S. based company, Tyco Healthcare, became the first local branch of a U.S. company to be fined for data protection violations. France’s data protection agency, La Commission Nationale de L’informatique et des Libertes (CNIL) levied a fine of 30,000 euro (or about $40,350) against the company after it … Continue Reading
Dubai recently became the first Arab nation to enact a substantial Data Protection Law (DIFC Law No. 1 of 2007) that aims to protect the personal information of its citizens. In a statement announcing the new law, Dubai called the enactment “pioneering in the region” and an examination of the law reveals that the description is rightly … Continue Reading
On January 10, 2007 the Article 29 Data Protection Working Party announced the adoption of a new Model Application for the submission of a company’s Binding Corporate Rules to any European Union Data Protection Authority (DPA). The EU’s approval of the Model Application is long-awaited and a welcome addition to help make Binding Corporate Rules a … Continue Reading
EU Officials (Finally) Agree on New Data Protection Regulation
Delaware Enacts Comprehensive Online Privacy Protection Law
Singapore Issues New Regulations In Advance of Data Protection Law Entering Into Force
By Jeremy M. Mittman on Posted in International
European Union Parliament Makes Progress on Adopting Proposed EU Data Protection Regulation
By Jeremy M. Mittman on Posted in European Union
California Enacts New “Do Not Track” Disclosure Requirement Law for Websites
By Jeremy M. Mittman on Posted in Legislation
FTC Revamps COPPA Rule
By Jeremy M. Mittman on Posted in Children's Online Privacy Protection Act
FCC Approves New Rules Curbing “Robocalls”
By Jeremy M. Mittman on Posted in Direct Marketing
Recent Amendments to Russian Data Protection Law Further Clarify International Data Transfer Rules
By Jeremy M. Mittman on Posted in Data Privacy Laws
New Mexican Data Protection Law is Signed by the President
By Jeremy M. Mittman on Posted in International
Mexico Passes Sweeping New Law on Data Protection
By Jeremy M. Mittman on Posted in International
EU Article 29 Working Party Elevates Israel to Rank of Select Few Countries That Are Deemed to Possess “Adequate” Data Protection Laws
By Jeremy M. Mittman on Posted in European Union
FTC Continues Safe Harbor Enforcement Streak With Six New Proposed Settlements
By Jeremy M. Mittman on Posted in European Union
French Data Protection Authority Releases New Opinion on Compliance with U.S. Discovery Procedures
By Jeremy M. Mittman on Posted in European Union
FTC Enforces US/EU Safe Harbor Program For First Time
By Jeremy M. Mittman on Posted in European Union
E-Verify Litigation Resumes as Homeland Security Decides to Implement Mandatory Use Rule
By Jeremy M. Mittman on Posted in Workplace Privacy
New Report Finds Much Room For Improvement in EU Data Protection Law
By Jeremy M. Mittman on Posted in European Union
EU High Court Strikes Down UK DNA Database on Privacy Grounds
By Jeremy M. Mittman on Posted in European Union
German Court Rules that IP Addresses Are Not Personal Data
By Jeremy M. Mittman on Posted in European Union
EU Publishes New Guidance on Binding Corporate Rules
By Jeremy M. Mittman on Posted in European Union
EU Data Protection Watchdog Supports Data Breach Notification Law
By Jeremy M. Mittman on Posted in European Union
Anonymous in Arizona? Maybe Not.
By Jeremy M. Mittman on Posted in Online Privacy
First Subsidiary of a U.S. Based Multinational Company Fined for Data Protection Violations in France
By Jeremy M. Mittman on Posted in European Union
Dubai Becomes First Arab Nation to Enact Data Protection Law
By Jeremy M. Mittman on Posted in International
EU Working Party Adopts Model Application Form for Binding Corporate Rules
By Jeremy M. Mittman on Posted in European Union