Tag Archives: IP address

Representative Stearns Introduces Consumer Privacy Protection Act

Posted on April 15, 2011 by Hunton & Williams LLP

On April 13, 2011, Representative Cliff Stearns (R-FL) introduced the Consumer Privacy Protection Act of 2011 (the “Act”), which seeks to “protect and enhance consumer privacy” both online and offline by imposing certain notice and choice requirements with respect to the collection and use of personal information.

Continue reading…

Tags: , , , , , , ,

German DPAs Still Consider Google Analytics Illegal

Posted on October 5, 2010 by Hunton & Williams LLP

According to a press report dated October 2, 2010, the German state data protection authorities responsible for the private sector (also known as the “Düsseldorfer Kreis”) continue to consider the use of Google Analytics on company websites to be illegal.  The Düsseldorfer Kreis reached this decision at a recent meeting of its Telemedia working group.  The group has indicated that it hopes to continue negotiations with Google.  Dr. Alexander Dix, the Berlin Commissioner for Data Protection and Freedom of Information who was interviewed on this issue, stated that although Google has undertaken some efforts to improve Analytics, that the DPAs do not consider these efforts to be sufficient.  The DPAs have given Google eight weeks to improve the service.  If Google fails to do so, the DPAs will commence enforcement actions against German companies using Google Analytics on their websites.  The DPAs are primarily concerned with the fact that the Google Analytics software illegally transfers users’ IP addresses to the United States.  According to Dix’s statements, such transfers are prohibited without the users’ consent.

In November 2009, the German DPAs issued a resolution which included requirements for website analytics software based on the data protection provisions of the German Telemedia Act. In May 2010, Google released a Google Analytics Opt-out Browser Add-on that allows webmasters to activate an “IP Masking” function to anonymize information collected by tracking mechanisms by removing a portion of IP addresses prior storing them.

Tags: , , , ,

German Court Finds No Right to Immediate Deletion of IP Addresses

Posted on July 13, 2010 by Hunton & Williams LLP

In a recently published decision rendered on June 16, 2010, the Frankfurt am Main Higher Regional Court ruled that an Internet access provider may store IP addresses for seven days, and therefore, customers have no right to demand immediate deletion of their IP addresses.  The Court’s ruling upheld a decision originally rendered by the regional court of Darmstadt.

The claimant had requested that Deutsche Telekom AG delete the dynamic IP address assigned and stored for each Internet session immediately upon disconnection by a user.  Up to that point, the Internet provider had been retaining IP addresses for 80 days after each billing cycle.  In June 2007, the lower court granted the claimant request, imposing a maximum retention period of seven days for IP addresses.  The Internet provider reduced its IP address retention period accordingly, based on an agreement with the German federal data protection authority.

Continue reading…

Tags: , , , ,

Twitter Settles FTC Data Security Charges

Posted on June 24, 2010 by Hunton & Williams LLP

Twitter has agreed to settle Federal Trade Commission charges that it deceived consumers and put their privacy at risk by failing to safeguard their personal information.  The charges stem from alleged lapses in the company’s data security that permitted hackers to access tweets that users had designated as private and to issue phony tweets from the accounts of some users, including then-President-elect Barack Obama.  According to the FTC’s complaint (main document, exhibits), these attacks on Twitter’s system were possible due to a failure to implement reasonable safeguards, including:

  • requiring employees to use hard-to-guess administrative passwords that are not used for other programs, websites or networks;
  • prohibiting employees from storing administrative passwords in plain text within their personal email accounts;
  • suspending or disabling administrative passwords after a reasonable number of unsuccessful login attempts;
  • providing an administrative login webpage that is made known only to authorized persons and is separate from the login page for users;
  • enforcing periodic changes of administrative passwords by, for example, setting them to expire every 90 days;
  • restricting access to administrative controls to employees whose jobs required it; and
  • imposing other reasonable restrictions on administrative access, such as by restricting access to specified IP addresses.

The proposed settlement agreement contains a consent order requiring Twitter to implement data security safeguards and submit to periodic independent security audits.  The FTC’s press release contains more details.

Tags: , , , , ,

The Digital Economy Act 2010: A Step Toward Censorship?

Posted on April 19, 2010 by Hunton & Williams LLP

On April 8, 2010, the Digital Economy Act (the “Act”), containing provisions relating to online copyright infringement, network infrastructure and digital safety, became law in the UK.  The Act’s main provisions include:

  • new duties for the Office of Communications (the UK’s communications regulator), to report every three years on issues such as the UK’s communications infrastructure and Internet domain name registration;
  • additional obligations on Internet Service Providers (“ISPs”) that seek to reduce online copyright infringement;
  • increased penalties for online copyright infringement; and
  • intervention powers with respect to Internet domain registries.

Continue reading…

Tags: , ,

German Federal Constitutional Court Declares Implementation of Data Retention Directive Unconstitutional

Posted on March 2, 2010 by Hunton & Williams LLP

On March 2, 2010, the German Federal Constitutional Court ruled that the mass storage of telephone and Internet data for law enforcement purposes is unlawful in its current form.

Since 2008, the challenged law has required telecom companies to retain data from telephone, email and Internet traffic, as well as mobile phone location data, for six months.  This information may be retrieved for law enforcement and safety purposes.  Constitutional claims were brought before the Court by nearly 35,000 citizens, representing the largest mass claim proceeding in German history. 

Continue reading…

Tags: , , , ,

Hunton & Williams Prepares Study for the European Commission on the Interaction between Data Protection Law and Copyright Enforcement

Posted on February 3, 2010 by Hunton & Williams LLP

On February 3, 2010, Christopher Kuner, a partner in Hunton & Williams’ Brussels office and head of the firm’s EU Privacy Practice, presented to the “Stakeholders’ Dialogue on Illegal Uploading and Downloading,” organized by DG Internal Market and Services of the European Commission.  Mr. Kuner presented a study which the Hunton & Williams Brussels team prepared for the Commission on the interaction of data protection law and copyright enforcement.  The study covers both the legal framework under EU law and the situation in six selected EU Member States (Austria, Belgium, France, Germany, Spain and Sweden).  The relationship between data protection and copyright enforcement was a point of contention in the recent amendment of the EU Directive on Privacy and Electronic Communications. 

Continue reading…

Tags: , , ,

German Data Protection Authorities Issue Resolution on Website Analysis Methods

Posted on January 7, 2010 by Hunton & Williams LLP

In December 2009, the German data protection authorities (“DPAs”) for the private sector published a resolution on data protection compliance for website audience measurement (in German).  The resolution was adopted at the Düsseldorfer Kreis meeting on November 26-27, 2009.

Many website operators analyze users’ surfing behavior for advertising and market research purposes, or to adapt their websites to suit consumer preferences. To create user profiles, website operators often use software or other services that are offered by third party service providers (sometimes free of charge).

Continue reading…

Tags: , ,

French Court of Cassation Rules on Data Protection and Online Copyright Infringement

Posted on February 11, 2009 by Hunton & Williams LLP

In SACEM v. Cyrille Saminadin (Cour de Cassation, chambre criminelle, 13 janvier 2009), the SACEM (a representative body of authors, composers, and music editors) asked one of its agents to carry out an investigation and to collect evidence of copyright infringements on a peer-to-peer network. After selecting a peer-to-peer network, the agent manually typed in the title of a song belonging to one of the rights holders and searched for all available files corresponding to this title. The agent then randomly selected one of these files and saved all the information relating to it (IP address, country of origin, name of the internet service provider, etc.) onto a CD-ROM as evidence for use in filing a complaint. The question raised in this case was whether such activity constitutes data processing requiring the prior authorization of the French Data Protection Authority (CNIL).

Continue reading…

Tags: , ,