On June 20, 2017, the UK Information Commissioner’s Office published an updated version of its Code of Practice on Subject Access Requests. The updates are primarily in response to three Court of Appeal decisions from earlier this year regarding data controllers’ obligations to respond to subject access requests. The revisions more closely align the ICO’s position with the court’s judgments.… Continue Reading
On May 25, 2017, Oregon Governor Kate Brown signed into law H.B. 2090, which updates Oregon’s Unlawful Trade Practices Act by holding companies liable for making misrepresentations on their websites or in their consumer agreements about how they will use, disclose, collect, maintain, delete or dispose of consumer information.… Continue Reading
On April 6, 2017, New York Attorney General Eric T. Schneiderman announced that privacy compliance company TRUSTe, Inc., agreed to settle allegations that it failed to properly verify that customer websites aimed at children did not run third-party software to track users. According to Attorney General Schneiderman, the enforcement action taken by the NY AG is the first to target a privacy compliance company over children’s privacy.… Continue Reading
On March 17, 2017, the Federal Trade Commission announced that Upromise, Inc., agreed to pay 500,000 dollars to settle allegations that it violated the terms of a 2012 consent order that required Upromise to provide notice to consumers regarding its data collection and use practices, and obtain third-party audits.… Continue Reading
On March 3, 2017, the FTC announced the results of a study about online businesses’ use of proper email authentication technology to prevent phishing attacks. … Continue Reading
On February 6, 2017, the House of Representatives suspended its rules and passed by voice vote H.R 387, the Email Privacy Act. The Email Privacy Act now moves to the Senate, where it will be considered by the Senate Judiciary Committee. … Continue Reading
On January 9, 2017, Representatives Kevin Yoder (R-KS) and Jared Polis (D-CO) reintroduced the Email Privacy Act, which would amend the Electronic Communications Privacy Act to require government entities to obtain a warrant, based on probable cause, before accessing the content of any emails or electronic communications stored with third-party service providers, regardless of how long the communications have been held in electronic storage by such providers.… Continue Reading
On December 20, 2016, the FTC announced that it has agreed to settle charges that Turn Inc., a company that enables commercial brands and ad agencies to target digital advertising to consumers, tracked consumers online even after consumers took steps to opt out of tracking. … Continue Reading
On December 14, 2016, the FTC announced that the operators of the AshleyMadison.com website have settled with the FTC and a coalition of state regulators over charges that the companies deceived consumers and failed to protect users’ personal information.… Continue Reading
Recently, the Cyberspace Administration of China published for public comment a draft of the Regulations on the Online Protection of Minors. The Draft Regulations are open for comment until October 31, 2016.… Continue Reading
On October 27, 2016, the Federal Communications Commission announced the adoption of rules that require broadband Internet Service Providers to take steps to protect consumer privacy. … Continue Reading
On October 14, 2016, California Attorney General Kamala D. Harris announced the release of an online form that will enable consumers to report potential violations of the California Online Privacy Protection Act. … Continue Reading
A recent study from the National Institute of Standards and Technology warns that an overabundance of computer security measures might actually lead users to engage in "risky computing behavior at work and in their personal lives."… Continue Reading
On October 27, 2016, the Federal Communications Commission will vote on whether to finalize proposed rules concerning new privacy restrictions for Internet Service Providers.… Continue Reading
On August 25, 2016, WhatsApp announced in a blog post that the popular mobile messaging platform has updated its Terms of Service and Privacy Policy to permit certain information sharing with Facebook. … Continue Reading
On July 20, 2016, the French Data Protection Authority announced that it issued a formal notice to Microsoft Corporation ordering the company to address several alleged violations of the French Data Protection Act concerning the Windows 10 operating system.… Continue Reading
On June 25, 2016, the Cyberspace Administration of China published its new Administrative Provisions on Internet Information Search Services. These provisions will come into effect on August 1, 2016.… Continue Reading
In a recently published decision, the Belgian Court of Cassation confirmed the broad interpretation given to the "right to be forgotten" by a Belgian Court of Appeal. … Continue Reading
On May 23, 2016, half of the EU Member States sent a letter to the European Commission and the Netherlands (which holds the rotating presidency), seeking the removal of barriers to the free flow of data both within and outside the EU to benefit the EU from new data-driven technologies.… Continue Reading
After four years of drafting and negotiations, the long awaited EU General Data Protection Regulation has been adopted at the EU level. This blog entry highlights key aspects of the Regulation.… Continue Reading
On April 6, 2016, the Federal Trade Commission endorsed the Organization for Economic Cooperation and Development’s updated guidelines on consumer protection in e-commerce. This blog entry provides highlights on the OECD’s new recommendations. … Continue Reading
On March 22, 2016, the Ministry of Commerce of the People’s Republic of China published drafts of its proposed (1) Specifications for Business Services in Mobile E-commerce and (2) Specifications for Business Services in Cross-border E-commerce. Public comments on the drafts will be accepted until May 31, 2016.… Continue Reading
On February 16, 2016, California Attorney General Kamala D. Harris released the California Data Breach Report 2012-2015 which, among other things, provides (1) an overview of businesses’ responsibilities regarding protecting personal information and reporting data breaches and (2) a series of recommendations for businesses and state policy makers to follow to help safeguard personal information. … Continue Reading
On January 13, 2016, the Russian Data Protection Authority (Roscommandzor) released its plan for audits this year to assess compliance with Russia’s data localization law, which became effective on September 1, 2015.… Continue Reading
